For millions of people at home with friends and family over the Christmas season, it's a time when many are busy fixing patchy Wi-Fi in their homes or facing a barrage of technology questions. It's also a time to do things.
Instead, give them the gift of sound security advice this holiday season. This is the perfect time to actually make meaningful changes that will strengthen your loved one's cybersecurity. That's not to say it's not worth your time to fix your family's printer, but sharing a little security advice can go a long way in protecting your loved ones from the most common online threats.
As someone who has covered hacks and breaches for over a decade, I view cybersecurity as an investment in something you hope will never happen. No one wants to go through that “oh my god'' moment when they realize they've been hacked or their bank account or online wallet has been depleted, but many people do not know when their account has been hacked. Without realizing that it's happening, we default to the mindset that “it won't happen to me.” Old passwords may not be enough protection against today's hacking attacks.
Often, spending a few minutes with friends and family can be the trigger you need to get started with cybersecurity and stay protected.
I asked Rachel Tobac, CEO of SocialProof Security, what she has to offer you. SocialProof Security is a security awareness training company that helps people protect themselves from cyber threats before they hit. Caitlin Condon, Director of Vulnerability Intelligence at cybersecurity company Rapid7, shares important security advice to share with friends and family. Their recommendation is to focus on the most effective security basics to keep your online accounts safe.
An important part of communicating effective security advice is helping your friends and family get started using the apps and security features they need to stay safe. This way, they can learn along with you and build new habits and practices over time.
“Simply recommending or installing security technologies is often not enough. We need to help our loved ones learn how to use these technologies to build confidence and trust.” Mr. Condon said.
Set up a password manager to store complex and unique passwords
“When we go home for the holidays, our families often ask us about things that aren't really what they should be focusing on most,” Toback said. Toback said it doesn't make sense for family members to give advice about cryptocurrencies if, for example, they reuse the same password for every online account they own.
The best passwords are the ones you never have to remember, and that's where password managers come in handy. Password managers save login details and can even generate and store complex, unique passwords so you don't have to remember the same passwords for different online services. (Using the same password all over the Internet makes all of your accounts vulnerable to hacking if someone guesses or steals your password.)
There are many password managers to choose from. Your browser may already have a passwords app, and iPhones and iPads have their own passwords apps. Bitwarden is also a popular password manager that is free to use and allows you to access your passwords from your mobile phone.
“Sit down with your loved ones, especially those who are less tech-savvy, and walk them through setting a master password, installing browser plugins, and generating and saving new passwords, starting with financial and healthcare sites. and logging in and out of your password manager,” Condon said.
Condon said a common fear is forgetting or losing the master password that locks your password manager from outsiders. Some people choose to write down a copy of their master password and keep it somewhere in their home.
“In my experience, it's much less risky to have your master password written down and stored somewhere in your home than to reuse passwords that are easy to guess,” Condon says.
Multi-factor authentication can save the day
Passwords alone are not enough to protect your account from intruders. Some of the biggest hacks of 2024 were made possible because major companies forgot to implement basic security features like multi-factor authentication (MFA), allowing hackers to gain entry using only stolen passwords. Ta.
Introducing a second layer of security, such as MFA (also known as two-factor), to your online accounts makes it much more difficult for someone who only has your password to access your account. MFA works by texting an additional second code to your device, or by asking you to generate one with an authenticator app.
“Help us enable multi-factor authentication, whether it's a code or a text message, especially for important accounts that are the key to the castle for all other accounts, such as email address accounts.” Toback says Mr.
Tobac also recommended locking your phone provider account with MFA. This is because, similar to your email account, anyone with access to your phone number can access your linked online accounts in case you forget your password. This is why some people prefer to use an authenticator app generated on their device instead of sending a text message to their phone (which can be intercepted).
There are many authentication apps. A popular choice is Duo Mobile. It's a simple app that generates two-factor codes on the fly, with optional cloud backup in case you lose access to your phone.
Remember, MFA is better than none.
Being “polite and paranoid” on the phone
“Another thing people struggle with on a regular basis is spam texts, phone calls that are designed to trick users into visiting malicious websites or divulging login information or personal data through social engineering. , emails, and notifications,” Condon said.
Switching calls to voicemail is often an effective way to avoid scams and scams. Even if you know the caller ID, the inherent nature of telephone calls makes it difficult to know for sure who the person you're talking to is.
Tobac suggests being “polite and paranoid.” This is a way for a person or business to verify their identity by contacting you back using another method of communication before handing out potentially harmful information, such as credit card numbers or passwords. be. If you get a call from your bank saying there's a strange charge on your account, Toback says, politely hang up and call back using the official number on your bank card. did.
The same goes for people who call you and you don't know who they are, although they may be asking for information. You can verify for yourself by checking out your organization's website, app, or secure message inbox before taking action.
Bookmark these popular websites in your browser for easy access so your relatives can check for suspicious calls in seconds.
“Help your loved ones bookmark the official login page they can safely access to check secure messages and account transactions when you're worried something might be wrong,” Condon said. he says. “How can I navigate to those sites using pinned bookmarks or browser shortcuts?”
Password managers, multi-factor authentication, and being “polite and paranoid” on the phone are some of the simplest yet most effective obstacles for malicious hackers. Toback said making sure you have a cybersecurity foundation in place (and that your loved ones understand its importance) is a great place to start with friends and family.
“That's the best gift you can give them,” Toback said. “The gift of not being hacked.”