Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
For the millions of people who are home with friends and family for the holiday season, it’s also the time of year when many are scrambling to fix spotty home Wi-Fi or have tons of tech-related questions.
Give good safety tips instead this holiday season. This is the ideal time of year when you can gain hands-on experience to help make meaningful changes that strengthen your loved ones’ cybersecurity. That’s not to say that fixing the family printer isn’t worth the time, but sharing a little security tip goes a long way to protecting the people you care about from the most common online threats.
As someone who has handled cyber security for over a decade, I think of it as an investment in something you hope never happens. No one wants to experience the “oh st” moment of realizing you’ve been hacked or your bank accounts or online wallets have been emptied, but many are unaware of their accounts thinking “this could never happen to me”. Yesterday’s passwords may not be enough protection against today’s hacking attempts.
Often times, spending a few minutes with friends and family can be the impetus for them to start cyber security and not be protected.
As for what to offer people, I asked Rachel Tobac, CEO of SocialProof Security, a company that provides security awareness training to help people protect themselves from cyberthreats before they attack; and Caitlin Condon, director of vulnerability intelligence at cybersecurity firm Rapid7, for her top security tips to share with friends and family. Their advice is to focus on the security basics that do the most to keep your online accounts safe.
An important part of passing on effective safety tips is helping your friends and family get started with the apps and security features they need to stay safe. That way, they can learn alongside you and develop these new habits and practices over time.
“Recommending or installing security technologies is often not enough; we need to help our loved ones learn how to use these technologies to build trust and confidence,” Condon said.
Set up a password manager that stores complex and unique passwords
“When we go home for the holidays, our family often asks us about things that aren’t the main thing they need to focus on,” Tobac said. Tobac said it’s not a good idea to advise a family member about cryptocurrency — for example, if they reuse the same password for every online account they have.
The best password is one you never have to remember, and here a password manager can help. Password managers store your login information and can create and store complex and unique passwords, so you never have to remember the same password across different online services. (Using the same password online makes all those accounts more vulnerable to hacking if someone guesses or steals your password.)
There are many password managers to choose from. Your browser may already have one, and iPhones and iPads do too own Passwords program. Bitwarden is also a popular free-to-use password manager it also allows you to access your passwords from your phone.
“It can help to sit down with loved ones, especially if they’re not very tech-savvy, and walk them through creating a master password, installing browser plug-ins, and creating and saving new passwords, starting with financial or healthcare sites. logging in and out of the password manager,” Condon said.
Condon said a common fear is forgetting or losing the master password that locks your password manager from outsiders. Some people choose to write down a copy of their master password and keep it somewhere in their home for safekeeping.
“In my experience, writing down your master password and keeping it somewhere in your home is less risky than reusing easily guessable passwords,” Condon said.
Multi-factor authentication can save the day
Passwords alone are not enough to protect your accounts from hackers. Some of them The biggest hacks of 2024 was possible because corporate giants forgot to implement basic security features like multi-factor authentication (or MFA), which allows hackers to log in with just a stolen password.
Having a second layer of security on your online accounts, such as MFA (also known as two-factor), makes it even more difficult for anyone with just your password to access your account. MFA works by sending an additional second code via text message to the device you own, or prompting you to generate a code in the authenticator app.
“Help them enable multi-factor authentication, whether it’s a code or a text message, especially for key accounts — like your email account — that’s the key to all your other accounts,” Tobac said.
Tobac also recommended blocking your phone provider’s MFA account because — like your email account — anyone with access to your phone number can access any associated online account if you forget your password. That’s why some people prefer to use the device’s built-in authenticator app instead of sending a text message to their phone.
There are many authenticator programs; is a popular choice Duo Mobilea simple app that quickly generates second factor codes, with an additional cloud backup in case you lose access to your phone.
Remember, any MFA is better than none.
Be “politely paranoid” on the phone
“Another thing I see people struggle with on a regular basis is the barrage of spam texts, calls, emails and notifications designed to social engineer users to visit malicious websites or provide access and personal information,” Condon said.
Often times, letting a call go to voicemail can be an effective way to avoid scams and fraud. Even with caller ID, phone calls are inherently difficult to ascertain whoever you are talking to is legit.
Offers tobacco being “politely paranoid”, a way to verify who people and companies are by contacting them back using a different communication method before handing over potentially damaging information, such as a credit card number or password. Tobac explained that if you get a call from your bank to say there are strange charges on your account, you can politely hang up and call back using the official number on your bank card.
The same goes for anyone who calls you and may ask for information, but you can’t be sure who it is. You can check the organization’s website, app, or secure message box to verify yourself before taking any action.
Bookmarking those common websites in the browser for easy access can help your loved ones check any suspicious calls within seconds.
“Help loved ones bookmark official login pages they can safely visit to check secure messages or account transactions when they’re worried something might be wrong,” Condon. “Show them how to get to those sites through pinned bookmarks or browser shortcuts.”
A password manager, multi-factor authentication, and being “politely paranoid” on the phone are the simplest but most effective deterrents for malicious hackers. Making sure the cybersecurity basics are in place (and your loved ones understand their importance), Tobac said, is a great place to start with friends and family.
“It’s the best gift you can give them,” Tobacco said. “The gift of not being hacked.”
