Cybersecurity Advice for the Holidays - Stay Safe Online

Protecting Loved Ones This Holiday Season: A Guide to Cybersecurity

With millions gathering with family and friends during the holidays, many find themselves tasked with troubleshooting household tech issues, including unreliable Wi-Fi. This year, consider offering a different kind of gift: the gift of robust security advice.

The Value of Proactive Cybersecurity

The holiday season presents an opportune moment to proactively enhance the cybersecurity of those you care about. While assisting with devices like printers is helpful, sharing essential security practices can significantly protect against prevalent online threats.

Having covered data breaches and hacking incidents for over a decade, I view cybersecurity as a preventative measure – an investment against an undesirable event. Many assume they are immune to cyberattacks, failing to recognize that outdated passwords may no longer provide adequate protection.

A brief conversation can often motivate friends and family to prioritize cybersecurity and maintain ongoing protection.

Expert Recommendations for Security Basics

To gather the most impactful advice, I consulted Rachel Tobac, CEO of SocialProof Security, a firm specializing in security awareness training, and Caitlin Condon, Vulnerability Intelligence Director at Rapid7. Both experts emphasized the importance of focusing on fundamental security measures.

These basics are the most effective in safeguarding online accounts.

Facilitating Adoption of Security Tools

Simply recommending security tools isn't enough. It’s crucial to assist loved ones in setting up and learning to use these tools effectively. This fosters confidence and encourages the development of secure habits over time.

As Condon points out, “Merely recommending or installing security technologies is insufficient; we must empower loved ones to utilize these technologies and build trust in their functionality.”

Key Takeaways

• Prioritize security advice alongside tech support this holiday season.
• Focus on fundamental cybersecurity practices.
• Help family and friends implement and understand security tools.
• Remember that proactive measures are an investment in preventing future issues.

Employ a password manager to safeguard intricate and distinct passwords

During holiday gatherings, family members often request assistance with matters that aren't their most pressing security concerns, according to Tobac. Providing guidance on investments like cryptocurrency is ineffective if an individual consistently utilizes the identical password for all their online accounts, Tobac explained.

An ideal password is one that doesn't require memorization, and a password manager facilitates this. These tools securely store your login credentials and can automatically create and retain strong, unique passwords for each of your online services. (Reusing passwords across multiple platforms significantly increases the risk of compromise if a password is discovered or stolen.)

Numerous password manager options are available. Many web browsers include built-in functionality, and Apple devices offer the Passwords app. Bitwarden is a well-regarded, cost-free password manager that also provides cross-platform access to your stored passwords.

Condon suggests proactively assisting less technologically inclined family members. This can involve guiding them through the process of establishing a strong master password, installing browser extensions, generating and saving new passwords – prioritizing financial and healthcare websites – and practicing logging in and out of the password manager.

A frequent concern revolves around the potential loss or forgetting of the master password, which protects access to the password manager, Condon noted. Some individuals choose to create a physical backup of their master password, storing it securely within their home.

“From my perspective, the risk associated with writing down a master password and storing it at home is considerably lower than the danger of repeatedly using easily predictable passwords,” Condon stated.

Safeguarding Your Accounts with Multi-Factor Authentication

Relying solely on passwords is insufficient for robust account protection against unauthorized access. Several significant data breaches in 2024 occurred due to the oversight of fundamental security measures, such as multi-factor authentication (MFA). This lapse allowed malicious actors to gain entry simply with compromised passwords.

Adding a supplementary security layer, like MFA – also referred to as two-factor authentication – substantially increases the difficulty for individuals attempting to access your accounts using only your password. MFA functions by delivering a unique, secondary code via text message to a registered device or by requesting code generation through an authenticator application.

The Importance of Enabling MFA

“Assist others in activating multi-factor authentication, utilizing methods like a generated code or a text message, particularly for critical accounts—most notably, your email address,” emphasized Tobac. “Your email account serves as the primary gateway to all your other online accounts.”

Securing your mobile carrier account with MFA is also highly recommended. Similar to email, access to your phone number could grant unauthorized access to any online accounts linked to it, especially in password recovery scenarios. This is a key reason why utilizing an authenticator app on a dedicated device is often favored over SMS-based codes, which are potentially vulnerable to interception.

Choosing an Authenticator App

Numerous authenticator applications are available. Duo Mobile is a widely used option, offering on-demand second-factor code generation and an optional cloud backup feature for safeguarding against phone loss.

• Duo Mobile provides a convenient and secure method for MFA.
• Cloud backup ensures access to your MFA even if you lose your device.

It’s crucial to understand that implementing any form of MFA is a significant improvement over relying on passwords alone.

Prioritizing the activation of multi-factor authentication across all your online accounts is a proactive step towards enhancing your digital security.

Maintaining Phone Security: A Proactive Approach

According to security expert Condon, a common challenge individuals face is the increasing volume of spam communications – texts, calls, emails, and notifications – crafted to manipulate users into visiting compromised websites or divulging sensitive credentials and personal details.

A practical strategy for mitigating scams and potential fraud is often simply allowing unknown calls to proceed to voicemail. Even with caller ID technology, verifying the legitimacy of a caller over the phone remains inherently difficult.

Tobac advocates for adopting a mindset of being “politely paranoid.” This involves independently verifying the identity of individuals and organizations before disclosing any information that could be exploited, such as credit card details or passwords.

For example, if you receive a call claiming to be from your bank regarding suspicious activity, it’s advisable to terminate the call and contact the bank directly using the official number printed on your debit or credit card.

This principle applies to any unsolicited call requesting personal information. Prior to responding, investigate the organization through its official website, mobile application, or secure messaging platform to confirm its authenticity.

Pre-saving links to frequently used websites within your browser can significantly expedite the verification process for family members when encountering potentially fraudulent calls.

Condon emphasizes the importance of assisting family members by bookmarking official login pages. This allows them to quickly and safely access secure messages or account information when they suspect something is wrong. Demonstrate how to reach these sites using browser bookmarks or shortcuts.

Employing a password manager, enabling multi-factor authentication, and practicing “polite paranoia” during phone conversations represent some of the most straightforward, yet highly effective, defenses against malicious hacking attempts.

Tobac suggests that reinforcing these fundamental cybersecurity practices – and ensuring loved ones understand their significance – is an excellent starting point for protecting friends and family.

“Providing this knowledge is truly the greatest present you can offer,” Tobac stated. “It’s the gift of preventing a security breach.”