How to make the holiday online security talk with family & friends easier than last year.

teaching seniors computer

TechViews News   …..

The holidays are a time for family to gather together at the dinner table. If you have morphed into the family go-to tech person, you know this is a time you’ll get hit with a lot of security questions.

Given the cornucopia of high-profile hacks over the last year, you can bet that a relative will bring up cybersecurity over turkey and gravy. With half of the American population affected by Equifax’s breach, security will be fresh on people’s minds.

Of course there will always be those who feel a security breach will never happen to them, or that they’re not a corporation so they don’t need to worry, or that they already “know everything about everything”. And that’s OK, you can’t help them anyway.

Don’t look at this as a chore. Instead, take these gatherings as an opportunity to provide the best security tips to all your family members in one fell swoop. Consider it an investment: Teach them to avoid phishing emails now and you won’t have to deal with a stolen credit card six months down the line.

Of course, be sure to explain it in a way they’ll understand. Some of my friends have had a hard time understanding the importance of practicing personal online security. They always say it’s something they’ll get to later, or that they learn better on their own time (which never happens). Something as easy as regular backups to protect against lost data flies totally in one ear and out the other. Being the family/friends tech support can be really frustrating sometimes.

Here are some tips for talking about cybersecurity with your family and friends, and best wishes for a hack-free holiday season.

The lingo

Don’t jump into the conversation immediately blabbering about ransomware and different types of encryption. There’s plenty of jargon and terminology in cybersecurity, but we’ll boil it down to terms the average person would need to know to keep safe.

Phishing: This is when someone pretends to be somebody else in an attempt to steal information, whether it’s a credit card number, login password or any data that can be used in an attack. Phishing attacks often come in the form of email that contains a link taking you to a website designed to trick you. They’re responsible for 91 percent of data breaches, and they’re also the most common way people get hit with viruses, according to a recent Verizon Data Breach Investigations Report.

The easiest way to avoid getting phished is simply to not click on any links in emails. If an email coming from Netflix says your account is getting canceled, just go directly to Netflix’s website to check it out — don’t do it from the link in the email. It’s an extra step, but it’ll save you from any risks of losing personal information.

There are three main tips:

  • Grammar: Bad grammar is a tell-tale sign of an online scam.
  • Check the source: The address the email came from is often a thinly veiled disguise (coming from instead of, for example).
  • Weird links: You can hover your mouse over links and pictures to see where they’ll lead you. If an email claiming to be from Netflix is actually going to a suspicious website, that’s a good sign it’s a scam.

Password managers: It’s a pain to have to remember different passwords for Facebook, Gmail, your bank accounts and every other service you use — but it’s also a must, according to security experts. Fortunately, there are services out there that will keep all your passwords in one place.

With password managers, you just have to remember one password for the manager. You log into that service and it can even generate complex passwords for you. The managers sync across your browsers and devices, bringing both security and convenience. Think of it as a digital key chain that only you can access.

HTTPS and SSL: Every time you go on a website, you should check to see if there’s a green lock icon next to the URL. That symbol shows you’re on a page protected by HTTPS, which stands for Hypertext Transfer Protocol Secure.

The green lock tells you the website has Secure Sockets Layer (SSL) enabled, meaning there’s a certificate to prove that the website is secure and that your sensitive information can’t be stolen or spied on. Think of it as a virtual seal of approval that your secrets are safe.

Luckily, more than half of the web uses HTTPS, so if you’re on an insecure website, it should definitely set off red flags. Sometimes going on a nonsecure site can’t be avoided (CNN’s website, for example, is not HTTPS). You should be careful about entering sensitive information on public Wi-Fi if you have to go on non-HTTPS pages.

Ransomware: This is a type of virus that locks up your important files and sometimes your entire computer, unless you pay the ransom.

It’s become a popular hack because of how lucrative it can be, and it can spread through computer networks or a downloaded email attachment.

You should back up your files regularly in case you ever get hit with ransomware. Routinely backing up your files (whether on an external hard drive or somewhere online) is generally a good practice.

Patching: Companies like Microsoft and Apple aren’t sending frequent updates just to annoy you. Most of the time these updates come with patches to fix security flaws that were recently discovered.

A tenth of Americans say they never update their devices, giving hackers an open invitation to attack. Two of the largest hacks of 2017 could have been prevented by patching. The Equifax breach happened because the company ignored a 2-month-old warning, while the WannaCry ransomware spread on computers without security updates.

Yeah, they’re annoying. But suck it up and update your devices.

Two-factor authentication: It’s an extra layer of security on top of your password. Think of it like needing two keys to unlock your door, so if one gets stolen, you’re still relatively safe.

It’s around you everywhere you go already: swiping your debit card and then entering your PIN code, or writing a check and showing a driver’s license with it. The factors are often a combination of something you know (a password, a PIN, answers to a question) with something you have (a thumbprint, a card, a phone).

The most common version of two-factor authentication is a code texted to your phone after you enter your password. The extra layer helps prevent hackers from accessing your accounts with just a password. You can enable it on multiple websites, like Google, Facebook, Twitter, Instagram and Amazon. Check the site’s security settings to turn on two-factor authentication, if it’s offered.

Like locking your front door

Security advice can often go in one ear and out the other. Many people choose convenience over security, believing these attacks would never happen to them.

Explain to your family members that they’re not as safe as they think they are. The root of most attacks is people not being careful enough. They might know somebody who was hit by an email scam or ransomware, but they’re not necessarily concerned about it themselves.

“People don’t know the consequences of what’s the worst possible scenario,” said Amanda Rousseau, a malware researcher at security company Endgame. “Your best bet for trying to get them motivated is to show statistics.”

A lot of people aren’t worried about cyberattacks because they don’t think they’re being targeted. But they should look at their devices the same way they look at their homes. People don’t necessarily live in fear of robbers coming to their homes, but they lock their doors, close their windows or make sure there’s some kind of security in place.

And statistically, you’re more likely to be robbed online than you are in person. Any kind of security is better than none at all.

Good luck, and hopefully you won’t have to explain this again next Thanksgiving.

Be Safe – Backup Your Data Regularly!


And don’t forget to take advantage of our FREE subscription to the Newsletter. A must-read if you are interested in Internet Security.