8 Security Tips to Gift Your Loved Ones For the Holidays
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blte0d99e74d69b964f/64f0d49843af54e514a1bd76/Slide1CoverArt.jpg?width=700&auto=webp&quality=80&disable=upscale)
OK, so you're sitting around the fireplace, eggnog in hand, the family's about to open presents, and your brother-in-law wants to know whether he really needs to do the security updates for his Microsoft apps.
Don't get angry – just ask him a few simple questions: Do you brush your teeth in the morning? Does your car need an oil change every 3,000 miles? Are there 24 hours in a day? With any luck he'll get your point.
Kelvin Coleman, the new executive director at the National Cyber Security Alliance, says society needs a change in security mindset.
"We need to change the culture so we get to the point that being smarter with passwords and doing the updates on computer applications are just things that people do naturally," Coleman says. "Everyone agrees that seat belts save lives and keep people safe. There's no difference with computers. It's like making sure the door on your house is locked before you leave for the day."
That's advice no one at your holiday gathering can dispute. And there's more for you to helpfully pass along, courtesy of Coleman, along with Patrick Sullivan, director of security strategy for Akamai, and John Pironti, president of IP Architects and an ISACA member. Their practical tips will provide a safe cyber experience for everyone over the holidays – and all year, too.
For those traveling over the holidays, tell them to limit their activities on public Wi-Fi spots at airports, coffee shops, and restaurants, according to NCSA's Coleman. If they need directions to a friend's house or to look up movie times, that's fine, but it's best not to click on banking or credit card sites. As a general rule, frequent travelers should get a VPN for the devices they use to access public Wi-Fi, which, they should know, are less secure than home and corporate Wi-Fi networks.
That's especially true when it comes to email and texts. Email has become the No. 1 threat vector, NCSA's Coleman says, so tell those around you this general rule: If it looks suspicious, it probably is. Warn them not to let their curiosity get the best of them, he adds. Especially around the holidays, threat actors will try to lure would-be victims with deals and offers. Let them know not to click unless they're offered a promotion code or they've checked the site for an https:// URL.
Tell others to read reviews on security products that they're interested in buying, NCSA's Coleman advises. They'll want to find out how easy or hard it was to install and whether the reviewer's computer was kept safe. Also, see why one product was chosen over another.
Where can they start? A good place to recommend for the latest security suite reviews is Consumer Reports. Another place they can check out is Amazon's top sellers in the security suite category.
You'll want to make sure your fellow party-goers are aware that gift cards are open to attack, especially around the holidays, Akamai's Sullivan says. On the physical side, threat actors can go into stores where gift cards hang on the racks and take photos or write down the card numbers. On the digital front, retailers will let people check the balances on their cards, so fraudsters who run credential stuffing operations can gain access to their balances and wipe them out. Some solid advice to offer: Check your cards to make sure they haven't been tampered with, and then check your balances frequently to make sure the right amounts are there, Sullivan says. If something seems amiss, contact the retailer's fraud department.
IP Architects' Pironti says he always tells people that credit cards are protected in the US under the Fair Credit Billing Act. Enacted in 1974, the act states that credit card holders are only liable for the first $50 of fraudulent activity on a card. However, the same doesn't hold true for debit cards; individual banks set those limits. Pironti suggests telling people to have their bank cards turned into ATM-only cards. So if a fraudster skims bank card information off an ATM card, for example, he won't be able to use it on an e-commerce website.
Impress upon your family and friends the importance of password managers, such as 1Password and Dashlane, IP Architects' Pironti says. While critics might say password managers are hackable, Pironti says they are still better than storing passwords in a folder or having them written on Post-its stuck to your desk. If your loved ones don't want to use a password manager, then suggest they use stronger passwords. The best approach: Use a common phrase and a trigger for what the site is, whether it's a financial account or a retail site.
Advise your family and friends to use the best two-factor authentication available, IP Architects' Pironti advises. He suggests apps including Google Authenticator, Microsoft Authenticator, or Duo to start. Short of that, tell them to use an SMS text password if that's available, or as the last line of defense, use a secret question. Here's a good tip to share from Pironti: On secret questions, you don't have to tell the site your actual birthday or the name of your pet. Just provide a date or name that you will remember and can use to authenticate the site. Pretty sneaky, huh?
Advise your family and friends to use the best two-factor authentication available, IP Architects' Pironti advises. He suggests apps including Google Authenticator, Microsoft Authenticator, or Duo to start. Short of that, tell them to use an SMS text password if that's available, or as the last line of defense, use a secret question. Here's a good tip to share from Pironti: On secret questions, you don't have to tell the site your actual birthday or the name of your pet. Just provide a date or name that you will remember and can use to authenticate the site. Pretty sneaky, huh?
OK, so you're sitting around the fireplace, eggnog in hand, the family's about to open presents, and your brother-in-law wants to know whether he really needs to do the security updates for his Microsoft apps.
Don't get angry – just ask him a few simple questions: Do you brush your teeth in the morning? Does your car need an oil change every 3,000 miles? Are there 24 hours in a day? With any luck he'll get your point.
Kelvin Coleman, the new executive director at the National Cyber Security Alliance, says society needs a change in security mindset.
"We need to change the culture so we get to the point that being smarter with passwords and doing the updates on computer applications are just things that people do naturally," Coleman says. "Everyone agrees that seat belts save lives and keep people safe. There's no difference with computers. It's like making sure the door on your house is locked before you leave for the day."
That's advice no one at your holiday gathering can dispute. And there's more for you to helpfully pass along, courtesy of Coleman, along with Patrick Sullivan, director of security strategy for Akamai, and John Pironti, president of IP Architects and an ISACA member. Their practical tips will provide a safe cyber experience for everyone over the holidays – and all year, too.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024