It’s time to have ‘the talk’ with your parents - the security talk, that is.

2017 was, undoubtedly, the worst year for cyberattacks of all time; and it’s safe to assume that cybersecurity will get brought up at family get-togethers throughout 2018. With half of the American population affected by Equifax's breach and all 3 billion Yahoo user accounts breached, security is fresh on everyone’s minds.

Being the tech wiz that you are, your ‘family time’ likely doubles as a free visit from their favorite tech support - and this year will be no different. Uncle Joe will probably bring up the Uber breach coverup (and use it to comment about ‘kids these days’), and Grandma will likely ask you about her Yahoo account (that she’s still using).

Take this opportune moment to provide security tips to all of your family members. Explaining cybersecurity to relatives who grew up in an age without computers can be difficult, so be sure to explain it in a way they’ll understand.

Here are some tips for talking about cybersecurity with your family:

The Front Door Analogy

Security advice has a tendency to go in one ear and out the other. For many people, they choose convenience over security because they don’t believe they are being targeted or that it will ever happen to them.

Explaining to your family that they are not as safe as they think they are is a good start for this conversation. After all, the root of most attacks is simply people not being careful enough.

A great way to make the intangible idea of online security more realistic is the ‘Front Door Analogy’:

“People don’t necessarily live in fear of robbers coming to their homes every time they leave home; yet, the majority of people lock their doors and close their windows as a precaution. Many people also get a guard dog or install a security system as an additional means of protection. Yet many people leave their online ‘front door’ wide open for thieves to waltz right in and out of. Good cybersecurity practices like strong passwords are like locking your front door.”

Using this analogy might help family members to better understand the reason good security habits are so crucial.

The Terminology

While this may seem like your chance to show off your knowledge of cybersecurity, if you launch into the conversation with words like ‘ransomware, encryption, and two-factor authentication’ without explaining them, you’re likely to lose them quickly. Explaining these concepts to them in terms they will understand is important for this conversation to be successful.

Here are a few important terms to start them off with:

Passwords

It’s a pain to have to remember different passwords for bank accounts, email, Facebook, and every other online service - but it’s a must. Explain to them that if their facebook account is hacked and they use that same password for the online banking account that contains their entire life savings, they just gave away the ‘keys to the safe’.

Using unique complex passwords for each service is the best first-line of digital defense. Making these passwords can be cumbersome. We recommend using phrases instead. Ex: My favorite food is pasta!  This represents an easy to remember, but mathematically complex password.

Explain that there are also highly useful services called password managers that will keep all their passwords in one place. With password managers, you just have to remember one password for the manager. The managers sync across your browsers and devices, and you simply log into that service. They can even generate complex passwords for you.

Phishing

You’ll probably have to start by explaining to Grandpa that this is ‘phishing’ with a -ph, not ‘fishing’ like his favorite past-time. Explain to them that phishing is when someone pretends to be someone else in order to steal information such as a credit card number, password or anything else that could be used in another attack. These attacks often come via an email containing a link that takes you to a website designed to deceive you into thinking it’s the real deal. Verizon’s data breach investigations report says 91 percent of data breaches happen this way. It’s also the most common way to get hit with viruses.

Here's three ways to spot a phishing email:

  • Grammar: Bad grammar is a tell-tale sign of an online scam.
  • Check the source: The address the email came from is often a thinly veiled disguise (coming from facebookk.com instead of facebook.com, for example).
  • Weird links: You can hover your mouse over links and pictures to see where they'll lead you. If an email claiming to be from Netflix is actually going to a suspicious website, that's a good sign it's a scam.

Let your family know that being vigilant online and avoiding falling victim to phishing scams now can help avoid a stolen credit card number down the line.

Ransomware

This is a type of attack that locks up your important files and sometimes your entire computer, unless you pay the ransom. Regularly backing up your files can help you avoid losing important information to hackers if you ever are the victim of ransomware.

Patching

We know, software updates are annoying - but they’re important. Most of the time these updates come with patches to fix security flaws that were recently discovered.

A tenth of Americans say they never update their devices, giving hackers an open invitation to attack. Two of the largest hacks of 2017 could have been prevented by patching. The Equifax breach happened because the company ignored a 2-month-old warning, while the WannaCry ransomware spread on computers without security updates.

HTTPS and SSL:

If you see a green lock next to the URL on a website that means you’re on an HTTPS page, which stands for Hypertext Transfer Protocol Secure. This means you’re on a website that has a Secure Sockets Layer (SSL), which means there is a certificate to prove the website is secure. All of the sites most people use everyday are HTTPS pages, so if you navigate to a page that does not have the green lock that should be a big warning sign.

Two-Factor Authentication

Similar to swiping a debit card and then entering a pin, this is an extra layer of security for online logins. The most common version is a code texted to your phone after entering your password. This makes it tougher for hackers to gain access to your accounts. Many websites now offer this service. Check the site’s security settings to find out if it’s offered and how to set it up.

While talking about technology with people who grew up without computers and smartphones can be a pain, sharing this valuable information can help prevent your parents from falling victim to cybercrime. Plus, look at it this way, this talk is much less awkward and uncomfortable than 'the talk' your parents had to give you.


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.