As IT professionals, we live and breathe technology, but many of our friends and relatives don’t. In fact, some find even basic digital tasks overwhelming. I’m constantly being asked for technical advice.As if I have the magic formula that will make their iPhone or Windows 11 laptop somehow less challenging for them. A lot of those challenges seem revolve around keeping themselves safe.Phishing emails they keep clicking on wondering why it’s not working, or their concerns about “being hacked”.
The good news? A few simple habits can make a huge difference in keeping them safe and secure online. Now, as an IT professional, some of these suggests are not industry standard and there are certainly more secure options.These suggestions are aimed to be a compromise between security and simplicity.
Here’s how we can help, without overwhelming them.
Strong passwords made simple (and why a password manager helps)
Passwords are the first line of defence, but most people still use things like “12345” or “password.” While we find this horrifying, the less technical among us have no idea how easy it is for hackers can guess these. Instead, suggest passphrases, or simple sentences like “BlueDogRunsFast!” These are easier to remember and harder to crack.
Better yet, recommend a password manager. Password managers can both recommend secure, unique password for every site they visit, and auto log them in. If they’re scared to learn new apps, start with the built-in password manager in their browser.All major browsers like Chrome, Edge, and Safari have them. It’s easy, safe, and removes the temptation to reuse the same password everywhere.
Now I know in a past blog post I wrote about why browser-based password managers aren’t safe.Remember, it’s about compromise.It’s much safer to use a browser-basedr based password manager than nothing.
Turn on multi-factor authentication (MFA)
MFA is a common complaint I hear about. “It’s annoying” and “I don’t understand why I need to do that” are what I hear most often. Explain that MFA is like having second lock on the door. Even if someone steals or guesses your password, they can’t get in. That extra code can be the difference between having your bank account information stolen or not. Show them how to enable MFA on their most critical applications like email and banking apps.It usually takes just a few taps. Emphasize that it’s quick and adds a huge layer of protection.
Again, this is where compromise is key.Many security professionals don’t consider SMS based MFA to be the most secure option, but for our non-technical friends, this is the easiest option.No need to download and learn another app.Again, think compromise.Better to have any form of MFA than none.
Spotting phishing scams
A buddy of mine showed me an email on his phone: “I keep clicking this link, but nothing happens.” My heart dropped. I pictured him launching malware, again and again.
Phishing scams look legit and are everywhere. Teach your friends to check the sender’s email address for weird spellings or odd domains. Watch out for messages screaming “Act Now!”. Real companies don’t talk like that. And if anything seems fishy, have them call the company using a known phone number, or visit the website directly. Never trust a random link.
I’ll be sharing more tips on spotting phishing scams soon. In an upcoming post. I'll be sharing how to identify common phishing scams.
No, you weren’t hacked... or were you?
An older friend once came to me, worried he’d been hacked. Someone made an social media account using his photos and info. He thought that meant he’d been hacked. I had to explain someone using your public info to make a fake profile isn’t the same as being hacked.
It’s hard to tell what’s real online these days. If you spot an online account claiming to be you, don’t panic. Just report it and then check look into tightening your privacy settings.
My advice: if something feels off, trust your gut. Don’t interact until you’ve double-checked with the real person.
If it seems too good to be true, it probably is.
Years ago, my youngest son came to me scared and crying. He had been playing an online game when someone had approached him saying he had a “hack” that could get him a lot of online money. My son knew better, but he was young and FOMO kicked in. So, he gave the person his password and almost instantly he was locked out of the game.We were able to quickly get access restored, but the damage had been done.Everything he had built and earned was gone.
Not every email or pop up is safe or real.Advise your friends to stick to official app stores and trusted websites. Warn them about pop-ups promising free prizes or “speed boosters”, these often hide malware.
A simple rule: if it looks too good to be true, it probably is.
Social media privacy basics
Oversharing can lead to identity theft. Occasionally, you’ll see friends sharing “let’s get to know each other” posts.These often have a long list of personal questions: first car owned, first job, etc…This is why challenge questions are no longer secure.We’ve all shared this information, either directly in a post like this or in our social media pages.
Here are a few tips to help improve their online privacy:
Help them set their social media profiles to Friends Only.
Advise them to avoid posting personal details like home address or vacation plans.
Walk them through privacy settings on Facebook, Instagram, and other platforms.
Explain why sharing too much information online is a bad thing
These things only take a few minutes but can makes a big difference.
Final thoughts
Helping your non-technical friends and family stay safe online doesn’t have to be hard.It also doesn’t require a deep dive into cybersecurity. Small, easy steps and some common sense can make a big impact. By guiding them through the basics, you can empower them to enjoy the digital world without fear.
As certified IT security experts, we can help you fortify your defences, uphold regulatory compliance, improve your company's security posture and proactively maintain your servers and networks to protect you from evolving cyber risks.
Alex Weeks
