As someone who pretends to know tech, it can be a hair-pulling experience watching the blatant disregard people you care about have for privacy & security online. Unsecured Wi-Fi named Sturbucks
? seems legit 🤦♀️. They might not know the dangers all around and need someone to watch out for them.
You want to help them be more secure, but it’s easy to come at it wrong. Online privacy and security is a deep rabbit hole, and you can quickly drop people in over their head. If the task becomes daunting, or your approach makes them defensive, they likely won’t bother. Instead of hammering them with information and tasks, follow the Pareto Principle
(80/20 rule): start with the simple actions which have a large effect on reducing their vulnerability. In under an hour, you can work through these 4 steps and stop your friends & family from being the low-hanging fruit baddies love.
Small changes, Big Rewards 🔗︎
- (< 15 mins) Teach them to stop using the same
Password1
everywhere. Make it take longer than a second
for malicious people to cause trouble. If they aren’t comfortable using a password manager, don’t berate them. Using a password notebook or formula
is just as good. It’s not about having a perfect tool, it’s about having one that works better than not having one
. The number of people able to access a notebook in their room is a lot smaller than those who can crack accounts with crap passwords. Password managers aren’t for everyone
, so think about their circumstances and tech literacy before assuming that’s the best option. Your goal is only to get them set up. As time goes on they can slowly migrate to their chosen solution rather than feeling forced to change everything right away. - (2 mins) Do they have the uBlock Origin
extension or a browser that blocks ads? get one. You might get nervous when you see the permissions or uBlock Origin, to feel more comfortable you can read the trust explanation
from the open source team building it and/or some helpful Reddit comments
.
- (< 15 mins) get a VPN
. This is especially important if they have the bad habit of using public wi-fi, people can do all sorts of nasty things over public connections. VPN services often allow multiple devices per account, so if you share it’s likely under $2/month for digital privacy. Is making it harder for people to track & mine your information worth a candy bar?
- (< 10 mins, 🤔 base this on a per case basis) On their most important sites (like banking), enable 2 factor authentication. Yes, it takes an extra few seconds out of your day to log in. Tell ’em to think of it as trading a couple swipes on TikTok for improved protection. Even decent passwords get cracked, 2 factor adds another layer baddies need to get through to have access to their accounts.
⚠ MFA - Future Edit
Leaning towards removing this MFA section, depending on their sophistication. Too many stories out there of people getting locked out of their accounts because they didn’t understand MFA, or Google/other companies don’t have a good process in place for people who’s phones get lost. The protection is good, but getting locked out forever is a dangerous possibility. At least if a scammer takes it, you have a chance at getting the data back.
The process doesn’t end here, there is still a lot for them to learn and explore. Don’t be a condescending techie, be encouraging and answer their questions. In under an hour, you’ve helped them lay the foundation to better protect themselves online. Pat yourself on the back, and go help the next person sending money to Nigerian princes.
Bonus points 🔗︎
Finished all the ideas from above? Great, you’re a star! If you want to keep going and delve deeper into privacy and security, keep going with these bonus tips & tasks.
- start moving away from Google & other services that sell your data, De-Google Yourself Without Cutting Cold Turkey
. This can be a difficult process, so better to take it incrementally. Small steps are better than none.
- Stop using one email for everything. Have one email only for important sites like bank accounts, and one (or more) for the rest. Not every app has the same level of security as your bank, so if an attacker can get information from a smaller website, they can try using that same login information for more critical systems
.
- Think twice about how much information you are giving away on social media. You don’t have to stop using, but don’t post pictures of sensitive documents like flight tickets & passports
, and assume anything you post will end up in front of people you didn’t intend.
- Learn about phishing and stop clicking links in your inbox, even if they look like they came from a trusted domain. Email senders can be easy to fake
, even from
important@whitehouse.gov
. - If you don’t see the lock next to URL address you ended up at, don’t type anything sensitive like passwords. That means any communication between you and the site is not encrypted and could be read by anyone. The lock doesn’t mean the site is 100% safe
, but not having it is a definite red flag.