December 18, 2023
As the cybersecurity experts at FTI Consulting head home for the holidays, they are often designated as the go-to family “tech support,” simultaneously solving computer issues and celebrating with loved ones. I have been playing this role for years, and noticed early on that family members did not always adhere to the cybersecurity best practices I recommend daily to my clients. Below is my advice for where to start when it comes to helping family members protect themselves from cybersecurity threats.
Slow Progress is Better than No Progress
It is not reasonable for anyone to believe they can convert their great aunt from using her dog’s name as the password for every account, to using multi-factor authentication (MFA), in one holiday dinner. I recommend starting slow, and taking a multi-year approach to improving personal cybersecurity posture among family members. Small iterations each year can make a big impact, especially when improvements start with the most important accounts, such as email, online banking, healthcare and retail accounts. Take things one step at a time, and meet your loved ones where they are when it comes to technological savvy.
Encourage Password Managers, But Don’t Knock the Password Book
Password managers are the most effective way to use complex and unique passwords for each online account. The user is responsible simply for remembering one passphrase, and strong passwords can be automatically generated for all accounts. Installing a password manager on a family member’s smartphone, tablet, and computer is a great first step in improving personal security. Enable the associated autofill features to make using the manager as seamless as possible, teach them how to add accounts, and check in throughout the year to see how it is going and if they have any questions.
However, if relatives are more comfortable with storing their passwords somewhere physical, password books are a more effective solution than nothing. Writing down all passwords in a central location still allows for individual passwords for each account without needing to remember each of them.
Start with MFA for Email
MFA, a security technology that verifies an individual’s identity using multiple forms of identification, enables an extra layer of protection should a password be compromised. While it may take some convincing, and a learning curve, to implement MFA across every one of a relative’s accounts, email is a great place to start for preventing fraud and impersonation. If possible, use an app-based MFA not tied to the password manager to avoid a single point of failure, but do not let perfect be the enemy of good; SMS multi factor is better than nothing! After teaching the family member how to use MFA and ensuring they are comfortable with it, incorporate MFA into additional accounts at the next holiday gathering.
Focus on Benefits Outside of Security
Although cybersecurity professionals care deeply about data protection, the truth is that the average family member does not really care about being more secure. They place much more weight on simplicity and ease-of-use than preventing threat actors from accessing their information. Therefore, I have had more success in family members adopting my suggestions when I focus on the benefits they provide beyond information protection. With password managers, for example, emphasize not needing to remember any passwords, the seamless integration possible across all devices, and the ease of other family members accessing all crucial accounts with a single passphrase in case of an emergency.
With these small but impactful measures, anyone can make a substantial difference in enhancing the online safety of their loved ones. In addition to connecting devices to Wi-Fi and other typical family tech-support roles, take these steps to elevate family member’s digital skills, and give the gift of personal cybersecurity this holiday season!
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.
FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.
FTI Consulting is an independent global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political & regulatory, reputational and transactional. FTI Consulting professionals, located in all major business centers throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges and opportunities. ©2023 FTI Consulting, Inc. All rights reserved. fticonsulting.com