(Credit: René Ramos; New Africa/Shutterstock.com)
Throughout 2024, I talked to experts about everything from the rise of generative AI-assisted scams to what it takes to fight cybercrime for the government. During those interviews, I asked industry leaders and researchers for cybersecurity advice. I'm always looking for the kind of down-to-earth and easy-to-understand tips professionals give to friends or family members when they see them over the holidays, and I'm compiling them here as my gift to you. These are their recommendations and my tips for acting on that advice.
Think Before You Post Anything
“Keep things on paper. Keep things local. Don't share it! I have seen people have their entire lives upended by a single Instagram photo because there was something in the background. Just think about who you're sharing with, and whether or not you should do that at all.” - Chelsea Manning, security consultant, Nym
I interviewed Chelsea Manning, the former US Army whistleblower, in December. She’s currently a consultant at Nym, a data security company. She offered plenty of sound advice for maintaining your privacy as an online citizen living amid political turmoil, and also shared her thoughts on the (possibly short) future of the free and open web.
She told me it’s a good idea to keep personal information off your public social media feeds. It’s sound advice for many reasons, the biggest one being that you don’t know who is reading what you write or their intentions.
You are probably not an influencer, so no one pays for updates about your day-to-day existence. Don’t give away that information for free, especially when it can be used against you in the future. Change your social platform settings to claw back some of your personal privacy, and take down public photos and videos of yourself or others. If you need a new place to store your daily thoughts, check out a roundup of the best journaling apps.
Always Use Multi-Factor Authentication
“Use multi-factor authentication wherever you can. It is one of those things that you can actually control.” - Maarten Van Horenbeeck, CSO, Adobe
There are few things in the cybersecurity sphere that regular people like us can control. Protecting our accounts with at least one more layer of security via multi-factor authentication (MFA) makes it much harder for criminals to steal our credentials. Offering some resistance is better than none at all.
The above advice comes from Maarten Van Horenbeeck, Adobe’s chief security officer. In November, I reached out to discuss the oft-talked-about “talent gap” that makes hiring for high-level cybersecurity positions difficult. He offered tips for managers who want a holistic approach to building effective cybersecurity teams.
“As soon as passkeys are available for your services, move to them. Passkeys make it so you're never gonna have to reset your password again.” - Steven Won, chief product officer, 1Password
In February, I got in touch with Steve Won from 1Password to discuss the benefits of widespread passkey adoption, a form of encryption. A free password manager can store passkeys for you.
Some password manager apps include a 2FA code generator, like Apple’s free Passwords app. If you’re looking for a third-party or independent app, check out our list of the best authentication apps. You can also secure your accounts using a pocket-sized hardware security key.
Change Your Online Habits to Avoid Malware and Scams
“Don't click on ads. So much malware is spread by ads. It's big business for the criminals. They can spread their malware very quickly and very cheaply.” - Trevor Hilligoss, VP, SpyCloud
Ads containing malware have appeared on Facebook and other platforms. You can eliminate most ads and many trackers by using an ad-blocking extension for your browser.
I spoke to Trevor Hilligoss in February about cookie hijacking, a threat that can even render passkeys useless. That said, he agreed that using a password manager to store passkeys is better than using the same username and password combination all over the web.
“Wait and don't be urgent. That is the number one best offense to beat scammers. Just don't buy into the urgency.” - Michael Bordash, consultant, Syniverse
Michael Bordash, a scam expert at Syniverse, warned me about SMS scams targeting people traveling for the holidays. Scammers often rely on social engineering tactics, which usually include forcing victims to make big decisions under pressure, enforcing a time constraint, or using some form of emotional or financial manipulation.
Stop engaging with the would-be criminal immediately if you suspect you’re being scammed. If you’ve experienced financial loss or are being blackmailed, report the incident to law enforcement. If you’re worried about not being taken seriously or unsure who to tell, we have plenty of tips to report a scammer.
Embrace Your Inner Skeptic
“In today's day and age, seeing and hearing is not believing. Approach everything with a heightened level of skepticism.” - Abhiskek Karnik, head of Threat Intelligence Research, McAfee
We live in the generative AI age, which means faces can be faked, voices can be imitated, and AI-generated text is getting harder to detect. With that in mind, it’s a good idea to slow down and stop browsing on auto-pilot. Verify the information you see before sharing it with others, and confirm people’s identities before interacting with them online.
Abhishek Karnik leads the Threat Intelligence Research division at McAfee. I spoke with him several times this year about the security threats posed by scammers using generative AI. He reminded me that while the bad guys have those tools, everyone else does, too.
"You have to use technology to help you," said Karnik. “In our world, we are using AI to fight AI." He noted that his company is adding AI features to its security tools.
“Independently confirm everything. Use official websites. Reach out directly to contacts to confirm information. Don’t click on a link without confirming it’s from someone you know.” - Jason Hogg, CEO, Matunuck Group
I spoke to Jason Hogg, a former FBI special agent and current CEO of Matunuck Group, earlier this year when I gathered background information about on-device AI ahead of Apple’s newest iOS release.
His advice above boils down to taking your time and being thoughtful about how you interact online. If your friend or family member sends messages containing strange links or requests for money, don’t reply immediately. Call your loved one to ensure it’s really them before you act.
Patch and Update All of Your Devices
“People have this perception that they can just buy an IoT device, plug it in, and then forget about it. I tell people it's like cutting the grass, you have to maintain it. You can’t just let these things operate in your home without making sure they're up to date.” - Lisa Plaggemier, executive director, NCA
I received the above advice from Plaggemier earlier this year while talking to her about tax scammers who use generative AI to make their crimes harder to detect.
Don’t ignore security warnings or updates and patches for your devices. Bugs or holes in the operating systems can leave your home or computers open to a malware attack. It’s also a good idea to make sure your antivirus, password manager, and other security software are up-to-date.
Ultimately, many of these tips come down to taking precautions and remaining vigilant. For regular reminders, make sure to bookmark our cybersecurity checklist.