Security awareness

What senior citizens need to know about security awareness

Karen Walsh
December 31, 2020 by
Karen Walsh

Introduction

As a result of the coronavirus pandemic, many older adults sought out new technologies. Whether as a means to connect with friends or grandchildren, many matured adults are using technologies that they have little or no experience with. From video conferencing apps like Zoom to paying bills online, older adults have been forced to run into the technology ocean without the ability to tip-toe their way in. 

In June, the US Attorney for the Middle District of Pennsylvania listed the different ways that cybercriminals have been using the public health crisis to further their identity theft plans. Malicious actors, always willing to prey on fears, launched a variety of social engineering attacks, including:

  • Emails soliciting the purchase of fake cures and vaccines
  • Calls pretending to be Medicare representatives looking to send free masks, gloves and hand sanitizer

Demystifying the internet and computers is a primary way to help older adults protect themselves online. While many protective measures may seem to oversimplify the necessary actions, they also give an easy-to-understand way that older adults can more comprehensively protect their data. 

Two year's worth of NIST-aligned training

Two year's worth of NIST-aligned training

Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.

If it sounds too good (or bad!) to be true? You’re probably right

Social engineering attacks are successful because they prey upon people’s strongest emotions. Fear is often the fundamental emotions underlying most social successful social engineering attacks because the “fight or flight” reaction takes over. 

For example, many of the COVID-19 scams promised a cure for the coronavirus. Because the elderly face a higher risk of mortality if they get sick, many were more likely to allow the fear response take over. 

Similarly, as stay-at-home orders left many older adults without access to family visits or other social contact, cybercriminals preyed upon those feelings as well. Feelings of loneliness and isolation led many older adults to seek out social media or dating applications, at which point scammers ask for private information. 

Older adults should beware as soon as a message looks to provide too perfect of a solution or to make them afraid of the worst possible outcome. 

Keep secrets

Cybercriminals are basically digital con artists. They either want you to think that they’re a trustworthy source you know or trick you into thinking that they’re a new trustworthy source. 

If you wouldn’t share this information with a friend, make sure that you don’t share it with someone you don’t know. For example, few adults would walk into a local Starbucks and start sharing their government ID number, yet many are willing to provide this information online. 

The key to protecting private information is keeping it private, no matter how legitimate the request appears. Older adults should make sure that they never respond to an unsolicited request with any of the following information: 

  • Personal ID number
  • Address
  • Birth date
  • Health insurance information

Don’t talk to strangers

While it may seem overly simple, protecting digital data follows the same principle taught to children: don’t talk to strangers. Whether it’s an email, phone call, social media post/message or text message, the first rule of protecting yourself from a phishing attack is to only communicate with people you know and trust. 

Detecting a phishing email can require understanding what an email address should look like, how to hover over a link or how to know a file is fake. However, for new users, these suggestions sound like an overwhelming foreign language. 

For example, even digitally savvy users have been tricked into clicking on malicious links to fake bank websites. Users new to the digital landscape will have an even more difficult time trying to parse out the real from the fake. 

Some simple steps that older adults can take to protect themselves are:

  • If you don’t recognize the name or number associated with the contact, delete immediately. 
  • Never respond to any unsolicited contact, even if it sounds legitimate. 
  • If you think a real problem exists, find the official contact information and use that. 
  • Never provide sensitive data to anyone, no matter how legitimate they appear, in a social media platform either publicly or in a direct/private message.

Keep it personal

For many older adults, passwords might be the most daunting cybersecurity practice. Every password is supposed to be at least 8 characters in length, with uppercase, lowercase, special characters and numbers. All of these requirements, plus using a different password for each login, can be especially daunting for older adults. 

The best option for creating good passwords is to make them personal and/or create a “formula” for generating them. 

Some suggestions for helping older adults create easy-to-remember, unique passwords include:

  • Using the color of the company’s logo as part of the password. For example, Infosec’s logo is blue. A good password might start with “bluelogo.”
  • Using the purpose of the login. For example, since Infosec Institute is used for learning, you can build on the “bluelogo” with “bluelogoforlearning.”
  • Replace vowels with numbers. You can replace spaces with numbers or special characters. For example, instead of “bluelogoforlearning,” you have “blue1logo!for2learning@.”
  • Make a capitalization rule. You can choose to only capitalize the first letter every time or to capitalize the start of a new word in your passcode. For example, instead of “blue1logo!for2learning@” you can have either “Blue1logo!for2learning@” or “Blue1Logo!For2Learning@.”

No matter what criteria you use to create your password formula, make sure that you apply it consistently. Older adults may not be comfortable using a password manager, so they need a way to make secure passwords that they can also easily remember. 

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Conclusion: Protecting digital health and physical health

Now that older adults have been forced to jump into the deep end of the digital lake, they will likely be swimming here for a while. However, despite how complex the internet can seem, digital security rules are often very similar to the physical security rules you already know. With the right digital hygiene, older adults can protect themselves from scammers and protect their information health as much as they protect their physical health. 

Karen Walsh
Karen Walsh

Karen Walsh is an attorney, auditor, teacher, author, and compliance enthusiast. When not reading new cybersecurity/privacy regulations and standards, she writes about them to help spread cyber awareness. In her "free" time, she volunteers with The Diana Initiative, an annual conference focused on supporting women in cybersecurity. You can find her on LinkedIn ( https://www.linkedin.com/in/geekykaren/ ) and Twitter ( https://twitter.com/GeekmomK )