When you work in IT or Security, or even just have a modicum of technical knowledge, family gatherings can turn into work time. Your chair at the table suddenly becomes the Help Desk. You’re just trying to enjoy a meal but wind up answering questions about password strength between forkfuls of food.
Here are some tips to help alleviate the stress of being forced to be “on” when you really just want to be in a food coma.
(1) Be polite! Remember, tech and security are often scary subjects to people not in our industry. We don’t want to scare people away from good practices. You may be the only Information Security professional your family comes in contact with. As I talked about in my DerbyCon 2019 talk, “Empathy as a Service to Create a Culture of Security ,” you need to try to be approachable and listen to what people are really asking. So, where does politeness come into play? If pressed upon to explain SIM jacking to Uncle Irv during the first course of dinner, ask to delay the conversation until after dessert. “That’s a great question and surely a big problem, Uncle Irv, but I’d really like to enjoy this meal and not think about work. How about we gather around after dessert, and I can explain some of the points to you?” You know your family dynamics, but it stands to reason that most polite requests for a deferment in the conversation should be respected. Your mileage may vary. It’s inevitable that you’ll have to do some “shop talk.” So, just negotiate it to be on your own terms.
(2) Be prepared! There are so many helpful Information Security resources out there, that have already done the work for you. Here are some links that you can send to your inquisitive family members, or in some cases, there are tip sheets that you can actually print out and distribute them if asked about security. Sure, that seems a little weird. But, it’s easy and you don’t even have to answer questions. Just hand out some material and announce that you would like to hack into Aunt Mary Pat’s Sea Foam Salad.
- STOP. THINK. CONNECT. has a Resources page with a variety of safe PDFs to download that give instructions and advice.
- Stay Safe Online also has a Resources page as well as other materials for consumers and non-tech savvy users to learn from.
- Michael Bazzell has a great free resource that will keep your relatives busy! Personal Data Removal Workbook & Credit Freeze Guide. There’s a lot more at his Intel Techniques site, but that PDF is the sweet spot of what to give out to family and friends who have data privacy and security concerns.
- The Federal Trade Commission has some great resources under their Consumer Information umbrella. Direct family to their Privacy, Identity & Online Security section online. There are a lot of easy action items here that people can do, like How to Block Unwanted Calls and Scams, where people can read the facts about which “too good to be true” stories they might be seeing on Facebook. The FTC also has a great site geared towards Senior Citizens called Pass It On (also en español) where they can receive guidance and explanations about scams and identity theft.
- Product recommendations. Don’t want to get stuck recommending a certain product, for whatever reason? You can direct people to things like PC Mag’s Best Password Managers of 2019 comparison chart. People can then read for themselves about which one is best for them. Either Consumer Reports or PC Mag will have these types of comparison charts for a variety of products, if you can’t or don’t want to give recommendations.
- Reading is fundamental! Love him or hate him, Brian Krebs does offer up information about cybersecurity events that is easy for a non-technical person to follow. That’s the key here, if you recommend reading material to family or friends who are not tech or security savvy, don’t give them resources that they could find overwhelming or confusing. If someone is eager to get more InfoSec knowledge out of you, and you are eyeing up that sweet potato casserole, advise them to check out Krebs on Security, the Forbes Cybersecurity section, or for more sophisticated readers, the Pew Research Center’s Internet & Technology section. Give them an opportunity to read and learn for themselves, at their own pace. As the saying goes, teach them to fish. (but, don’t teach them to phish!)
(3) Be a translator! If you’re not into football, someone talking about a “pick 6” or a “PAT” or “muffed punt” sounds like Charlie Brown’s teacher to you. The same goes for people who aren’t tech or security savvy when you start throwing around industry terms or jargon. Do your best to explain things in easy to understand terms, or at the very minimum, define the jargon you’ve used. You may be trying hard to give InfoSec advice, but if you’re using terms that your listeners don’t understand, then all your hard work falls upon deaf ears. Instead of, “We really DDoS’d that turkey!” maybe say something like, “We really attacked that cooked turkey from all sides, didn’t we?!” Use familiar words and common examples to explain InfoSec terminology and scenarios. Bonus reading, “How to Talk to Anyone.”
(4) Be patient! Some time, long ago, in a galaxy far, far away, you too were a n00b at all this stuff. Have some patience and understanding for your family members who may not embrace all these concepts of tech or security as easily or with as much interest as you do. If your Cousin Brenda scoffs at the thought of a password manager because it seems to difficult and maybe even stupid to her, her reaction may be because she’s scared or confused or not understanding it. Use the force of InfoSec inside you to be patient with the people around you.
(5) Be fun! Lastly, have some fun with this through Bingo! I created an InfoSec Thanksgiving Bingo card with a bunch of terms that you might hear mentioned or asked of you during dinner. This is a mobile version of the card, but you can also create your own card here. Feel free to yell out “BINGO” during dinner, even if it’s only funny to you!
Be a translator!
Have a peaceful and relaxed Thanksgiving holiday!