A privacy-respecting guide you can complete in one afternoon.
When you're home for the holidays, you can dramatically improve a loved one's digital safety without surrendering their data to yet another corporation. Here's a practical checklist that prioritizes her security, not surveillance capitalism.
Data brokers are where scammers, stalkers, and impersonators get phone numbers, addresses, and relatives' names. This information powers convincing phishing attempts and "grandparent scams."
What to do: Use DeleteMe to automatically remove your loved one's personal information from over 750 data broker sites. Their privacy experts handle the entire removal process and provide regular reports showing what's been removed and what's being monitored.
Why it matters: Less public data means scammers can't personalize their cons. "Hi Grandma, it's Michael, I'm in jail" hits different when they actually know your grandson's name.
She's probably using Chrome, Safari, or Firefox. Good news: they all have built-in password managers that are vastly better than reused passwords.
What to do: 1. Open her saved passwords (Settings → Passwords) 2. Change anything reused or weak 3. Let the browser generate strong passwords 4. Turn on sync so she doesn't get locked out on other devices
Is this perfect? No. A dedicated manager like Bitwarden is better. But browser-based beats "password123" across 47 sites.
A modern smartphone shouldn't burn through battery or run hot. Daily reboots clear memory garbage, stop lingering processes, and kill most non-persistent malware.
What to do: Restart her phone, tablet, and laptop. Update OS and apps while you're at it.
Quick rule for her: "If it's acting weird, restart it first."
Scammers now use AI voice clones and deepfakes built from Facebook photos. A phone call that sounds exactly like you saying "Grandma, I need $2,000" is trivially easy to fake.
What to do: Set up BeSureItIs for your family - it combines two-factor authentication with in-person confirmation so your loved ones can verify it's really you, not a scammer or deepfake. When someone calls claiming to be family and asking for money, they'll need to pass identity verification first.
The low-tech backup: Write a family code word on paper and put it on her fridge. If anyone calls claiming to be family and asking for money, she asks for the password. No password? Hang up.
This is the fastest, lowest-tech defense you can give her.
A cluttered inbox is a vulnerability. Promotional spam trains her to ignore emails, which means she might miss something real—or click something fake.
What to do: - Unsubscribe from junk newsletters - Mark obvious spam as spam (this trains the filter) - Delete the thousands of unread promotional emails
A cleaner inbox means suspicious emails stand out.
Start with the accounts that matter most: email, bank, and social media.
What to do: - Email first (if someone owns her email, they can reset everything else) - Then bank, Amazon, and Facebook - Use app-based 2FA if possible; SMS if that's all she can manage
Good enough: SMS codes are imperfect but still block 99% of automated attacks.
Shady apps are data vacuums. Look for anything with excessive permissions or that she doesn't remember installing.
Red flags: - "Battery booster" or "system cleaner" apps - Flashlight apps (your phone has one built in) - Horoscope/astrology apps with location access - Anything requesting access to contacts, camera, and microphone for no clear reason
Delete aggressively. These apps exist to harvest data or show deceptive ads.
Both OS-level and app-level. This closes security holes without her needing to think about it.
What to do: Settings → Software Update → Automatic Updates ON.
Unpatched software is one of the most common attack vectors. Don't make her remember to update.
Facebook is a goldmine for impersonation. Scammers scrape photos, friends lists, and personal details to build convincing cons.
Set to Friends Only: - Posts - Friends list - Photos - Phone number - Birth year (identity theft vector)
While you're there: Review her friend requests. She probably has pending requests from fake accounts.
Two quick wins that eliminate a surprising number of home-network risks.
What to do: 1. Change the default Wi-Fi password (it's printed on a sticker anyone can photograph) 2. Verify WPA2 or WPA3 is enabled (not WEP, not "Open") 3. Check for a firmware update
This takes five minutes and closes an often-ignored attack surface.
Photos and documents are irreplaceable. Ransomware is real. Hard drives fail.
What to do: - iCloud or Google Photos for automatic photo backup - For the privacy-conscious: a small encrypted USB drive stored somewhere safe
Backups prevent catastrophe more than anything else on this list.
Skip Ring, Nest, Flock, and other cloud-dependent surveillance systems. These companies: - Store footage on their servers (data breach risk) - Have handed footage to law enforcement without warrants - Contribute to neighborhood surveillance networks you didn't consent to
Better approach: If you're technical, set up Home Assistant with any RTSP-compatible camera. Footage stays local. No monthly fees. No corporate access to her front door.
If that's too much: At minimum, avoid Flock and Ring. A simple Wyze cam with local SD card storage is a reasonable middle ground—just disable cloud features.
If her news diet is Facebook posts and chain emails, she's being algorithmically manipulated toward outrage and misinformation.
What to do: Set her up with Ground News or a similar bias-comparison tool. It won't change her mind about anything, but it helps her see when she's being manipulated—which is the first step.
Make a simple text file or printed sheet on her desk with: - Your phone number (and a backup family contact) - The family password - "If something seems wrong, call [name] before doing anything" - Steps to verify emergencies ("Hang up. Call them back at a number you already have.")
This gives her a script for high-pressure situations when scammers are counting on panic.
Older adults are targeted more aggressively every year. AI-generated voice clones, deepfake video calls, and hyper-personalized phishing are no longer theoretical—they're happening now.
One afternoon of setup and education meaningfully reduces her risk. You're not trying to make her a security expert. You're trying to make her a harder target than the next person on the scammer's list.
Last updated: 2026 Holiday Edition
This guide is sponsored by DeleteMe and BeSureItIs.