grey haired lady working on a laptop

9 basic security tips for seniors

Before we get into the tips: a caveat. We know many seniors who are digitally more up to date than people 20 years younger, but for those who aren’t, this guide is for you.

If you’re offended by the word seniors in the title, feel free to replace it with “computer illiterate people.” And keep in mind that this piece was written by a 60-year old who happens to be the “computer guy” among his family and friends. 

With the world’s increasing digitalization, even those that are not a big fan of computers are compelled to use them for various urgent reasons. Seniors in a digital world can be overwhelmed by all the new technology. And just when you think you’ve caught up, something new’s been invented. 

In security terms, it can feel like there’s a lot to do in order to keep your data and devices secure. Multiple passwords, reading through EULAs, website cookie notifications, and more. All of this can contribute to a serious case of security fatigue.

Many of today’s most dangerous threats are delivered through social engineering, i.e., by tricking users into giving up their data, or downloading malware from an infected email attachment. Therefore, knowing more about what not to click on and what not to download can keep a good portion of threats out the door.

So, with that in mind, here are 9 basic security tips for seniors:

  1. Do not click on links asking to fill out your personal information. Banks and other financial institutions will not send emails with links, especially if those links are asking you to update your personal information. If a website promises you something in return for filling out your personal data, they are likely phishing. In return for your data, you will probably get lots more annoying emails, possibly an infection, and no gift.
  2. Don’t fall for too-good-to-be-true schemes. If you get offered a service, product, or game for free, and it’s unclear how the producers of the service or item are making money, don’t take it. Chances are, you will pay in other ways, such as sitting through overly-obnoxious ads, paying for in-game or in-product purchases, or being bombarded with marketing emails or otherwise awful user experiences.
  3. Don’t believe pop-ups and phone calls saying your computer is infected. Unsolicited phone calls and websites that do this are known as tech support scams. The only programs that can tell if you have an infection are security platforms that either come built into your device or antimalware software that you’ve personally purchased or downloaded. Think about it: Microsoft does not monitor billions of computers just to call you as soon as it notices a virus on yours.
  4. Don’t download programs that call themselves system optimizers. We consider these types of software, including driver updaters and registry cleaners, potentially unwanted programs. Why? They do nothing helpful—instead, they often take over browser home pages, redirect to strange landing pages, add unnecessary toolbars, and even serve up a bunch of popup ads. While not technically dangerous themselves, they’re unneeded and could let other nasties in through the door.
  5. Disable web push notifications. These are almost never useful to the user, they can be easily spoofed, and they are regularly used for social engineering and obtrusive advertising purposes.
  6. Keep your browser up-to-date. Major browsers such as Firefox, Safari, and Chrome all have their own strengths and weaknesses, so it’s a matter of personal preference which one you use. However, browsers regularly have vulnerabilities and any updates should be applied as soon as possible. Remember: You must restart your browser in order for updates to take effect.
  7. Look for HTTPS and the padlock sign. Just because there is a padlock next to the address bar doesn’t mean the site is safe, but it does mean all the traffic between your computer and the website is encrypted. That means that if someone tried to snoop on what you were sending the website, they’d get nowhere because the data would be scrambled.
  8. Use multi-factor authentication wherever you can. You can set this up on most sites and usually involves you entering a code from either an app or a text message, after you’ve entered your password. Bonus points for healthcare or banking organizations with logins that use passkeys, a hardware key, or behavioral biometrics.
  9. Use a password manager. They help you create and remember safe passwords and they won’t automatically put your passwords into fake sites, which helps you tell if something is a phishing site. This step might require some time and help from someone more technical, but it makes things much safer in the long run.

We don’t just write about threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.