Introduction

The US government requires any third parties, partners, and contractors that process, store, or transmit sensitive, unclassified government information on its behalf to be compliant with the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) cybersecurity standards. Examples of organizations that fall under this category are consultants, manufacturers, contractors for the Department of Defence, research institutions that get federal grants, universities, and service providers for government agencies.

NIST 800-171 standards are designed to protect sensitive information located on the IT systems and networks of federal contractors from unauthorized access. The standards were published in June 2015 by the National Institute of Standards and Technology (NIST) and have been updated over the years to tackle emerging cyber threats and ensure optimal protection and security of sensitive government information.

What is NIST 800-171

NIST 800-171 is a publication of the National Institute of Standards and Technology (NIST) that entails all the security practices and standards that are required of any organization that processes, stores, or transmits sensitive, unclassified information on the US government’s behalf.

Specifically, NIST 800-171 focuses on the protection of Controlled Unclassified Information (CUI) and works to safeguard confidential government information from getting into the wrong hands. Examples of this controlled, unclassified information include personal data, intellectual property, logistical plans, equipment specifications, and so on.

What is the Purpose of NIST 800-171

NIST 800-171 helps to define the practices of specific areas of cybersecurity controls that government contractors and subcontractors must adhere to when their networks handle CUI. The purpose of these standards is to ensure that no organization dealing with sensitive, unclassified government information sets vulnerable cybersecurity practices and procedures that may lead to a privacy breach.

By complying with the NIST 800-171 standards, government contractors and subcontractors will boost the resilience of the federal supply chain and safeguard Controlled Unclassified Information in the cyber space from cyberattacks.

What is Controlled Unclassified Information (CUI)?

Controlled Unclassified Information (CUI) refers to any sensitive information owned or created by the government but not classified. Such information should be safeguarded and disseminated with controls consistent with Government-wide policies because a breach of the data can potentially disrupt national security and cause economic disasters.

Examples of CUI are:

• Personally Identifiable Information (PII) – such as social security number (SSN), passport number, taxpayer identification number, driver’s license number, etc.
• Proprietary Business Information (PBI) – such as data about inventions, patent applications, prototypes or devices, intellectual property holdings or strategy, etc
• Unclassified Controlled Technical Information (UCTI)
• Sensitive but Unclassified (SBU)
• For Official Use Only (FOUO)
• Law Enforcement Sensitive (LES), and others.

What are the NIST 800-171 requirements used for CUI?

In total, the NIST 800-171 requirements used for CUI are 110 in number, and each of them tackles separate areas of an organization’s IT practices and procedures. These requirements cover areas such as access control, authentication procedures, and systems configuration. The requirements set the standards for cybersecurity procedures and as well incident response plans which help to effectively address network security incidents.

Each of the NIST 800-171 requirement work to strengthen different elements of the cyber network and collectively create a formidable defence against cybercriminals from accessing sensitive government information. They mitigate vulnerabilities and ensure that the organization’s staff, network, and systems are well prepared to adequately protect CUI.

14 Requirements Families of NIST 800-171

All the 110 NIST 800-171 security requirements are broadly divided into 14 families, with each family addressing specific cybersecurity topics and their practices. These 14 families work hand-in-hand to ensure the building of a resilient security system that protects CUI. The sectionalization of these requirements makes it easy for organizations to employ them and regularly assess their systems and networks for compliance.

The 14 requirement families of NIST 800-171 are:

1. Access Control

Access control requirements tackle access to networks, systems, and information. Under this family, there are 22 different requirements designed to help determine who has access to sensitive data and to keep unauthorized users restricted from the data. Also, access control requirements regulate the flow of sensitive information and protect it within the network, guiding network devices in the system.

2. Awareness and Training

The Awareness and Training family is governed by three requirements. Without proper awareness and training of the personnel in charge of the system, the cybersecurity system remains vulnerable, even if it’s built on the most robust technology. Awareness and Training requirements make managers, admins, and all others involved in the organization understand their duties towards preventing cyber threats and the risks related to these threats. Each individual understands what to do if there’s a data breach attempt and how to keep security at the top level.

3. Audit and Accountability

Nine requirements make up the Audit and Accountability family, which centres around auditing and reviewing the system and logged events. Routine auditing and accountability help to protect the system as it ensures that only the best policies and procedures are used at all times. This section also uncovers and mitigates potential cybersecurity incidents, keeping CUI out of the wrong hands.

4. Configuration Management

It’s essential to configure all the software, hardware, and devices on the organization’s network to meet the security requirements. Configuration management has nine requirements that help organizations ensure they are well configured to execute blacklisting, whitelisting, and the prevention of unauthorized installations and download of nonessential programs. This prevents any part of the system from being compromised or bringing in malicious software that can spy on the networks and systems.

5. Identification and Authentication

At any point, organizations handling CUI can determine the person using their devices and verify their identity before they gain total access to the system. There are 11 requirements in this family that ensure that every user gets authorized before accessing the system, and they also determine how much the person can access. The requirements encompass password and authentication procedures and policy, together with accurate identification of users.

6. Incident Response

Cyberattacks continuously evolve, and without adequate incident response, they may end up penetrating the system. There are three requirements that tackle incident response and put organizations steps ahead of attacks. These requirements help to detect and contain attacks before they penetrate the security. The incident response includes proper training of personnel, planning for an attack, as well as regular testing to determine the strength of the system. Security incidents will be documented and shared with the authorities to stay up-to-date with the current face of cyberattacks.

7. Maintenance

This family has to do with performing routine maintenance as it’s one of the ways to ensure the organization’s policies are up-to-date. The maintenance family has six requirements that provide insight into the most practical procedures for system and network maintenance. The requirements also help to replace outdated tools and techniques with recent, efficient ones, and that keeps the entire system completely secure.

8. Media Protection

Organizations must securely handle their external drives, backups, and backup equipment to achieve proper media protection. The media protection family features nine requirements that guide and control access to sensitive media. Following these requirements guarantee the best practice for the storage or destruction of sensitive data and media in either physical or digital formats.

9. Personnel Security

This family of requirements controls access to systems and networks by personnel, ensuring that everyone is screened ahead of time. Since personnel may be terminated or transferred over time, personnel security ensures that such personnel is restricted from their previous privilege, such as having access to CUI. Two requirements come under the personnel security family, and they work together to ensure the screening of individuals attempting to access the systems and the termination of access for personnel who are no longer part of the organization or have been transferred.

10. Physical Protection

As physical devices play a significant role in cybersecurity, the physical protection family of requirements regulates physical access to CUI in organizations. A compromise in physical access to CUI can be as detrimental as virtual access. This family has six security requirements that help to regulate the handling of hardware, devices, and equipment and limit them to authorized users. The requirements also control visitors’ access to the organization’s work sites and physical equipment to ensure they don’t breach privacy.

11. Risk Assessment

Two requirements fall in the risk assessment family of NIST 800-171, covering the analysis of systems’ performance and the strength of protection. Risk assessment. Organizations are required to regularly test and analyze systems for vulnerabilities and remediate them immediately. This helps to ensure that network devices and software are updated and maintain top security, thus effectively defending against cyber threats.

12. Security Assessment

Four requirements on the list deal with the monitoring, development, and renewal of system controls, as well as security plans. Organizations will assess their security and determine if there are any vulnerabilities in it. If any is detected, they immediately work towards blocking the loophole and strengthening protection. Doing this helps organizations set their systems to effectively tackle evolving cyber threats and determine loopholes before cybercriminals get to them.

13. System and Communications Protection

Communication is a core part of cybersecurity that need to be monitored, protected, and controlled. Whether internal or external communication, the transfer of information should be properly guided to prevent unintended transfers of sensitive information. Sixteen requirements make up the system and communication protection family, ensuring communication is executed as expected and with authorization. They also prevent the denial by default of network communication traffic and incorporate the best practice cryptography policies to protect sensitive government information.

14. System and Information

Lastly, seven requirements address continuous monitoring and protection of systems within the organization. The requirements help organizations identify, report, and correct system errors and restore normalcy as soon as possible. Also, they address the case of identifying and apprehending unauthorized access to information by users. Any unauthorized user who is caught assessing the system gets punished according to the laws governing the degree of invasion.

NIST 800-171 Compliance

All organizations that intend to deal with CUI must comply with NIST 800-171 before signing any contract or agreement with the US government. Without compliance, the US government will not deem such a contractor or subcontractor fit to handle CUI and will refuse to enter into an agreement.

NIST 800-171 compliance for defence contractors

Contractors that handle CUI as part of their duty for the Department of Defense (DoD) implement a points-based system to score their compliance with NIST 800-171. In this system, contractors conduct self-assessment of their cybersecurity against the 110 requirements as published in NIST 800-171. For every compliance to each requirement, they get one score and will get up to 110 if they fully comply with all the requirements. However, weighted penalty points (from -1 to -5) will be subtracted for every unimplemented or partially implemented requirement. In the end, the scores are recorded in the DoD’s Supplier Performance Risk System (SPRS) and are typically submitted before contract award or renewal.

Your NIST 800-171 Checklist & Best practices

Organizations looking to self-assess can follow the process below to scrutinize their security and determine the compliance level.

1. Together with senior information security stakeholders, create an assessment team that’d set an effective assessment plan, including the duration and objectives.

2. Begin an internal communication campaign to make employees aware of the project.

3. Create a contact list of individuals with relevant responsibilities, e.g., system administrators

4. Collect important documents, such as existing security policies, previous audit results and logs, system records and manuals, admin guidance documents, and system architecture documents.

5. Assess individual requirements in the NIST 800-171 publication and register a statement for each.

6. Create an action plan that illustrates how any unmet requirements will be met.

7. Include all the evidence for compliance in a System Security Plan (SSP) document

How To Prepare For a NIST 800-171 Assessment?

While NIST 800-171 self-assessment often seems complex for many organizations, following a step-by-step guide can help organizations prepare better and make the process a bit easier. To better prepare for your assessment, you need to do these five things.

1. Collect existing security practices and procedures.

2. Establish contact with key information security stakeholders.

3. Set the start and finish of the assessment.

4. Collect relevant material and previous audit results.

5. Communicate the project to all sectors of the organization.

Conclusion

If you’re looking to prepare for NIST 800-171 compliance, Computabilities can guide you through the complexities of the process and make your assessment a breeze. Reach out to us at 919-276-0282 or email sales@computerbilities.com.

Written By – Adam Pittman

Introduction

The success of any construction project relies not only on the competency of the individuals in the team but also on effective communication between team members. Excellent communication enables each team member to understand their roles and responsibilities and collaborate effortlessly.

On the other hand, poor communication can cause errors in job execution, leading to delays and a waste of resources. The impact of communication becomes more apparent when subcontracting as you’d be working with individuals or teams who are not originally part of your company and may not understand your work culture.

The only way to avoid wasting time, energy, and money is by putting an effective communication medium in place, which is why SharePoint and office 365 are critical technology tools for construction and subcontracting companies.

SharePoint Solutions For Construction

SharePoint is a web-based intranet that helps companies improve data storage, use, and sharing, thereby increasing business efficiency. Construction works sometimes require updating project drawings to address certain on-site situations or fit clients’ needs. Thus, having an effective solution for data sharing and communication, such as SharePoint, makes continuous collaboration possible and easy. Some of the benefits that using SharePoint offers construction and subcontracting companies include:

1. Project Schedule and Reports

With SharePoint, project scheduling and reports in the construction industry have never been easier. As the project manager, SharePoint provides a central project hub through which you can assign roles, schedule tasks, and get timely reports to keep track of the progress.

2. Trade Knowledge Base

Every successful construction company has unique trade secrets and special business practices that give them an edge over others in the industry. SharePoint allows you to keep this competitive advantage by storing your secrets in a single knowledge base centre and locking it with a password so that no one gains access to your secrets without your permission.

3. Safety Messages and Alerts

From company-wide announcements to team-specific information, you can safely communicate through messages and alerts on SharePoint. Effective communication fosters seamless collaboration and makes sure every team member works towards achieving the desired result.

4. Equipment or Subcontractor Registers

Companies can avoid losing money from equipment loss by using SharePoint to keep track of all tools and equipment on site. You can as well create an editable subcontractor register to have up-to-date information on the subcontractors on site at any time. This practice can strengthen the security of your equipment and prevent financial loss.

5. Site Diary

Record and follow up on the activities of your field engineers, technicians, and team by creating a site diary. SharePoint makes site diary creation effortless as you have a mobile-ready form in the application designed for such a purpose. Record on the go while you efficiently manage other aspects of the construction project.

6. Site Induction

No more racking your brain during site induction to know whether or not you have covered all the necessary details. SharePoint offers you site induction automation options using SharePoint Task List. You can create your induction checklists easily and monitor their status in real-time.

7. Staff Directory

Sometimes you need to find the contact details of a team member to reach out to them for different purposes. Take out the stress of going through your phone contact or paper documents to find your staff’s contact by using the SharePoint online staff directory. Search employees easily by name, job title, department, or other descriptions.

8. Drawing Versioning

SharePoint versioning allows you to restore and track items in a list or as files in a library each time they are changed. The system automatically numbers each new drawing version so you can know what items you saved last. Plus, you can see who last revised your diagrams, drawings, or schematics using this powerful application.

Why Choose Our Industry Expert?

Your choice of partner determines how much benefit your construction or subcontracting company will derive from technology, especially from essential programs like SharePoint and office 365. With Computabilities in charge of your licensing, implementation, customization, and support, you can rest assured that your company will make the most of your investment in digital technology.

We will help you stay competitive in the industry by integrating tech solutions into your operations for optimal performance and productivity. Our track record of reliability and performance optimization with various tech resources makes us the ideal partner for your Microsoft SharePoint and Office 365 adoption.

Let’s Start with SharePoint and office 365

While we can handle all kinds of IT tasks, including providing uninterrupted networks, setting up business software, troubleshooting your IT system, and more, you might want to start our partnership journey with SharePoint and office 365 management. Doing this will give you an insight into our practices at Computabilities and make you feel satisfied that you’re with the perfect partner.

1. Project Management

Manage multiple projects like a pro and get the best results with the help of SharePoint. From scheduling to task assignments, you can manage your construction project effectively and with less stress.

2. Information Protection

Information theft can be devastating for businesses, especially those in construction and subcontracting niches. Give your business rock-solid protection against malicious actors and keep your secret practices passworded with SharePoint.

3. Application Development

When you need to develop tailored apps to address specific business needs and automate certain tasks, SharePoint is the place to go. Even when you’re not a techie, SharePoint technology operates on no to low code, which is why most businesses choose the SharePoint app over others.

4. Reporting & Analysis

Get reports from team members, analyze site data, and gain maximum insights so as to take positive decisions that enhance productivity. You can also choose to publish crucial data or share them with specific professionals for experience-driven contributions.

Conclusion

SharePoint and office 365 can significantly transform operations in construction and subcontracting companies and set them up for greater productivity and profitability. If you’re ready to incorporate SharePoint and office 365 into your construction business, kindly contact us at 919-276-0282 or email sales@computerbilities.com.

Written By – Adam Pittman

Introduction

From financial accounts to social media accounts, an average American has about 150 online accounts, which they protect with passwords. Instead of setting complex but strong passwords, most people choose simple options since they’re easy to remember. And this is why based on statistics, “123456” is the most-used password. Unfortunately, such practices aren’t safe because cyber criminals can easily guess simple passwords and hijack your accounts for fraudulent activities.

Due to this, many people are puzzled by the question of how to create strong and secure passwords to help maintain top security in the digital space. As leading IT experts, we elaborate in this article on how to create hard-to-guess passwords and save them securely.

How secure is my password in this internet world?

Knowing how secure your password is helps you understand how safe you are in the internet world. Just like a strong door protects your home against intruders and thieves, a strong password protects your online accounts from unauthorized access.

The level of security your password has depends on how it’s formed and the character types combined. Passwords created with the same category of characters (e.g., alphabets only or numbers only) aren’t as secure as those created from a combination of different character categories (e.g., combining letters with numbers). Let’s walk you through what a strong password should look like.

How to Create a strong password

When creating passwords, avoid using dictionary words, your date of birth, curse words, slang, email addresses, names, places, etc. Cybercriminals know these patterns and may eventually get the right password after a few permutations. To create strong passwords:

Use Uppercase & Lowercase letters, Numbers, & Symbols

Include uppercase and lowercase letters, numbers, and symbols in your passwords to strengthen them. Use special symbols that are rarely used, such as (_-) +=^*&%#~[]:;” ‘><,./? to make your online security rock-solid.

Make Your Passwords At Least 12 Characters Long

Another thing to ensure when creating strong passwords is that your passwords are at least 12 characters long. Include as many variations of different characters to make your password long and secure.

Avoid Using Easily Guessed Words

Hackers look for easy targets, especially those who use easily guessed words and patterns. Some of the easily guessed words to avoid are:

• 123456
• Password
• 12345678
• Qwerty
• 12345
• 123456789
• Letmein
• password123
• 1q2w3e
• abc123

Don’t Use The Same Password For Your Accounts

To strengthen your security in the internet world, you need to develop different passwords for different accounts, especially when the accounts serve different purposes. During a major data breach (such as breaches at Facebook, Apple, etc.), hackers extract millions of passwords and begin to try them on different platforms. Suppose you’re using the same password for all your accounts; hackers can easily unlock all your accounts once they have your password, and that can lead to identity theft, account takeover, and even financial loss.

Steps to Saving Your passwords securely

Now that you’ve learned how to create strong passwords, you might be concerned about how to remember all the different passwords you have. Luckily, that’s where a password manager comes in.

Stop Reusing Passwords
Regardless of how you choose to store your passwords, avoid reusing passwords as it puts many of your online accounts at risk. Develop a way to vary your passwords while keeping them strong and secure.

Make Your Password Not Guessable
Before setting or saving your password, make sure they are created well and are not guessable. A list of easily guessed passwords has been provided earlier, but you also want to avoid creating passwords from pet’s names, kid’s names, favourite teams, etc.

Check If Any of Your Passwords Are Exposed
During a data leak, thousands of passwords get exposed, and that puts the accounts carrying such passwords at great risk of compromise. When you hear the report of any data breach, confirm if any of your passwords aren’t exposed. Having a password manager helps you get alerted automatically if any of your passwords are part of the breach so you can change them on time.

Saving Your Passwords

Download a Password Manager

There are many password managers that can help to solve all your password security issues. Password managers can generate strong password ideas, autofill logins, and even help you store more than passwords.

Don’t Store Your Passwords Somewhere Else

Whether it’s on your physical notebook, google docs, email draft, or smartphone note, storing your password somewhere besides your password manager can be risky. Plus, a password manager will save you the stress of stopping to look up your notebook, google docs, email, or phone notes every time you need to input passwords to log in.

Set Up Two-Factor Authentication

It’s always a good idea to put together all the weapons in your arsenal when it comes to safety in the digital space. One key way to double your security besides downloading a password manager is to set up two-factor authentication. Doing this means anyone who wants to access your account has to authenticate their identity in two distinct ways. Thus, even with your password and username with them, hackers can’t access your account.

Store Passwords in Cloud Using A Password Manager

Using a password manager is the best protection you can get against skilled hackers and cybercriminals. The app helps you store as many strong passwords as you have in Cloud and makes it easy to rule them all with a single unbreakable master password.

Password managers store passwords in Cloud using strong encryptions that represent the most advanced defence against cybercriminals.

Logging into hundreds of accounts becomes a breeze as the password manager supplies the saved password whenever you need to open the app or web service.

Store Passwords Manually Without a Password Manager

While using a password manager is the best way to stay safe in the internet world, users can also manually store passwords using Google Chrome.

To do this:

• Open the website where you want to create a new account.
• Create the account by entering a username and password (remember to make your password strong)
• Once done, you will get a “Save password” pop-up message, click “Save” to store the password, and that’s it!

The next time you want to log in to the website, Chrome automatically remembers your password and helps to auto-fill the login details.

List Of Best Password Manager To Store Your Passwords

Password Boss (Our Favorite)

Password Boss is a leading password management tool that helps businesses and individuals manage passwords and other confidential data using highly safe and secure encryption. With Password Boss, you can rest assured that your data is in safe hands and free from malicious actors.

1Password

Families and businesses will appreciate 1Password for its simple, appealing interface and unique security model. The app includes other helpful features that ensure that cybercriminals never access your passwords, even if your device gets lost or stolen.

Keeper

Keeper’s end-to-end encryption ensures that logins, files, and passwords are always encrypted, thus maintaining top security. The keeper password manager is suitable for businesses and families and has a free trial version

Conclusion

Now that you’ve mastered how to create strong passwords and save them securely, it’s time to review your current passwords and see if they truly offer the protection you deserve. If you find out they’re weak, follow the steps above to make them stronger, and remember to set different passwords for each of your online accounts.

Written By: Adam Pittman

Introduction

Did you know that around 3.5 million seniors fall victim to scams every year? Scammers target easy and vulnerable prey like seniors because they believe older adults are more trusting. Seniors tend to feel more depressed and bored with life after retirement and will usually get carried away when shown some attention, even if it’s from strangers online.

Scammers understand the phycology of elders and would prey on them using different tricks that centre around emotional cues. If you have elderly parents or grandparents, it’s important to protect them from scams and not just assume they can’t fall prey. As leading experts in the Information Technology (IT) industry, we’ve provided tips on how you can protect seniors from scams and help them stay safe online.

Types Of Scams & Frauds Elderly Parents May Fall Prey To

Scam schemes come in different ways, and scammers are constantly developing new tricks to swindle older adults. However, there are certain well-known types of scams that elders often fall prey to. It’s essential to know about these scams and educate your parents and grandparents about them to keep them protected.

Requests to wire money

This occurs when the scammers call or email and ask you to wire money to make a purchase, claim a prize, confirm a lottery, earn an inheritance, or anything else. Sometimes scammers call or email from a familiar phone number or email and disguise their voice. As a rule of thumb, elders should never wire money to anyone they don’t know. And even when the request comes from someone they know, they should contact a relative to confirm the story.

Calls from government agencies

Fraudsters may pretend to be calling or emailing from government agencies, claiming you’re owing some money and may get arrested if you don’t pay up. Seniors should ignore such information, and if by any chance they’re unsure whether they owe the government, they should contact the agency separately for confirmation.

Unsolicited calls

When your elderly parents or grandparents receive calls from groups, they can’t remember having contact with asking for their personal information, they should never disclose them. If they are bothered that it could be a legitimate request for information, they should hang up, check the official number for the group that supposedly called and dial it directly to confirm the request.

Emergency calls from the grandkids

Fraudsters know a lot about people and can call seniors pretending to be a grandchild in dire need of cash. They may know some basic details about the family, such as the grandkids’ names. Whenever anyone calls claiming to be a grandchild, tell your parents to ask personal questions that only their grandchildren can answer. Alternatively, they can hang up and call their grandkid directly just to avoid being swindled.

Limited time offers

Scammers believe seniors are loaded with retirement cash and are always looking for opportunities to steal from it. They may call, email, or text your parents or grandparents and present a limited-time money-making opportunity. Warn your elderly ones not to fall prey to such schemes, and simply ignore them.

High-return investments with no risks

While there are established investment schemes that can help elders earn passively from their cash, they should avoid being carried away by no-risk investments. Every investment has some degree of risk, and only scammers promise investments with no risks. Also, they should only contact the investment company through their official websites and check for their details, including reviews, to know whether they’re genuine.

Free dinner or lunches

Mail or text offers to attend free dinners or free lunch investment seminars are usually sales pitches for fraudulent or high-fee, unrealistic investments. Inform your parents not to attend these events and stay safe. Attending these seminars brings them a step closer to falling prey to such schemes.

Let’s Protect Elderly Parents from Scams & Frauds

Based on surveys, scammers defraud seniors of more than $3 billion each year, while the average loss per senior amounts to around $34,200. It’s our duty to protect elders from scams as falling prey to one can lead to depression, anxiety disorders, and sometimes death. By educating elders about scammers’ tricks, they can immediately recognize a scam attempt and stay safe.

Know The Key Signs Of An Email Scam

Email scams have certain key signs through which elders can recognize them. Some of these signs of email scams are when the email:

• is “urgent” or has a deadline
• comes from a suspicious sender
• contains lots of spelling mistakes
• carries a fancy or royal-sounding title, e.g., Sir Williams Thompson,” or “Dr. Frank P. Estes.”

Don’t Trust Anyone That Asks For Money Over The Phone

Whether it’s a call from individuals, groups, or government agencies, inform your parents and grandparents that anyone who asks for money or personal information over the phone should not be trusted. They shouldn’t wire transfer any fund to anyone, especially when they claim the money is to claim a prize, confirm a lottery, or earn an inheritance.

Don’t Trust Automated Messages

Automated calls or messages requesting money should not be trusted. These scammers often disguise themselves as a family member and claim to be incarcerated or that a loved one is incarcerated. They then proceed to ask for bail payment or any kind of legal payment via transfer. Seniors should ignore such calls and rather contact family members directly for confirmation.

Don’t Trust Anyone Asking For Gift Cards

One very common way scammers request money is via gift cards, especially scammers from foreign countries. They may claim that the senior or a loved one owes a debt and ask for payment via gift cards. Inform your elderly ones that no government agency or business will ask for any payment via gift cards. So whenever such requests are made, they’re coming from scammers.

Ignore And Shred Unsolicited Mail

When unsolicited mails are sent, warn your seniors to scrutinize them for any spelling errors, as errors are a major sign of scam mails. Whether it’s the mail they receive through UPS, USPS, or FedEx, scam mails often differ in their tone and are usually full of spelling errors. You should shred such mails to avoid future reoccurrence and to keep your elderly parents safe.

Use A Secure Password

Ideally, passwords should be changed every month to maintain top security. The passwords should contain special characters like @, $, #, and &, which makes them stronger than merely using letters and numbers. Simple passwords like 1111 can be guessed easily by scammers, which is why a strong, secure password is crucial.

Things To Do If Your Elderly Parents Is Being Scammed

If your elderly parents fall prey to a scam, handling the situation with empathy is important to avoid further complications. Blaming them or being harsh can impact their emotional well-being and possibly result in depression. The best thing to do in such a situation is to either ignore the loss, hang up, or contact the authorities.

Ignore It or Hang Up

If you’re lucky to intervene before the scam is complete, hang up the phone immediately or ignore the email and inform your parents why it’s from a scammer. You should also set your elderly parents’ email to direct all messages from unknown senders to the spam folder. Also, calls from unknown persons should be ignored and filtered to avoid reoccurring.

Contact Your Bank or Authorities

Suppose your elderly parents got scammed, the first thing to do is to report the scam to the authorities by calling 911 and reaching out to the financial institution. If it’s a phone scam, report the phone number to the authorities too, as it will be very useful during the investigation.

Help parents monitor their financial accounts

One of the best ways to protect elderly parents from scams is by helping them monitor their financial accounts. You can help them set up their financial accounts with strong passwords if they don’t have one yet or optimize the strength of their already-created accounts.

Also, help them enable alerts on their bank and credit card accounts in order to regularly get email or text notifications of the activity on their accounts.

If they feel they can manage their accounts by themselves, inform them to check their accounts from time to time instead of waiting for the account statement at the end of the month.

Make sure to follow up on their accounts and credit reports from time to time for any suspicious activity. You also want to create a “my Social Security” account at SSA.gov so as to prevent scammers from setting up one in their names and altering bank routing numbers for deposits.

Warn your parents about investment fraud

Investment frauds are some of the leading tricks of scammers. These schemes promise a high return on investment and even offer to help seniors manage their retirement accounts. Unfortunately, once they grant them the opportunity or enroll in the investment, they eventually steal their cash.

Although there are legitimate investment opportunities that help retirees earn passively from their retirement funds, however, these only come from well-established companies and do not have unrealistic expectations.

If your elderly parents are unsure about the legitimacy of the scheme, inform them to ask important questions such as the licenses the company holds, how they get paid, and if they have references. They should also look up the track record of the company and its reputation before considering investing with them.

Warn parents about exploitation by family members

Strangers aren’t the only ones who may attempt to scam your elderly parents. Sometimes the fraud may come from family, friends, or caregivers who know the financial status of the senior. It’s essential to warn your parents about those close to them and to avoid disclosing information such as passwords, account balances, etc.

Another effective way to protect your elderly parents and grandparents from scams is to have a power of attorney. Doing this will help your parents decide who makes financial decisions for them, especially when they can no longer do it on their own. The attorney will also be able to make financial decisions and transactions on behalf of your parents, which is why it’s crucial to find a trustworthy professional. Having a power of attorney while your elderly ones are mentally competent helps them choose the right person (or people) and saves them from making a costly mistake.

Conclusion

Lastly, make sure to keep in touch with your parents and grandparents and tell them to ask you anything they’re unsure about. Doing this helps them to feel safe and avoid making any costly decisions. Inform them whenever you hear about a new scam trick so they can stay safe ahead of time.

Written By – Adam Pittman