Family cybersecurity checklist: Essential dos and don'ts to stay safe online

Keep this advice in mind to help protect yourself and your family from cyber threats.
You wouldn't tell a stranger when your home will be empty, but that information might find its way online unintentionally if you — or your teens — share vacation plans. In today's hyper-connected world, protecting your family from cybercrime requires applying the same awareness you already use offline — plus adopting a few modern habits. Follow these dos and don'ts to help keep your family safe from today's biggest online threats.
Tap + to learn more

1. DO educate your family about online risks

Children and teens may not understand how cybercriminals can take advantage of normal online behavior to collect personal information. As a guiding rule, encourage kids to pause and ask before clicking, downloading or sharing anything. Talk to them about these best practices:
  • Avoid oversharing photos, locations, vacation plans and details of school and daily routines.
  • Download apps only from official app stores and secure websites for shopping and payments.
  • Beware of fake games, quizzes and giveaways designed to collect personal information.
  • Learn to spot artificial intelligence (AI)-driven scams that convincingly impersonate people you know — focus on unexpected requests, pressure to act quickly or messages asking for money, credentials or secrecy, even if the message sounds authentic.
  • Be cautious of unexpected calls, voice messages or videos that sound real but have unusual phrasing, tone or punctuation; misuse nicknames; or generally feel "off."

2. DON'T leave personal information vulnerable

Your first line of defense is protecting sensitive information like Social Security numbers, birth dates, account numbers, passwords and one-time passcodes. Here's how:
  • Avoid sharing personal or financial data via text or email whenever possible. Use secure, trusted channels and limit the amount of sensitive information shared.
  • Create strong passwords of at least eight characters using long, random combinations of upper and lowercase letters, numbers and symbols.
  • Use a unique password for every account. Reusing passwords puts multiple accounts at risk (consider using a password manager).
  • Protect accounts with passkeys or multifactor authentication, and by using your voice, fingerprint or face to log in.
  • Turn on account alerts to monitor logins and other activity.

3. DO watch out for phishing, smishing and QR code scams

One of the most common ways criminals steal personal financial information is by pretending to be someone you trust and tricking you into revealing your data. Protect yourself with these tips:
  • Be cautious with unexpected emails, texts, social media messages and QR codes, even if they appear to come from a known company or person.
  • Do not click on links in suspicious messages or download attachments. When in doubt, stop and verify by going directly to a trusted app or website.
  • Watch for a sense of urgency and scare tactics. Legitimate companies won't pressure you to act immediately.
  • Never share passwords or one-time passcodes — real companies don't ask for them.

4. DON'T leave your home network or devices unprotected

Your home may feel safe, but your household's devices and Wi-Fi network can expose you to cyber risks if left unprotected. Take these steps to stay safe:
  • Change the default router username and password to ones only you and your family know.
  • Regularly update your home's Wi-Fi password.
  • Make sure the security protections on your devices are enabled and set up to get automatic updates for operating systems and apps.
  • Review privacy and security settings on all phones, tablets, computers and smart devices, such as smart thermostats or doorbell cameras.

5. DO be wary of unsolicited tech support or account warnings

Scammers frequently impersonate tech support, banks, delivery services and government agencies. Even if the message sounds urgent, pause and do the following:
  • Ignore unsolicited texts, emails or pop-ups claiming your account or device has an urgent problem — and hang up on unexpected calls.
  • Reach out directly to the company or agency the caller claims to represent using a verified phone number or official app.
  • Never allow remote access to your device unless you personally initiated contact with a trusted service provider.

6. DON'T drop your guard when on the go

Going online in public spaces and when you travel can increase your cyber-risk. Use your mobile connection whenever possible and protect yourself on the road by following these rules:
  • Avoid accessing sensitive accounts on public or shared Wi-Fi networks, like those in airports or hotels. Doing so can expose your data.
  • Consider a reputable VPN (virtual private network) to help protect your connection when using public Wi-Fi. You'll need to pick a VPN provider and install its software or app on your device. (Note: Some sites may block VPN access to prevent fraud).
  • Use your own charger or a power-only USB cable instead of public charging stations and never plug unknown devices or storage into your phone or computer.
Cybersecurity is a shared responsibility for the whole family. Regular conversations, smart tools, and a bit of caution can go a long way in reducing risk and keeping everyone safer online.

Stay connected. Stay protected.

To help keep your Merrill account information safe and secure, make sure your contact information is up to date and that you've enabled security and account alerts. These alerts help us reach you quickly if we detect unusual activity and allow you to monitor your accounts more closely.
Remember, if Merrill needs to contact you, we will never ask for your password, one-time passcode or full personal or financial information through email, text message or unsolicited phone calls.
For more tips on recognizing potential scams and learning how to protect your accounts, visit our Security Center.

More for you

MAP8889643-11152027