Americas

  • United States

Asia

Oceania

benrothke
Contributor

Cyber self-defense for kids (and parents too)

Tip
Oct 31, 20167 mins
IT SkillsSecuritySocial Engineering

Today is the last day of national cyber security awareness month, here are some tips for parents and children.

black belt karate
Credit: Thinkstock

September has come and gone which means families are already well ingrained into back-to-school activities. Aside from the challenges of getting kids up in the morning and doing their homework when they return, many families have upgraded or purchased new computing technologies for their children.

As October is national cyber security awareness month and the chills and thrills of Halloween are upon us (talk about scary stuff boys and girls), here are some cybersecurity best practices and recommendations that could help teach kids how to chart the dangerous waters of the internet and beyond.

Back in the day, the most sophisticated technology available included transistor and CB radios, and Pong was the only video game available. Walkie-talkies were also popular, with their potential communications range (on a good day) of a couple hundred yards. For the most part, the most dangerous thing that could happen to a student in school was some rogue recommending the avoidance of a sound physical beating by giving up one’s lunch money.

Times have certainly changed as now children and teens have a whole bevvy of technology at their disposal including computers, tablets, iPads, smartphones and more. Many of them are quite savvy in the use of various software applications and the networks they can connect to extend their social status and presence in the world.

The risks and potential dangers of unfettered, unsupervised use of such technological capability by children is substantial, including kidnapping, homicide, suicide and the like. Adding to that is potential threat of cyber-bullying and possible public shaming which can have far reaching implications for parents and their children.

For those that want a quick and easy guide, How Not To Be Hacked: The Definitive Guide for Regular People by James DeLuccia, and Hack-Proof Your Life Now! The New Cybersecurity Rules by Sean Bailey & Devin Kropp are good places to start. We won’t repeat the basics here, but will state the core issues.

Security is always a shared responsibility. In this case, it must be made a family exercise with the parents and the children. Leave any of them out of the equation, and things simply won’t add up.

The following are our eight suggestions to make the most out of national cyber security awareness month:

  1. Lead from the front

If you want to lead your kids on the road to digital safety, you have to know what they are doing online. That means knowing what types of mobile phone they use, the many apps they use, and the online language they speak.

It’s not enough to know what LOL, BFF or BRB means. Today’s parent needs to know what TDTM, GNOC, CD9, MOS and scores of other acronyms mean. If these are Greek to you; you risk being oblivious to the dangers with your teens a few feet away.

  1. Scared straight doesn’t work

You can read them the riot act and try the Scared Straight! approach, but as most parents know, yelling rarely works. Good security, like good anything needs time, it needs to be repeated, and repeated again. Reading them the internet riot act once just won’t do it. There are no silver bullets or magic potions. It’s the security equivalent of lather, rinse, and repeat.

  1. For older teens, give them the kiddie porn talk

Ask a teen if they would ever traffic in child porn and they’ll answer with an absolute no. At that point, educate them that if they were to send naked or semi-naked pictures of themselves to their friends, they could be charged with trafficking in child pornography.

[ ALSO ON CSO: 11 signs your kid is hacking — and what to do about it ]

Numerous teens have been charged with distributing child pornography for sending selfies of themselves to friends or posting them on social media. Not just that, if they were to get such a picture and then send it to someone else, they could also be charged with distribution of child pornography. The fact that they could potentially be a sex offender before they are old enough to get their driver’s license should be a walk-up call to them about the dangers of sharing photos.

  1. Why can’t we be friends?

The teen years are traditionally a time where lifelong friendships are created. This works well in schools, summer camps and the like. When someone wants to be your friend in social media, teens need to know that they don’t have to, and should not accept every invite.

If you have a good, trusting relationship with your teen, review their friends list with them. Don’t be overbearing, but such a relationship means that they recognize their parents can be both uncool and smart at the same time. Not that every parent knows that behind that cute picture is a sadistic sociopath, but father and mother often knows best.

  1. Use the scientific approach

If your kid likes science, use a science approach to educate them about the risks they will face when using technology. While some elements may have a half-life of weeks or years, the half-life of things posted on the internet is closer to that of tellurium-128, which is 1024 years, or 160 trillion times longer than the universe has existed. Once they post something, it just won’t go away. The more salacious it is, the more likely it will stay out there and be redistributed. If they reach out and ask their friends to remove something, it will simply commence the Streisand effect.

Had they read the end-user license agreements for the 50+ apps they have on their phone, they’d also know that the minute they click send, they forfeit all rights to its use and ever getting it off the site.

Abandon hope all ye who enter here is the supposed inscription at the entrance to hell. A similar mindset should be used for any teen using social media.

  1. It’s nice not to share

We teach our kids that sharing is caring. But when it comes to social media and personal information, less is often more. As Cracker so eloquently sang in Get Off This; If you wanna change the world, shut your mouth.

Teach them not to give up personal or sensitive information easily. Discretion is not only the better part of valor, it is a survival skill.

  1. Nothing is free on the Internet

One of the acronyms your kids won’t use is TANSTAAFL (there ain’t no such thing as a free lunch). Yet it is a reality they have to live with. There is no free on the internet and everything comes with a cost, albeit hidden.

For example, the following is what Snapchat needs, and those include a lot of personal information.

Kids need to beware of loading up PCs, tablets, phones, with applications that have not been approved or checked out.

  1. Sunscreen for your device

A little sunscreen can go a long way to prevent skin cancer. When it comes to mobile devices, it’s a given that they should have basic protection such as anti-virus and malware prevention and keep it up-to-date and actively running.

Security fatigue

This month, the National Institute of Standards and Technology (NIST) released a report that found that a majority of the typical computer users experienced security fatigue that often lead users to risky computing behavior both at work and at home.

Sadly, a parent can do everything we write, and nonetheless still fail due to security fatigue. NIST concluded that it will take some time to improve computer security issues, including behavior to manage security fatigue.

Until then, parents must hope for the best, yet prepare for the worst. Sadly, there are no silver bullets.

With that, we now see that October is not just national cyber security awareness month; every day is national cyber security awareness day.

benrothke
Contributor

Ben Rothke, CISSP, CISM, CISA is a Senior Information Security Manager at Tapad has over 20 years of industry experience in information systems security and privacy. He’s the co-author of the recently published book - The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management.