10 Steps To Protect Our Children As Cybersecure Digital Citizens And The Risks of Not Doing So

The truth is that cybersecurity of our children is entering its weakest period.

1)     Tech innovation is scaling exponentially (and won’t stop), opening more cyberattack vectors;

2)     Number of cyber criminals increases daily and increasingly includes more (and smaller) nation states, as the “entry price” is low and global cyber criminal revenues hit a very lucrative $1.5 trillion annually (equivalent to Russia’s GDP!);

3)     Kids get access to technology earlier, with the average age now for getting a first phone being 10.3 years old, and get access to more of it, with 50% of kids having a social media account by age 12 and 64% of kids having access to the Internet via their own laptop or tablet. And if you’re saying to yourself “I would never give my child access to these at such a young age,” the truth is that if other kids have it, your kids are affected by it, which means you need to deal with the ramifications. And here, proactive is better than reactive.

4)     Internet of Things has yet to emerge in any meaningful way, whereby kids’ sneakers, backpacks, phones, tablets, ear pieces, will all be talking to the internet and to each other, transmitting your child’s privacy all over the internet, including his or her location. By 2020 already, 25% of cyber attacks against enterprises will involve IoT devices, with the ultimate victim of such privacy violation (in best case scenario) being the user of those IoT devices, and in this case our children.

5)     Cybersecurity awareness among children, our “native digital citizens,” is at an all-time low given the denominator (the growing tech landscape) making it hard to catch up real-time.

CYBERSECURITY RISKS OUR CHILDREN FACE

 The cybersecurity risks for our children, and therefore for us, are many. To name just a few:       

Source: Royal Hollow University of London

So what to do about it…? What follows is a simple list of best practices for your child AND for you to follow. Here, again, being proactive rather than reactive is critical.

10 STEPS FOR YOUR CHILD TO FOLLOW:

1.     I will not give out Personal Information without my parents’ permission. I will not share my last name, home address, school name, age, date of birth, social security number, or telephone number. I will also not include this information in any screen name I create online. And I will always remember: just because someone asks does not mean I need to share it.

2.     I will create only strong Passwords and will never share those with anyone but my parents, not even my best friends.

a.      A strong password should be a sentence that’s at least 12 characters long and focuses on positive sentences that I like to think about and are easy for me to remember.

b.     I will write my passwords down and keep them in a safe place away from my computer or will use my parents’ password manager if they have one.

c.      When I use a public computer, I will make sure to log out of the accounts I’ve accessed before leaving the terminal.

3.     I will not post Photos or Videos online without getting my parents’ permission.

4.     I will not agree to meet any of my Online Friends unless I have my parents’ permission.

a.      Unfortunately, sometimes people pretend to be who they aren't. I will remember that not everything I read online is true.

b.     I will ignore requests/messages from strangers, unknown usernames, email addresses.

5.     I will not make any Online Purchases without talking to my parents first. I know that some ads may try to trick me by offering free things or telling me that I have won something as a way of collecting my personal information. I will not be tricked.

6.     I will never Download an email attachment, app or software program without asking my parents first. They may contain a virus.

7.     I will not send or respond to mean or insulting Bullying messages. I will tell my parents if I receive one. If something happens online that makes me feel uncomfortable, I will talk to my parents or to a teacher at school.

8.     I will not access any Social Networking or other websites accessible only to those older than me. Many social networking websites (e.g., Facebook, Twitter, etc.) and blog hosting websites have minimum age requirements to sign up. These requirements are there to protect me and I will not violate them!

9.     I will always use a VPN and will avoid using Public WiFi at all cost. I know that a VPN protects my physical location from criminals and helps protect my information online by keeping it encrypted. I also know that because they can be freely accessed by anyone, public WiFi networks are full of individuals that can steal my personal information.

10. Whenever doing Research, I will always talk to my librarian, teacher or parent about safe and accurate websites for my research.

Feel free to print and post these on your child’s wall as reminder – it will make your life easier.

10 TEPS FOR YOU AS THE PARENT TO FOLLOW:

Invest in Cybersecurity. Like insurance, cybersecurity is something you avoid thinking about until you need it. Be proactive.

1.     Spend time educating yourself. Understand the cybersecurity basics (Parents’ Ultimate Guide to Cybersecurity is a good starting place). This will also help you become a credible guide to your children.

2.     Spend time educating your children.

a.      Review with them potential online dangers and how to protect themselves from becoming victims (above 10 Steps For Your Child To Follow is a good starting place).

b.     Encourage your children to ask questions and seek help if they are uncertain about a particular website or program.

c.      Use online games to help show your children how to make responsible decisions about online communication and about their digital citizenship. Two sources are FBI’s grade-based Safe Online Surfing and MakeUseOf.

3.     Set Rules and Boundaries. Teach your children that Internet use is a privilege. Enforce your family’s online safety rules and guidelines, such as specific times they can use the Internet and what websites and apps are acceptable. For insights and ideas on family online safety rules and guidelines, reference the ESET/National Cyber Security Alliance (NCSA) “Behind Our Digital Doors” survey results.

4.     Prevent Cyberbullying. Cyberbullying (bullying using electronic technology) can happen anytime/anywhere. Teach your children to think through what they post online about others and the consequences those posts could have if unkind or mean. Also, keep communication with your child open and speak up if you suspect someone is bullying him or her.

5.     ID digital assets you currently have, their vulnerabilities, and security fixes needed.

a.      Your smartphone and tablet need as much security protection as your PC. So do your internet-connected devices: thermostat, smart doorbell, home security system, etc. Keep them up to date and get a comprehensive antivirus software system that scans for, detects, exposes and removes malware, helping to protect you from viruses, spam and identity theft. Refer to National Cyber Security Alliance’s free security check-up.

b.     Your home Wi-Fi network is another entry point for hackers. Cybercriminals can hack home routers and gain access to various internet-connected devices like home security systems and smart doorbells. Get a good router - it protects your home from malware, viruses, and other cyberthreats, and comes with smart parental controls.

c.      Practice good online habits yourself, including safe downloading/sharing of files.

6.     Consider Installing Parental Software and Setting Up Parental Controls.

a.      Depending on your child’s age, don’t let them use the Internet for long periods of unmonitored time. This can be difficult when you are a busy parent, but one option is to keep the computer in a common living space where you can supervise your child.

b.     Consider executing a multi-layered approach to parental controls, starting with the devices themselves. Setting up a multi-layered approach will create redundancies of protection - if one layer of protection fails, the others will still work.

c.      You can use parental software that monitors their Internet searches, detects inappropriate behavior and/or limits the time they can spend online. Some examples for Windows 10 are here.

i.     Get a router that allows you to set daily limits and various levels of online access for different family members, all while enjoying high-speed connectivity.

ii.     You may decide to tell your child about the monitoring software, but keep in mind that if they know the software’s name they may be able to find a tutorial on how to disable it.

d.     Set up parental controls for:

i.     Your devices (Windows and/or Mac).

ii.     Your web browsers (for Chrome, you can create a supervised profile to monitor and block any content they visit; Firefox has many different add-on extensions for similar purposes).

iii.     All the apps your kids can access. You can set their Facebook privacy settings to "Friends Only" and block specific content for their YouTube channels.

7.     Maintain Digital Hygiene.

a.      Protect Your Child’s Passwords. Your child’s password to their social account is like gold to a cyberthief. With their password, cybercriminals can take over the account and use it to post fake news, spam others with messages or create fraudulent ads. Help your kids create passwords and keep record of the passwords in case you need access yourself. Here are some strategies for creating secure passwords:

i.     Find balance between complexity/memorability. Creating longer passwords makes them more secure, but make sure your child can remember them.

      ii.     Make your password a sentence – you can use upper- and lowercase letters, spaces numbers, punctuation and more.

iii.     Turn on strong authentication for apps that allow it. Strong authentication – sometimes called 2-step verification, multi- or two-factor authentication, or login approval – provides an extra layer of security beyond your username and password to protect against account hijacking.

iv.     Strongly consider using a password manager to do the remembering for you.

b.     Do a regular data backup. Ransomware is popular among cybercriminals who can lock your computer so you can’t access your valuable files, like your private photos or tax information. One of the best ways to combat the threat of ransomware is to back up your data regularly, in two places: the cloud and on physical remote storage.

c.      Close Unused Accounts. Unused accounts can be a rich source of personal information for cybercriminals. Sometimes kids create an account with their first and last name or their birthday in the user name (a big no-no). Cybercriminals can patch these data points together and steal information from other sites the individual uses.

8.     Read the Privacy Fine Print for Your Child’s Sake. Software and application downloads generally grant their developers access to your computer’s data, often far beyond what’s necessary to operate the program or app. Before allowing your child to download anything, read the fine print and what data is being gathered and how it will be stored or used.

9.     Know that private may not be private. Even if your settings are set to private, remember that nothing is private. Even the so-called private browsers are not so private as law enforcement, website administrators, and hackers could gain access to them.

10. Most importantly, be proactive not reactive. In this day and age where a child’s digital life affects their emotional (and therefore physical) well-being, taking the cybersecurity of our children seriously is the only way to go.

About the Author

Andrzej Cetnarski is a cybersecure-nation-building-focused global CEO, investor, public-private partnership leader, advisor, and speaker. He is Founder and Managing Partner of Cyber Frontiers, LLC, and is a former bulge bracket technology investment banker to aerospace and defense, cybersecurity, and real estate industries with UBS Investment Bank; global tech CEO, entrepreneur and operations executive; and US Congressional staffer.

Andrzej is a graduate of the Harvard Kennedy School of Government (MC/MPA’18 in Cybersecurity and National Security - Policy and Disruptive Technology Innovation), the Wharton School of Business (MBA’08 in Finance and Entrepreneurial Management), The Lauder Institute of International Studies at the University of Pennsylvania (MA’08 in East Asian and European Affairs) and The University of Chicago School of Economics (AB’03, with Honors). He has lived/worked extensively across US, Asia, Middle East, and Europe.

About Cyber Frontiers, LLC

Cyber Frontiers, LLC is a private- and government-sector, executive-leadership-level-focused cybersecurity strategy advisory, research, and investment firm. Its mission is focused on helping drive the creation of cybersecure renditions of our physical nations for the United States and its allies. The firm brings cybersecurity (1) technology innovation, (2) regulatory policy innovation, and (3) organizational policy innovation together to help its private- and government- sector clients solve some of the most pressing issues facing the cybersecurity of national critical infrastructure, specifically transportation, defense, healthcare, and financial sector critical infrastructure. The company selectively invests in the technologies, predominantly those of US and Israel as two of the world’s foremost innovators in cybersecurity technology, that show meaningful potential to address these challenges, with specific focus on cybersecurity technologies that use exponential technologies such as artificial intelligence, blockchain, or quantum computing to achieve their mission.