Sitting on the couch: Talking about security with the kids.
by Pedro Tavares, Founder of CSIRT.UBI & Cyber Security Blog seguranca-informatica.pt
Talking about cybersecurity is crucial these days. Children are born in a cyber age and they represent a weakness from the security point-of-view. Due to that, it’s essential to provide them with cyber-knowledge, show what kind of information is available online and how they should protect themselves — after all, education begins early in our lives. This is a concept that many children may not care about, or even understand.
Now is the moment to sit down on the couch with your little ones and start a conversation about online security, for they are now entering a phase of greater independence. We will show them how to keep personal information protected and only expose the strictly necessary information online.
1. Integrity check
Sometimes we like to tell stories, talk about serious subjects or even tell nonsense stuff.
— “Have you ever said something very bad to a friend and have regretted it?”
Over time, everything was resolved and forgotten.
In the digital world, things do not work out that way. We should consider carefully whether or not we should leave certain information displayed online, because when the information is available on the Internet, it will be available for all people to access.
— “Imagine you write nonsense about a teacher. Remember that he can easily to obtain your post and that can have negative repercussions on your future life.”
2. Do you know the person you’re talking to?
The Internet is a dangerous channel and as proof, we can speak about personification. At the moment we have a conversation with another person over the Internet and it isn’t possible to identify if the person on the other side of the computer screen is the person we would most like.
— “If an unexpected message comes from someone you know, be careful. It could be someone representing that person”.
3. Save your data
We must protect our personal information when using online applications or services, such as a computer game, social networks including Facebook, Twitter or Reddit, and even any kind of website where information can be exposed. Information such as our full name, date of birth, the place where we pick up the bus to go to school, where we live and even what places us typically go to can be used for the most strange purposes by cybercriminals.
Rule of thumb: — “If anyone asks for details, don’t trust them.” Talk to other people you trust, expose the strange situation.”
4. Do not be lazy with your password
It may seem like the easiest thing to do – except enter it and memorize it, right? – But using the same password across all services and applications is a bad idea.
Many services are being hacked; it is constant. Moreover, many services are hacked because criminals use leaked passwords from other services (called credential stuffing).
— “So, if you use the same password in a hacked online game and in your social network account, you can have your social network account blocked the next day because your profile has also been hacked.”
— “Using a strong, complex and difficult guessing password for each system or application you use in your day to day life is the solution. Never use the same password to access two different systems.”
5. Use Two-Factor-Authentication (2FA) to keep hackers away
Currently, a large number of online platforms and services, such as e-mail, social networks, gaming platforms, etc., already have this functionality called multi-factor or second factor of authentication – and therefore, we must strengthen our security with other authentication factors in addition to a simple password.
2FA appears in the form of an additional form where we have to enter a Personal Information Number (PIN) that is sent to us by e-mail or to another device, such as our smartphone, or can be generated by other third-party software such as Google Authenticator.
— “Even if this functionality is not mandatory by the system, we should use it (if available).”
6. Think before you download it
What we don’t want is that our computer or our smartphone becomes compromised and used by others. For this reason, before downloading any kind of Internet, be it files, computer game cracks, web browser extensions, applications, or other software, we must validate if they are reliable.
— “We should look at the rating assigned to the program, comments from other users – even an Internet search should be done to validate if the program is trustworthy.”
7. Do not share accounts with friends
This may sound natural, but do not share your passwords with friends or colleagues. If your friend is hacked you can also be! Or even, if you and a friend with whom you shared accounts or accesses create a confront /discussion, he can access your account and change the password at some point of anger.
The solution is simple: — “If you or a friend of yours wants to use the same service or application you are using, each of you should have your own account and own password.”
8. Always log out
If you use a public computer or some other type of shared device, such as in a public library, shop, or lab, remember to sign out of any accounts you have logged in, otherwise unauthorized people can access your information.
— “Before you leave, make sure you always log out of third-party devices.”
Children are living in a constant digital transformation. These tips are just part of the conversation we should have with the little ones. Of course, there are other types of controls to set the limits of browsing, access, and even transactions, as we see fit, and this can be very useful.
Nevertheless, these methods are not infallible, and one day the smaller ones will have access to a wider digital world. That is why it is vital that, when that day comes, they are well equipped with the knowledge they need to take control safely.
About the Author
Pedro Tavares is a cybersecurity professional and a founding member and Pentester of CSIRT.UBI and the founder of seguranca-informatica.pt.In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, hacking, cybersecurity, IoT and security in computer networks.