As adults, we spend much of our time online both personally and for work. So naturally as parents, most people are at least familiar with the basic concepts of cybersecurity. However, kids are spending an average of nine hours online daily, usually more time than their parents. The time kids spend online may not necessarily involve all the same insight into what threats are ever-present. Check out this list of 10 tips for parents to offer kids about cybersecurity.
1. Instill the motto of ‘be careful where you click’
All internet users must follow the motto of “Be careful where you click.” Even the simplest of actions online, a click, can lead to malware being installed on a device. Kids have to be taught from a young age to be cautious with anything that looks too good to be true or seems especially interesting. For example, a big flashy button or graphic image may look enticing but could be something dangerous in disguise. Recently, there has been a multitude of problems with clickjacking, which is installing links that trigger actions in the background, often going unnoticed by users. Kids can be especially vulnerable to clickbait due to their lack of experience online and in the real world. Understanding that a seemingly harmless button to “Read More” on social media could actually be a link to download malware is a great start.
2. Explain clickbait scams and how to avoid them
Clickbait is designed to create a desire to click on a link. Clickbait can be a common marketing ploy, but scammers are excellent at using this tactic as well. Scammers can use trending news topics, search topics, or imagery to entice you into clicking on a link leading to a malicious site. Share this info about clickbait with your kids:
- Watch out for bold claims in headlines or captions (e.g. “OMG, you’re not going to believe this!” or “You’ll be shocked by what happened to this girl”)
- Beware of animated or weird images or GIFs; something that makes you want to see more
- Steer clear of gimmicks like “You’ve Won $100!”
- Stay away from explicit, clickable photos or videos (e.g. graphic or erotic images and video thumbnails)
- Avoid ads on social media, search engine pages, or in ads
Teaching kids to search a topic on Google or another reputable search engine instead of clicking a link somewhere else is a good plan. For example, if they see a post on social media that a well-known pop star has died, explain to them that it is better to search out the topic than to click the link in their social media feed. Avoiding clickbait takes a significant amount of self-restraint for both kids and parents alike.
3. Show kids what phishing is and why it’s bad
As much as 66 percent of malware gets installed on a device via a phishing email. Phishing can target a user via email, text message, or even social media messaging. Usually, the user will get what looks like a legitimate message from a legitimate place, but a link inside will lead the user to a malicious website or to a spoof of the expected page (a website that looks just like the real thing). A malicious site is usually one that is trying to drop malware onto your device—security updates and good antivirus software are your best protection against these sites. A spoof website attempts to get you to voluntarily reveal personal data by appearing similar to the real site. Victims get lured into entering valuable credentials or payment information on these websites. For kids, this can come in the form of attractive prizes, rewards, or gated content and games. No antivirus software or security updates will protect you from spoof sites. Using trusted sources for links, ongoing security education, and paying attention to site details are your best protection.
Phishing almost always tells you something is wrong or creates an enticing offer followed by a link that ultimately leads you to a malicious site or activates malware. Encourage your children to be wary of emails, social media messages or other content that follows this pattern. Having a trusted and updated security program in place can also help with phishing because the program may catch the attempt and offer a warning.
4. Empower kids to stay secure with a password manager
Password management software is just as good for kids to use as parents for two reasons. One, these programs help you remember and recall passwords for various sites as needed. Two, password managers automatically generate unique and highly secure passwords for use on different sites. So instead of using all the same or similar passwords for hundreds of websites, users have unique strong passwords for every account. Need help creating a strong master password? Download our strong username and password checklist.
5. Teach the importance of keeping device security up to date
All personal devices have to be periodically updated to remain secure and function properly. Even most apps independently need their own updates. Try to keep automatic updates turned on so that you do not miss important security updates.
New security threats are ever-evolving; fortunately, program developers are constantly working in the background to deploy security patches that protect users. If updates are skipped or overlooked, it can create an opportunity for hackers and criminals. Cover this with your kids so they understand how critical updates can be and help them set devices to allow automatic updates.
6. Show kids how to evaluate plugins
Plugins and extensions can be helpful to make using apps or performing actions online easier. These small software components can work independently or be added to an existing program such as Windows, Chrome and macOS. Plugins can even be added to mobile web browsers. While some plugins are perfectly fine to download and use, some can also contain malicious programs like trackers and backdoor viruses.
Kids must be shown how to tell if a plugin is safe before adding it to their device. Several websites can help with the process. For example, CRXcavator allows users to check to see if Chrome extensions are safe. A little investigation on Google can usually also give you a heads-up about certain plugins. Good plugins or extensions should have a content security policy in place, have a trustworthy support site, and not read data entered on a website. You can even consider limiting device downloads without parental permission.
7. Explain two-factor authentication
Two-factor authentication, often shortened to 2FA, means you have to offer two forms of identifying information or evidence to prove you are who you say you are when accessing a device or program. Usually, 2FA will require a combination of two factors from four things: information the user would know, something the user has within range or can access, the location of the user, or a physical trait of the user. A few examples of 2FA could be:
- A phone that requires a PIN and fingerprint for access
- An account login page that requires a password and a code retrieved via email
- An app that requires the user to answer a security question and have access to a connected phone to receive an access notification
- A phone that requires access to GPS location and a password to change the settings
Two-factor authentication is considered highly effective at deterring unauthorized access to devices, programs, website accounts and apps. Therefore, a lot of electronics and sites offer 2FA. Explain to your children why 2FA is important (because it makes unauthorized access much, much more difficult), and help them set up 2FA on their devices, apps or accounts. Reinforce with your children that the essential idea behind 2FA is never to share access codes, PINs or answers with anyone. No legitimate source will ask for this information; it’s yours and yours alone.
8. Help kids to be aware of ‘too good to be true’ offers
The old saying “if something looks too good to be true, it probably is” holds true for online offers and content too. If there was an easy and guaranteed way to get a ton of money, everyone would have everything and we’d all be rich. Some good examples of “too good to be true” offers include:
- Websites with amazing, hard-to-believe free samples (e.g. full-size makeup products, gift cards and expensive electronics)
- Websites offering free downloads for popular, normally expensive games or software
- Social media ads or websites offering amazing products for an insanely low price
- Ads for making money at home, fast or without doing anything
- Websites claiming they’ll pay you for not doing much of anything
“Too good to be true” can apply to a lot of things online that kids may be tempted to click on. This is a common tactic used in clickbait scams as well. Ultimately, anything that sounds too good to be true probably is—and could lead to a cybersecurity threat.
9. Teach kids how to identify a secure website
Teens old enough to do some of their own online research and surfing may be aware of the difference between a secure and unsecured website. It’s easy to spot the difference by looking at the address bar at the top of the screen; secure sites will start out with “https” and unsecured sites will start out with “http.” Likewise, a secure site may display a small, closed lock icon while an unsecured site may not. Secure sites have paid for security (SSL) certificates, which means any data between the web server hosting the site and the site owner is encrypted and private. For example, if a site visitor puts in their payment details and name, submits the information to make a purchase, that data is encrypted as it gets passed around. Sites that are not secure have no SSL certificate, so any information entered is not encrypted and not private. If a site is typically secure, but their site certificate has lapsed, or there is an error, typically your web browser will notify you of the site certificate issue when you attempt to load the site.
Additionally, saving your information on specific websites can make return experiences convenient, but it opens up security risks. For example, if a shopping site allows you to save your payment information on-site, it is best NOT to do so as your information is only as secure as that site. The more sites that your information is saved on, the more you’re open to new risks. Data breaches, even for well-known companies, are a major issue. Poshmark, Planet Hollywood, and even Macy’s were hit with a data breach in 2019 and millions of people were affected. Your children may not be saving payment information, but their personal details can also be sold online after a breach, potentially allowing criminals to open lines of credit in their names.
10. Explain the difference between secure and public Wi-Fi
From restaurants to shopping centers, most places now offer some level of free Wi-Fi. However, public Wi-Fi is not typically secure. Private Wi-Fi is provided via a network that has restricted access; not everyone can access the network, so it tends to be safer—although the coffee shop down the street that never changes their password offers the barest level of security. By contrast, you have greater control over the security offered by your home Wi-Fi and can take measures to improve your network security. Free Wi-Fi is attractive to kids—especially if they have data limits on your family plan. If your kids are responsible enough to manage a personal device on the go, they’re likely able to understand the importance of using Wi-Fi wisely. The key takeaway? Keep your kids informed and help them to use public Wi-Fi with caution. Avoid using public Wi-Fi unless it’s necessary or unavoidable—if you do connect to a public network, don’t log into sites or share sensitive information while connected.
Do you want to learn more about how to keep your family safe from cybercrime? Download The OnPoint Guide to Personal Cybersecurity.