By Saryu Nayyar, CEO, Gurucul, Los Angeles CA
The internet has been transformational for children in much of the world. It’s enabled easy access to information on a myriad of subjects. It’s enabled them to reach out around the world to communicate with others, to make friends and learn about other cultures. It lets them play games and enjoy a range of entertainment that was barely imagined by their parents. It’s put entire libraries at their fingertips and given them tools to unleash their creativity. All in all, it has transformed life for an entire generation. But there are also darker aspects to the internet.
The phrase “but think of the children!” is sometimes the punchline of political jokes, but it is a very real concern. While some legislation over the years has been misguided and entailed unintended consequences, children do face some very real risks when they are active on the internet. Cyberbullying is a thing. Predators exist. There is some content out there that is very much inappropriate for children. While the good far outweighs the bad, we must acknowledge the bad exists, and that there are people who deliberately target children. With that in mind, we must take appropriate steps to keep our kids from becoming victims.
There are good resources available for helping children, their parents and grandparents, recognize the situation and help mitigate predators and cyberbullies. And, while these two threats get a lot of well justified press, they aren’t the only malicious actors a kid may face. Cybercriminals too will target children.
For many cybercriminals, the best target from the perspective of effort vs. payoff is the easiest target. Taking the path of least resistance may not have the returns of dropping ransomware on a fortune 500 retailor, but it also takes much less work and entails much less risk. For many attacks, the path of least resistance is through the users and, unfortunately, children are often the easiest users to attack.
While children can often be more computer savvy than their parents, they can still be easy targets for social engineering and other techniques that rely on a target’s lack of real-world experience. The curiosity and trust that are hallmarks of childhood are also the precise things malicious actors will leverage in their attacks. The “New Normal” of remote work and distance learning over the last year with the pandemic has exacerbated the problem.
On the surface, a kid’s personal computer may not seem like a very inviting target. They aren’t likely to keep valuable financial records on the drive or have direct access to an Enterprise network through the company VPN. But that is something of an illusion. That home PC is on the home LAN with mom’s work PC and may well be part of the “trusted” home network environment with shared access between the systems. That makes Junior’s laptop a good springboard for extending the foothold into the rest of the local network and beyond.
If the kids are taking their computers to school, that gives an attacker who’s compromised the system another environment to play in. While schools should all be isolating their student networks from the office network, not all of them do. Hence, another target rich environment for a malicious actor who’s gained access to a child’s computer.
Much like IoT devices, which often go ignored on the network, a child’s machine can be valuable for more than just what’s on it.
Protecting children and their systems starts, as it almost always does, with user education. While educators are already overworked and underfunded, schools that are leveraging distance learning should be building basic cybersecurity practices into their curriculum. But that education needs to come home too. Parents should be doing their part as well.
With many of us working remotely ourselves, we should be sharing the training our own organizations give us with our kids. Assuming our organizations have given us appropriate training to safely work remotely.
Even if we don’t have the resources to install a full security stack at home, there are still things we can do to secure those environments. Locking down our access points and home routers, for example, and enabling good passwords for all the home systems. Turning on the built-in firewalls and anti-malware tools that come with our operating systems and home network kit. There are even security services that cater to home users that are very affordable, and some companies may be willing to foot the bill if you’re working from home. It benefits their security as well as yours. Additionally, many ISP’s offer security applications as part of their service.
We can’t keep our kids safe all the time from every possible threat, but we can do our part through education, common sense, and easy to deploy security tools to keep them safe on the internet. It’s the least we can do to “think of the children.”
About the Author
Saryu Nayyar is an internationally recognized cybersecurity expert, author, speaker and member of the Forbes Technology Council. She has more than 15 years of experience in the information security, identity and access management, IT risk and compliance, and security risk management sectors. She was named EY Entrepreneurial Winning Women in 2017. She has held leadership roles in security products and services strategy at Oracle, Simeio, Sun Microsystems, Vaau (acquired by Sun) and Disney. Saryu also spent several years in senior positions at the technology security and risk management practice of Ernst & Young. She is passionate about building disruptive technologies and has several patents pending for behavior analytics, anomaly detection and dynamic risk scoring inventions.
