Whenever I see my 7-year-old grandson, the first thing he asks is whether I've downloaded Minecraft to my tablet. The answer is always no.
Nevertheless, when I hand him the tablet, the first thing he does is try to download Minecraft anyway. Luckily, he can't make any automatic purchases; he doesn't know my Google password, but I expect him to figure it out sooner or later.
My grandson is part of a generation for whom using electronic gadgets is second nature. They can use apps before they can read (in some cases, before they can walk or talk). A fourth grader without a smartphone is a social outcast at some schools, and many teenagers text each other instead of having actual conversations.
The world is well past the point of lamenting the reliance on gadgets; it's not going to change any time soon. Rather, parents must ensure that kids are cybersecurity aware.
Kids Do What They See, Not What They're Told
The results of a security or privacy failure could be devastating for a child. Children can be, and often are, victims of identity theft. Malicious apps can easily be installed, and personal and financial information stolen as a result. Teens and tweens who reveal too much on social media are at risk of being bullied, stalked or worse.
All too often, children and teens have no idea how to create a safe online environment, because no one has shown them how. In fact, parents may unwittingly be teaching children the opposite of security and privacy best practices.
"The majority of parents today post way too much personal information about themselves and their children online," said Ben Halpert, president of Atlanta-based Savvy Cyber Kids and vice president of risk and corporate security for Ionic Security in Atlanta. "Every 'first' is now documented with an image on Instagram, a video on YouTube or Facebook, or text on Twitter."
Nor are many parents practicing basic security. A Consumer Reports survey on smartphone security earlier this year found that only 36 percent of adult respondents used a PIN, passcode or pattern to lock their devices. Only 14 percent installed antivirus software, while 34 percent did nothing at all to secure their devices. If parents aren't taking security seriously, you can't expect the kids to do so.
Teach by Example
The first step in raising cybersecurity-aware children is to get parents on board so that they maintain good security practices themselves. Kids learn best by example. If they see parents locking down devices or instituting rules to eliminate rogue downloads, children will (hopefully) copy that behavior.
Parents need to introduce security concepts early, Halpert said. Three-year-olds are not too young to be taught basic concepts of cybersecurity. The key is to make it engaging and fun.
Savvy Cyber Kids, for example, produces books that teach kids basics about security, privacy and technology ethics, in the same way that numbers and letters are taught. The idea, Halpert said, is to make the learning interesting enough that the kids naturally absorb the lessons.
Older kids should approach cybersecurity in the same way they are taught to approach real-life security-related situations. The Department of Homeland Security, in its "Stop.Think.Connect" campaign, recommends that children not talk to strangers online, that they learn how to spot tricks like phishing email and that they avoid sharing personal information freely.
"Children must learn that if it isn't OK in the physical world, it isn't okay on the Internet," said cybersecurity expert Robert Siciliano of TheBestCompanys.com.
Manage Your Child's Screen Time
In turn, parents need to remain vigilant. Siciliano suggested limiting the number of devices to which children have access. Do young children need a smartphone or tablet of their own, or would a dumb phone (or no phone) suffice? Do they need a computer in their rooms?
"In the past, many of us set up our family computer in a high-traffic area, like the family room, but this becomes less feasible as more children have their own laptops and mobile phones," Siciliano said. "I recommend limiting time online and also limiting the number of devices your child has."
For example, Apple iOS devices and some Android tablets allow restrictions on app usage. In iOS, designated apps can be accessed only with a passcode, and parents can be notified when children install new apps in iOS 8. Android Jelly Bean 4.3 and above for tablets (but not phones) allow app restrictions for designated users.
Amazon Fire tablets, which run a different flavor of Android, let parents set limits on usage and types of content. Third-party applications such as NetNanny or My Mobile Watchdog are available for both iOS and Android.
Newer Windows computers and Macs have built-in parental controls that limit the amount of computer time designated user accounts have per day and which applications and games they can access. Macs and Windows 8 PCs also block designated websites, and Macs even forbid contact with specified individuals.
Making sure that children have age-appropriate access to devices can help keep cybersecurity in check. As children prove they understand how to practice good security habits on a parent-monitored device, then they can be trusted with more powerful devices or more freedom.
Cybersecurity awareness doesn't just happen. It is a learned skill, especially as technology keeps evolving. The best way to stay safe online is to learn what and where the threats are. If a child is old enough to play on a smartphone or computer, then that child is old enough to learn how to play on a smartphone or computer securely.
- 10 Facebook Privacy and Security Settings to Lock Down
- 12 Computer-Security Mistakes You're Probably Making
- 8 Apps for Tracking Your Teens