Your 7th grader used the family computer this evening for homework. You are a diligent parent and take all the precautions you can to keep your child safe from predators, online bullies and hackers. The computer monitor is always in plain sight and you subscribe to a service that monitors your child’s online activity.
During the homework session, your child receives an interesting looking e-mail from a classmate. The e-mail says something like, “Hey! Look at these great photos of The Bieb at his last concert! They are radical! Take a look and tell me what you think.”
The photos have innocent looking .jpg file extensions, but they are booby-trapped executable files that take your child to a site somewhere in the Ukraine, whereupon your family computer and all its data – everything – becomes the latest victim of ransomware.
Social Engineers End-run Safeguards–Time for Another Talk
The foregoing scenario is a classic example of how hackers look for vulnerable targets in seeking victims, stealing identities and bilking millions of dollars from private citizens and businesses. You may have taken the precaution of installing the best virus protection software, but your child became a victim of an end-run through a social engineering hack.
You’ve had the talk with your child about online predators and never disclosing personal information on line. It’s now time for a second talk on cybersecurity with overtones of protection against social engineering. Before you do, read up on the basics and the threats. This security tip by the United States Computer Emergency Readiness Team is a good starting point.
What to talk about
Here are 3 points you can cover in protecting your child from social engineering:
1. Always be suspicious. A healthy skepticism and awareness of common tricks (phishing, etc.) will overcome curiosity. Caution your child to never click on a link in an e-mail, even if it is from a friend.
2. Repeat this: never give out any confidential or personal information. Remind your child that no website or commercial service will ever solicit personal information, user names, or passwords unless the user is actually logging in. That “Log in here” link in the fake e-mail will likely lead to an equally fake landing page.
3. Don’t use the same password for every website. Likewise, go for strong passwords that are easy to remember, but hard to guess. Click on over to this piece by ConnectSafely.com on devising effective passwords.
Smartphones are everywhere, but security awareness isn’t.
Finally, remember that with the proliferation of smartphones, our children consume technology at an unprecedented rate. They just tap their screen and go web surfing with little or no regard to security awareness and with scant training to guide their behavior.
When out and about with their heads bowed and thumbs working on those smartphone screens, they need to be reminded that:
The World Wide Web and the information age are now older than most children who are becoming increasingly tech-savvy, but are not necessarily security conscious. Parents need to take on the role of senior and experienced net denizens. Children, after all, tend to display the sincerest form of flattery to their parents: youngsters imitate good example.
And now a word from our sponsor…
Boston HelpDesk is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (617) 848-9393 or send us an email at firstname.lastname@example.org for more information.