- Insecure toys that require internet access to operate for voice recognition, data modeling, or even just basic warranty registration. Last year, v-tech was breached and parent and child information stolen for toys they leveraged the cloud in order to operate.
- Insecure online games. Hacking gaming platforms is not reserved for teenagers and adults to gain privileges, install mods, or gain an advantage during play. When targeting a child’s gaming platform like Minecraft or RoadBlox, prized collections, features, and avatars can be compromised impacting play and moral. Many times, these attributes are not earned during play and have a monetary value attached (paid for with gift cards or in app purchases) in addition to the Personally Identifiable Information (PII) stolen at the same time.
The Risks of Children Playing OnlineBasically, the cybersecurity threats adults experience everyday are amplified by the naivety of children. The techniques used are the same (vulnerabilities, privileges, exploits, etc.) but the results can place the child in a life altering position. If parents allow their children online, they could face a variety of threats well below the line based on content, exposure, and the lack of safe basic computing knowledge:
- Exposure to inappropriate content such as violence of pornography.
- Identity threat and account hacking based on stolen credentials impacting games, school accounts, and social media. Children tend to re-use passwords more frequently than adults simply based on the ability to remember a password.
- Vulnerabilities and exploits infecting a device with malware. Children surf the web with naïve passion. Any compromised or rogue site represents a risk from a watering hole to steal credentials all the way through sites containing drive by malware.
- Devices children use on the Internet are not up to security standards. Most technology does not get security patches after release and children do not click “apply update” as regularly as parents or security professionals. That little update icon tends to last a lot longer before someone actually invokes the update.
- Cyber bullying. With the advent of social media, chat features in games, and other mass communication technology, cyber bullying is a problem worldwide and has resulted in serious crimes and unfortunately depression, suicide, and exposure of private information.
- Misinformation and “fake news”. Children believe almost anything they read, and the rampant proliferation of fake photos, news and bad advice is everywhere on the Internet. If you ever need proof, research “Tree Octopus” or even my name, “Morey Haber”. You will be surprised what you find and even my name reveals an online identity crisis I can never resolve.
Tips for Keeping Kids Safe OnlineNow that children have become accustomed to using mobile devices on their own, parents need a way to keep them safe. Parents increasingly have a hard time supervising children on the Internet, so to assist with their responsibilities, there are a few recommendations parents should follow:
- Enable parental controls in iOS or Android to supervise in application purchases, new application installation, and inappropriate device modifications without permission.
- On Windows or MacOS, create another account for children using Standard User privileges. This will limit malware and the ability for them to modify the system in an adverse way; intentionally or not.
- For social media, change the content and permission settings. For example, on Twitter you can limit the ability to view “sensitive content”. This has recently come into light with President Trump’s retweet of anti-Muslim content. If the feature is enabled (and it is by default), the content is suppressed.
- Some platforms have Parental Monitoring add-ons and applications that limit content from known “bad” sites and provide reports on activity. While this may seem extreme, it may be necessary for children that are experiencing any of the problems above or as a pure preventative measure.
It Starts With EducationSo, how do we keep our children safe online and with the latest technology? It is all about education. You can teach a child not to talk to strangers, but online, it has a whole new meaning when using technology and playing a game. Online games are designed in the first place to play with strangers. Therefore, we need to teach children safe cybersecurity above what we learn as adults. These basics include:
- Never share your real name, phone number, age, etc to anyone online that asks.
- Never arrange to meet anyone online that you have met without consulting with your parents
- If you see a bad web page or images, close your browser and tell a parent. We can always review the content (if needed) via browser history
- Never share your password with friends
- Do not install new games or applications without asking your parent’s permission
Morey J. Haber, Chief Security Officer at BeyondTrust
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.