Do our children know how to protect themselves from cyberattacks?
I have been working in technology now for over thirty years. I am also an educator and a mother, and I happen to be married to a man who has also worked in technology for over thirty years. So it is no surprise that our son is working on a video for his school website on how to prevent getting viruses on your computer. We have drummed into him for many years the dangers of downloading content from the internet and the dangers of clicking on links from emails you don’t recognize. Our son has grown up listening to us talk about tech and security at the dinner table. Technology and cybersecurity are part of our daily lives.
As technology and cybersecurity professionals here at OneLogin, my family’s experience seems to be a common occurrence. In fact, one of our leadership team recently shared some videos of their own family talking about what they have learned from their mother about cybersecurity.
Their main lessons learned were:
- Do not open any email that is suspicious.
- Do not click on a link even if it is someone you know.
- Don’t trust anything that wants information from you, anything at all.
- Never trust what you see on the internet.
These might seem a bit extreme, but they aren’t much different than the parental rule of “Don’t talk to strangers,” which has been around for eons.
With most of our children having to be online for school this past year, our children have become more vulnerable to cyberattack activity than ever before. In fact, last December the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) put out a Joint Advisory regarding a sharp increase in cyberattacks on K-12 institutions. Cyberattackers are using the same tactics they use on businesses to infiltrate educational institutions.
The advisory recommends not only ensuring that schools employ best practices to secure their networks and their systems such as:
- Regularly change passwords.
- Use multi-factor authentication where possible.
- Disable unused ports.
- Audit all access.
They also recommend increasing focus on end user awareness. “Make employees and students aware of the threats—such as ransomware and phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities. Ensure employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently. And monitor privacy settings and information available on social networking sites.”
Cybersecurity best practices are not just for adults and the business world. With the move to both remote workforce and remote learning in the past year, we all have to be vigilant. We all have to educate ourselves and our kids about how to protect themselves against cyberthreats.
Simple acronyms like STOP can help:
- Stop (Before you click on the link in an email or download something from a website.)
- Take a Deep Breath (Don’t panic.)
- Opportunity to Think (Is this from a source you can trust?)
- Put the email or website into Perspective (If it seems suspicious report to your Security Team or IT team for investigation.)
Cybersecurity awareness and training should no longer be confined to the workplace. Everyone everywhere should be educated on what we can all do to keep ourselves safe from cyberattacks. We need to start teaching our children to be just as wary of emails with links as we teach them to be wary of strangers offering candy.