How do I keep my children safe online? What the security experts tell their kids
Professionals from the internet security world explain the advice they give to their own offspring
ow can you teach your children to use the internet safely? It’s a question I’ve been thinking about a lot, as the father of five and seven year-old sons who are already adept with parental tablets and laptops alike.
They know the internet is a magical entity capable of answering obscure questions; providing printable templates of pretty much any animal to colour in; and serving up endlessly-repeatable videos of startled cats, Stampy’s Minecraft exploits and loom band tutorials.
What they don’t know is anything about viruses, online privacy, phishing, social networking etiquette, and any other internet safety and/or security issue you can think of.
Teaching them about this now and in the future is my job, and the challenge of getting it right is intimidating – even for someone who writes about a lot of these issues for a living.
But then I remembered that there’s a whole industry of internet safety and security experts, many of whom have children of their own, and have to face the same task of rearing safe, responsible internet citizens.
The advice that these people are giving their own kids should be top-drawer, so what is it? I put a call out, and was overwhelmed by responses. Here are edited versions of 21 of the most useful.
‘Start discussing online safety at an early age’
David Emm, senior security researcher at internet security company Kaspersky Lab
“I think one of the key things is to start the process of discussing online safety with your children at an early age, when they start to do anything that involves the Internet.
They might still be using the computer with you, rather than independently and this offers an opportunity to highlight the fact that the online world parallels the real world and that there are both safe and unsafe things out there. It also enables you to discuss the things that are there to protect us, e.g. Internet security protection, passwords, etc.
As they get older and begin to do things independently, widen the circle. For example, if you let them start an account with Club Penguin or Moshi Monsters, help them create a sensible password and explain why they should use different passwords for each account and the possible consequences of not doing so.”
‘If you wouldn’t do it face to face – Don’t do it online’
Shelagh McManus, online safety advocate for security software Norton by Symantec
“The advice I give my own family and friends is encapsulated in: “If you wouldn’t do it face to face – Don’t do it online” For example, would you go up to a complete stranger and start a conversation? Would you be abusive to friends or strangers in a pub or bar?
Just because you feel protected by the apparent distance a screen gives between you and the person you’re talking to, you must remember that online is still the real world.
Mid to late teens need to remember that everything they do over the web is captured forever and could come back to haunt them. Many employers and university admissions offices look at social media profiles when researching candidates.
My husband and I actually used to ask random questions based on what the younger family members had put online just to remind them that they should lock down their profiles! If they didn’t want their dad, uncles and aunts or future employers asking about exactly what was in that fifteenth drink on Saturday night, they needed to check their privacy settings!”
‘At least I don’t feel like a spy…’
Paul Vlissidis, technical director at cyber security firm NCC Group
“My view is very non-PC I’m afraid (no pun intended). I have no filtering of any kind on my kids internet, no snooping and no time limits. I have of course spoken to each of them about the perils of the internet and they know that it’s an unsafe place unless they stay on the mainstream sites.
They do have AV [antivirus software] and I do scan their machines regularly for malware and ensure they remain fully patched but that’s it. Basically I trust them.
They have approached me several times where something odd has happened or where they had concerns (one Google search my daughter did for Barbie and Ken certainly produced some interesting results I recall). Of course they may yet turn out to be axe murderers, but only time will tell and at least I don’t feel like a spy.”
‘Teach them to beware of strangers bearing gifts’
Amichai Shulman, CTO of network security firm Imperva
“Being a parent (four children), paranoid and a vendor I can shed some light on this. My basic belief is that adults have proven once and again vulnerable to cyber attacks and therefore we cannot expect children to be any better – especially given that their sense of curiosity is far more developed and their sense of caution far less mature.
I do not expect my children to behave online much different than in the real world and therefore I explain to them about hackers being a type of criminal that breaks into your house through the computer rather than through the window. It’s easy for them to understand it.
I also teach them to beware of strangers bearing gifts much like they should in the physical world. For example, I don’t allow my children to open a mail package if they don’t KNOW who sent it (or got my permission to do so) – much the same way, I don’t allow them to open unsolicited email attachments.
Could they fall prey to someone who took over their friend’s account and sent out malware? Yes, but so would most adults. Could they fall prey to a targeted attack on our family? They probably will – like almost all adults.”
‘Once you’ve written something you can’t delete it’
David Robinson, chief security officer at Fujitsu UK & Ireland
“The Internet is a fantastic place, but you have to be careful what you do and say when you are there. Don’t say things which you wouldn’t talk about in conversations with your family, think about what you do and say, you may well regret what you do by hurting someone or being hurt yourself.
Remember once you’ve written something you can’t delete it, despite what Google are doing in Europe, the right to be forgotten doesn’t apply everywhere! If what you do or say is controversial it will be copied many times and will always come back and bite you, even in later life when you apply to go to college, university or even a job.
How you connect is important too, the gadgets you use, smart phones, tablets even old fashioned computers all need to be protected as well. But that’s only one part of it, those applications and services you use need to be protected, you don’t want others seeing your information. Use sensible passwords and protection, it’s a little price to pay for the security of your information and intimate details.
Don’t be frightened to ask for help either, there’s lots of places and people who can show you what to do and how to behave such as Get Safe On-line, friends and teachers.”
‘Never, under any circumstances, browse unaccompanied’
Dave King, chief executive of online reputation management company Digitalis
“The first and most fundamental principle is that my children never, under any circumstances, browse unaccompanied. They both have iPad Mini devices at which they are more adept than most adults I know. But both devices are set to forget the wifi access code so that they cannot get online without either my wife or I present.
Ditto the computers in the house and the main screen for the computers to which they have access is in our living space (not bedrooms) so that any activity is plain to see.
We talk to the children about the risks because the time will come that they have access outside the safety of our home. We make a point of being open about the concept of inappropriate content and the existence of bad people. In the same way that a generation ago we were told to shout loud when approached by a stranger, we tell the girls to tell us immediately of any approach online.
We talk about trolling as we talk about bullying and we talk about paedophiles in the virtual and real world. Ultimately we want to retain their innocence but where we used to want street-wise kids we now need web-wise children.”
‘Try and be vigilant and monitor what you can’
Chase Cunningham, lead threat intelligence agent for cloud security company Firehost – and creator of educational comic The Cynja
“For my kids I have already set them up with their own personal private clouds through the Respect Network and I have set up all the devices that they can or could access the internet with has a passcode that only I know and each device has blocks on sites that I consider risky.
I also have set up monitoring on their credit reports (yes they are only three and five but kids credit thievery happens all the time) and I am with them when they are using the internet.
I tried to explain to them about the nasty side of the internet but it kind of fell on deaf ears, but I was able to educate them about the dangers of the internet through my comic The Cynja.
They didn’t understand what I meant when I talked about malware and botnets as a tech geek dad but they understood that bad things are out there in cyberspace when they read the comic and saw the images.
For me, and quite a few other parents recently, that was a real connection point for the kids was when they had a comic character to relate to who is literally telling them about being safe online and protecting their digital selves, they understood the story and were getting the message of being safe online all at the same time.”
‘Educate early and often’
Samantha Humphries-Swift, product manager at cybersecurity firm McAfee Labs
“Get involved – I speak with my daughter regularly about which sites she is using, and given her age, I personally vet all app downloads. This way, I can keep an eye on security settings and make a judgement on whether I think it’s safe and appropriate for her to use.
Educate early and often – I warned my daughter about the dangers of the internet as soon as she started browsing, and remind her of safe online behaviour regularly – don’t accept friendship requests from people you don’t know, verify requests if they look to be coming from someone you do know, never agree to a private chat with a stranger, never post your mobile phone number or home address online for all to see.
Communication is key – I like to be open, approachable and understanding about what my daughter is getting up to online. This way it makes it easier for her to come to me with any problems she’s experiencing online, and she’s happy to ask for advice.
On a more general note, talk to your kids about how they use their computers and smartphones and ask about any concerns they might have. Be prepared to field any questions they may ask – there are plenty of online resources available to help support you in answering tough and delicate questions.”
‘Not just to tell them the rules but also to spend the time’
Jesper Kråkhede, senior information security consultant at IT security company Sentor
“My first observation on keeping your kids safe online is not just to tell them the rules but also to spend the time to show them that you’re the most trustworthy when it comes to the internet. In brief, a good line of communication with your kids, where they can talk to you and you to them is THE starting point for the best online protection.
When it comes to passwords I tell them to use long sentences. Easy for them to remember and hard for others to crack. I teach them how to check that the virus protection is updated and how to answer requests. The bottom line we’ve agreed is that if they are unsure they should ask me.
My kids use Facebook, Instagram, Twitter etc and I have asked them to be-friend me on all their apps. The next piece of advice I’ve given them is if they are posting a picture or a comment and they think they wouldn’t want me as their Dad to see it, then it doesn’t belong in the public domain at all.”
‘Become friends and contacts in your child’s social media’
Tracy Hulver, senior identity specialist for telco firm Verizon
“Make sure your children ONLY message and accept friend and contact requests from people they know. A lot of times the number of contacts of friends you have become a “popularity contest”. People that do not have appropriate of good intentions realize that and will try and contact kids by masking as people they are not and “infiltrating” the child’s “inner circle”.
Make sure YOU as a parent, become friends and contacts within your child’s social media circles and ensure you monitor posts. Your children may resist but tell them that is one of the conditions for you to allow them access.
Ask to see their child mobile devices periodically. Some children, especially the older they get, will not want Mom and Dad looking at their messages to their friends and that’s OK if the parent doesn’t want to do that.
But if nothing else, look to see what apps are installed, take a mental inventory, and if the parent is not familiar with the app, go online and do investigation. That way you at least know the types of social media services your child is using and to the point earlier, you should at least sign up for that service to see what it’s all about.”
‘Imagine a responsible adult standing behind them’
Kevin Gourlay, head of technical assurance at Platinum Squared, and head of the (ISC)2 Safe and Secure Online cybersafety initiative
“My general rule is If they can imagine a responsible adult standing behind them, and watching what they are doing on the Internet, and they would be happy with being watched by them, then what they are doing is ok.
If they are on Twitter for example, or Facebook, commenting or replying to posts, If they think that I would be OK with them doing what they are doing, then it’s ok. They need to be helped to apply common sense, rather than told what to do, and this can be easy for children once you help them to understand the risks.
My two children are 9 and 14 years old, so I have two different sets of rules and advice for them. For my youngest, I’ll teach her about the websites that are likely to be safe online: .co.uk, .edu, .org, etc., and I have a whitelist in place to make sure she only stays on those sites.
However, as they get older, learn more and become more mature, that list grows out and it becomes more of a blacklist with just certain websites blocked. It’s about giving them more freedom as they get more mature.”
‘It’s about them understanding simple safety rules’
Lucy Woodward, director at Disney’s Club Penguin virtual world for children
“This is the crunch generation – so it’s vital that we get it right, and kids and parents learn internet safety skills for themselves. My kids are still very young so for me it’s about them understanding simple safety rules at this stage and keeping it fun – for example understanding what a password is and keeping it secret (kids love secrets!).
At school my daughter has an internet reading program where she has an individual password and I have found this a good way in to talking about the issue. My children like many will be straight on the internet at any given opportunity so I also encourage them to tell me if they click on something that they don’t like the look of so they get in to an early routine of doing this and always knowing they can talk to us.”
‘Just apply standards you adopt offline to the online world’
Sue Gold, partner, data privacy team at law firm Osborne Clarke
“If you go out would you leave your front door open? Do you talk to strangers in the street who you know nothing about or meet them in a secluded location ? Do you tell strangers your deepest secrets and all your personal information?
Remember the cartoon with a dog by a computer and the caption “The Beauty of the Internet is no-one knows you are a Dog“. People may not be what they seem and the 10 year old girl you are chatting with could be a 60 year old man
Just apply standards you adopt offline to the on-line world and this will increase safety online. Be sensible and just remember that you have to be on your guard . Be careful about giving our any personal information including photos as once they are out there they could go anywhere.”
‘Anything that is put online should assumed to be permanent’
Chris Hoff, vice president, strategic planning, security, Juniper Networks
“Kids are implicitly very trusting, so it’s possible that they are more likely to fall prey to a social engineering attempt and as such they need to be taught to spot them and not be afraid to question or challenge the need for disclosing things like passwords or other sensitive information in response to an e-mail, text, IM or social networking message.
Further, it’s important for them to understand that anything that is put online should assumed to be permanent and they must be careful what they expose and that their identity and all that goes with it is precious.
In the case of certain environments, considering the use of a Pseudonym, not disclosing one’s age or gender, and limiting identifying information for some of their interactions online is important.”
‘Get them involved when installing patches’
Neil Thacker, information security and strategy officer at cybersecurity company Websense
“I make sure that cybersecurity is an element of everything my kids learn and do on their computers and through the Internet. I teach my two young sons, who are both under 10-years-old, about the importance of safe internet use at home and in school, and have been training them up to become mini-security experts themselves.
I regularly remind them that websites can redirect to other websites without them being aware and get them involved when installing patches, so that they know the importance of ensuring systems are up-to-date. As a result, my youngest can already run a network scan on the home network and understands the difference between an Operating System and applications. He can even help identify vulnerabilities.
To keep my eldest from rolling his eyes at me and saying ‘oh dad…’ he gets extra time on his laptop if he helps out with making sure everything remains up-to-date when I am away. So you could say I have a small family SecOps team.”
‘A few simple steps will help keep data secure’
Deema Freij, senior vice president EMEA & APAC at technology company Intralinks
As a recent mother, whose job is to keep other people’s information secure, I am increasingly thinking about how I will keep my daughter safe online as she grows up.
I work for a company which provides a secure file sharing system for high security businesses like banks, so am particularly aware of the risks from many free file sharing products.
Some consumer products, like Dropbox, have had security problems – from privately shared links appearing in Google search results to criminals using the site’s perceived credibility to share malware with unsuspecting users. Young people will use these products, but they should be cautious about putting anything private on there.
A few simple steps will help keep data secure. First, pick a file sharing service that lets you create “private” folders, so that only people with access credentials can see files. Second, get into the habit of deleting files once they’ve been shared, and if you’ve already shared files that are sensitive, delete those too.
Finally, if you come across files from friends that make you uncomfortable, or you’re sure aren’t meant for you, delete them and don’t forward them on to others.”
‘Learn about something yourself if you don’t know’
François Amigorena, chief executive of software firm IS Decisions
“The first rule I have for how I approach online security with them is to educate, educate, educate. Do not rely on anyone else to tell them what they should be doing, and often educate means learning yourself. Take the time to learn about something yourself if you don’t know. Also when educating children it’s good to use material or images, like web comics to get the point across as that way they’re more likely to listen.
It’s worth remembering that some authority figures, even those at school, might give out of date or misinformed advice. So it’s always good to keep talking about these things with the kids and correct when necessary. For example a school figure from the library informed my children that all .org domains are safe. Which was once the case as it was created for non profits, but now they can be registered by anyone; just put any rude word in between ‘www.’ and ‘.org’.
Don’t hand over any internet connected device before you know yourself how it works. I have known other parents who weren’t aware that an iPod can connect to the internet, and gave it to their 10 year old son who then managed to share a video of their neighbour’s daughter in a bikini online. The neighbours were quite rightly upset!”
‘Boundaries also bring freedom’
Ben Densham, CTO of cybersecurity testing company Nettitude
“Enforcing boundaries and engaging in age-appropriate open discussions about your child’s online activities will encourage your young cyber minds to learn the benefits and realise the dangers of the internet. It is important to begin these conversations with your children from an early age, in order to protect them from risks that they may not yet understand and to prepare them to face and manage the threats.
Boundaries are often seen as restrictive and draconian by kids. But boundaries also bring freedom. They provide a clear understanding of what is safe and secure. Boundaries tell them where they are free to explore and roam.
When it comes to learning to protect their privacy, discussing their use of social media is a good place to start. As the use of these platforms is now so widespread, it is important to put in place methods to prevent unsuitable content and talk to your children about the dangers of forming relationships with strangers online, as well as the importance of preventing personal information from being made public.
This is particularly important as children get older, when parents will need to relinquish some control and cannot enforce those safety boundaries in the same way.”
‘We talk about anything and everything’
Mark Gibson, sales director at web filtering firm Bloxx
“I have two kids aged 11 and 14. How they interact with the Web and via what channels is constantly changing. One month they are all playing a game and using the in-message capabilities, the next they are back to using Facebook.
Their interaction with the internet is dynamic and ever changing. They are also incredibly tech savvy, so whilst I do have filtering technology in place, anything else would – in all reality – be counter intuitive. My son would only see it as a challenge.
So with this in mind, I have purposefully made sure that my kids and I have a very open relationship and we talk about anything and everything. This means that when they see sexual content on the web, which is inevitable, that rather than wondering about what it all means, we talk about it. The rights and the wrongs, what it all means etc.
By talking openly with them it quickly becomes clear what behaviour is appropriate and what is not. It also gives them the opportunity to raise anything that they find troubling.”
‘Staying safe now goes beyond the old computer security issues’
Catalin Cosoi, chief security strategist, Bitdefender
“Parents and children rarely have time to truly communicate. So, first of all, parents should talk to their kids about potential problems that may occur when using the internet.
A thorough look at each and every one of these issues – including cyber-bullying, Facebook depression, sexting, paedophiles, scammers and exposure to inappropriate content – should give the child an idea of what internet dangers are all about. Backing up the list of e-threats with real examples from their school or group of friends could also draw a comprehensive picture.
Parents should know that staying safe on the internet now goes beyond the old computer security issues. Our recent studies show that parents now buy smartphones for their children when they are as young as 5 years old. The early use of both smartphones and tablets is boosting the risk of malware infections and SMS fraud, which make many victims among users who are still only learning to read.”
‘Follow the same rules you would follow in the real world’
Darren Anstee, director of solutions architects at network security company Arbor Networks
“Follow the same rules you would follow in the real world. If you aren’t sure about something or someone ask your parents or another responsible adult and if anything ‘unusual’ happens when you are using your computer tell your parents.
If any of your friends tell you how to get around the content filters and application installation barriers we have put in place – don’t do it, just come and talk to me about what you need; I was young once too, I think.
I am a bit like Santa – I can always tell whether you have been good or bad on the Internet, but with much better incident response and forensics.”