Online Safety for Families
It's a family affair to keep your kids, teens and yourselves safe online - learn how WITH them through this 𝒊𝒏𝒕𝒆𝒓𝒂𝒄𝒕𝒊𝒗𝒆 webinar for the whole family! In this special edition, learn new perspectives to talk with your family on best practices to keep everyone safer.
Gabriel Friedlander, the founder and CEO of Wizer Training, brings experience not only from his content creation for the Wizer Security Awareness Training platform but also from his days as a co-founder for ObserveIT, that dealt with Insider Threats. Both deal with the human factor in security. If you have seen his posts on LinkedIn, you will know he is a natural and prolific content creator - he has an eye for taking the everyday and framing it in the light of security awareness.
"Social engineering is about distraction and misdirection"
Criminals rely on our distraction to their advantage. Tactics they use include everyday processes and language that has become automatic to us in order to trick us into accepting it as 'regular' interactions online. They hope we don't stop to consider what may seem 'off' about a particular communication and investigate further.
School Username and Passwords
Unfortunately, past security measures were a hinderance to many businesses and schools were no exception. What has come about are very poor habits that unsuspecting school systems unwittingly pass on to the student body.
A common occurrence in many schools is assigning a student a username and password that they are required to keep from elementary through high school across all apps. However, reusing passwords puts the student as well as the school at a high risk for breaches. Not to mention the typical format is usually based on personal info of a student making it easy to guess for fellow classmates.
Parents need to speak with their kids and ensure they are creating strong unique passwords and they are not reusing it to help them build secure habits across all areas of life.
What does it take to create a strong password?
- Three or four RANDOM words
- Contains a MIX of letters, capitalization, numbers and special characters
- Does NOT contain personal info such as name or birthday (these are easy to find online)
- Avoids phrases from popular song lyrics or movies
- Has 12+ characters where allowed
- Is UNIQUE for each account (isn't reused for other accounts)
However, it doesn't have to be hard to memorize. Using passphrases of random words that includes the mix of numbers and special characters create strong passwords. See our tips in the video below for ideas.
Also, length matters. It used to be an 8-string password was secure but as programs get faster, the longer and more complex a password is, the longer it takes for hacking tools to crack it. Some apps limit the length of a passcode, but whenever you have the opportunity aim for something that has 11+ characters with letters, numbers and special characters.
If it seems overwhelming to help your whole family sort, track and use unique passwords across all accounts, there are free and paid password managers that can take the headache out of it. It may require a little training up front with family members, but it's well worth the investment. If you'd like to learn more about password managers, check out this great article from information security blogger, John Opdenakker.
Strong passwords are a solid start, but alone are not enough
There have been over 11 billion accounts stolen from hacked sites and apps, so chances are good your or your family's info has been leaked before. A strong password doesn't help when a breach happens. What can you do??
First, you can periodically check your family emails in a open source data base run by a leading security professional called haveibeenpwned.com. (Note, if you use a password manager, some feature integration with this service to give you notices whenever an email of yours is reported involved in a breach).
If any emails are shown to be compromised, it's time to change the password to a new strong and long credential. However, there is another layer you can add to increase the account security for your family. That involves turning on MFA - multifactor authentication (also known as 2-factor).
In short, MFA protects your accounts even if a password was stolen or leaked because it requires an extra step before access is granted. This is typically done through sending a code from a secondary source - text, app, USB - that only you have access to.
You can do this for online gaming accounts, emails, social media, financial and more.
Get a quick how-to guide to turn on MFA for 16 of the most used apps here.
Staying safe while Gaming Online
Online games come with the ability to earn or purchase tokens or coins - for example, in Fortnite, it's called V-Bucks - and like many, players are always on the lookout for ways to get these for free. Scammers know this and create many different surveys and 'generators' that requires the player to log in with their game account info and/or fill in personal details. At the end of the process it will typically say an error occurred but fact of the matter is, your information was taken. This provides an easy target for criminals to steal you or your child's personal credentials.
Adults should also be aware that these tactics are also employed in the guise of surveys for different providers such as airlines, phone, etc. and definitely the social media 'personality tests' many times are used to learn answers to commonly asked security questions "name of family pet" or "street you grew up on", etc. It's best to avoid these types of surveys.
Free token generators are scams and players should not use them.
It's important to stress to your family gamers that you all share the same WiFi - if the gamer gets hacked, the whole family gets hacked. The end goal for criminals is not just to hack a player, but rather to use a hacked account to gain entry into other parts to the family online access.
Social Media Hacks to Be Aware Of
Social media is a favorite for criminals to use. One common tactic is for a scammer to use a hacked account to then send out messages to all the contacts/friends of that account. Usually, they send a message teasing some crazy claim that will instill some type of emotional response such as the example of the video below, a true account of how an entire 9th grade was hacked. The message used was stating the receiver was put on the 'most ugly list' and check out the link. Once the link is clicked it asks for user to log in. What is unknown to the user is that going through that link and logging in actually is giving the criminal your details and now your account is hacked.
It's always best to call and check with the sender if they actually sent you the message before clicking any link. When in doubt, throw it out.
Private photos aren't so private on Social Media
Another point to note on social media hacks is that once your account is hacked, any photos stored there are accessible to be shared. This can be devastating if private pictures are included. Such was the case in this real-life story dramatized below.
The main takeaways are use MFA which can prevent access to an account even if your password is compromised and to never use social media apps to take and store private photos, rather, keep them directly on your camera.
Digital affects the Physical
The digital world seems intangible but the reality is our actions there very much impact our physical lives. Kids and teens need to know not to trust digital identities as it is very easy to spoof who is behind the 'friend' on social if it is not someone you know in the real world.
Just as parents should know who your kids friends are at school, you should know who they are online, too.
However, just having a one-way line of communication is not enough. It should be a conversation. As Lisa states "I should have stopped talking and listened more."
Can you identify a fake profile??
Technology has advanced so much that creating deep fake videos of every day people from hacked accounts is a growing challenge and danger. We are reaching a point where we can no longer trust videos. It's crucial to teach our kids to think critically if ever a video from a familiar vlogger veers from anything typical and to verify verify verify.
The App Store - Beware of Fake Apps
While most kids and teens won't be dabbling in Bitcoin as the below real-life video example relates, the lesson here is to know that fake apps exist inside Google and Apple App stores. While they do work to minimize and remove fake and malicious apps, there are simply too many to catch them all.
Anytime you want to use an app, it's best to access the download through the official website link to ensure you have the correct app. Simply ensuring the logo matches and it has good reviews, is not enough. This is true whether it's for gaming or social media and the like.
Limit App Permissions
When downloading a new app, we're generally in a hurry to just use it and zip right through approving all the permissions the app requests. However, in reality the vast majority of apps ask for MORE permissions than it needs to function. Any permissions you grant gives access to different data on your device so it's important to slow down and help your kid walk through what is being asked access and if it's really required.
Sometimes for some apps there is the option to only allow access while the app is in use and then access is restricted when the app is closed. This may be a good option if you or your kid create and upload content via their phones or tablets.
Also, this is a good time to remind your family NOT to store passwords inside contacts as many apps have access to that. Consider a password manager for your family instead!
As mentioned above, there are fake and malicious apps in all guises including free games with the aim to gain access to your device and your information.
WANT MORE RESOURCES?
Resource Hub for Families (Monitoring Tools, More Webinars, Family Tech Agreement, More)
Online Safety for Families Level 1
YouTube Playlist: Cyber Security Awareness for Kids and Parents
Connect with Gabriel Friedlander on LinkedIn or follow Wizer on Facebook, LinkedIn, and TikTok.
Looking for awareness training that is short, relevant and engaging for your company? Check out Wizer’s free security awareness video library.
Ayelet HaShachar Penrod
An enthusiastic security awareness advocate as a result of the past two years connecting with and listening to the many passionate voices in cybersecurity as a marketer in the field - that passion rubbed off. Now I'm excited to bring my own awareness learning and perspective to help further Wizer's mission to make security awareness accessible to the individual, the small business owner, the non-profit, the enterprise organization and, well, every one.