Kids today start using the Internet from an early age. About 80% of children have access to a computer at home. By the time they’re in their teens, many of them have their own smartphones or laptops. If they aren’t careful how they use them, they face significant risks of giving up personal information and access to their online lives, or letting malware onto their devices which can lead to the same problems.
Online safety requires good habits
No one is born knowing how to stay safe online. Schools can and should play a major role in teaching them good cybersecurity habits. The word “habits” is important. Mere “cybersecurity awareness” isn’t enough, if it’s only abstract knowledge. Children need to develop the right reflexes to avoid dangerous situations. Just as they learn to look before crossing the street every time, they need to develop habits of online caution. These habits should come into play every time they access the Internet.
When schools teach computer usage, they need to make security a major part of the curriculum. It’s harder than teaching them to open a browser or compose an email message. Legitimate, well-known applications aren’t out to trick them. Learning cybersecurity means learning when not to do as they’re told.
No one is too obscure
Children and teens have trouble imagining why anyone would bother with their phones and computers. The reality is that everyone is a target. Criminals spread their attacks as widely as they can. Every stolen password and every infected device is worth something to them. Any subverted device can become part of a botnet for launching attacks on bigger targets. The device’s owner may not notice until it gets blacklisted by mail filters or the account gets suspended for misuse.
Cybersecurity isn’t just for the pros
Some people think that the services they use are responsible for their security. This is half true. Providers are responsible for making their services as secure as they possibly can, but users need to protect their own devices and accounts. Mail filters keep some spam out, but they can’t identify it with 100% accuracy. They can require long passwords and forbid dictionary words, but they can’t stop anyone from leaving a written password lying around.
Children should start learning about personal online security from an early age. Until the day something much safer replaces the current Internet, the habits they learn will serve them well for years.
Trust is good, except when it’s misplaced
A large part of cybersecurity is deciding when to grant trust and when not to. Children are often too free with giving out information. Secrets are more a game than a serious matter for them. If they think something came from a friend, they’ll trust it. Likewise if it sounds authoritative.
What happens on the Internet goes against the intuition that personal experience develops. Children wouldn’t naturally think opening a Web page could be harmful. The cues of familiar faces, tone of voice, and body language aren’t available. The idea that strangers who live far away could harm them through their phones and computers seems strange.
Protecting information is a learned skill
Children and teenagers are often too free about giving out information. Keeping it safe is a skill they have to learn, with numerous aspects:
- Creating passwords that aren’t easy to guess.
- Guarding against keeping written copies where someone could find them.
- Treating requests for confidential information skeptically.
- Being on guard against impersonators.
- Resisting peer pressure.
Creating strong passwords and remembering them is difficult for everyone. Just telling how strong a password is takes some skill.
A lot of cybersecurity misconceptions go around in the culture. Many people believe that something like “p4ssw0rd” is safe. There are techniques which make creating strong passwords easier, such as constructing a nonsense series of words and then remembering a story about them. Schools should teach the best ways to create passwords.
Common mistakes lead to serious trouble
The right online habits increase safety, but other common practices are very risky. Unsafe practices lead to dangerous mistakes. Being safe online is largely a matter of replacing the unsafe habits with safe ones. The safe ones need to be well ingrained; a single mistake is all that’s necessary to let malware get a foothold. Caution needs to be automatic.
These are some of the safe habits:
- Taking steps to protect all passwords and other confidential data.
- Being skeptical about any email that seems odd, even if the “From” name is familiar.
- Not touching links sent by untrusted sources.
- Not replying to requests for confidential data without being absolutely sure they’re legitimate.
- Keeping software updated.
These are some of the habits to break:
- Reusing passwords.
- Downloading apps just because they sound interesting.
- Accepting all friend requests.
- Giving out information without careful thought.
What can schools do?
There are two kinds of cybersecurity teaching. One is the intensive kind, for students considering careers in IT. It’s valuable for those whose interests lie that way, but it’s not for everyone. The other is the development of basic awareness and habits for staying safe online. This needs to be an integral part of everyone’s computer education.
Many schools are taking innovative approaches to cybersecurity education. Dry lecturing isn’t enough. Stories in the news help make the issues dramatically real. Competitions get students more involved. Sending students test “phishing” email to see how they respond gives them live practice as well as testing their skills.
National Cybersecurity Awareness Month comes every October. It’s an opportunity to tie in teaching programs. Elementary schools in New Orleans held special training in connection with it in October 2018. Materials with a theme based on the Garfield cartoons helped to engage students in grades 4-8. A key message was that “online friends are not the same as real friends.”
Being safe online has become an issue for everyone who’s old enough to use a computer or smartphone. It’s part of the schools’ job to make sure their pupils know how to stay safe.