Last modified
Did you realise when you use the internet (the net), you are potentially connected to every other computer on the net? And being connected on the net also means that you and the machines and gadgets you are using to access it are a target by those with criminal or less honourable intentions.
In addition to great stuff out there, you may well have accidentally(?) already found some of the unpleasant stuff as well. Either stuff you’ve seen or read you did not like or found a website that could infect your machine with malware. A problem is that many dangers are hidden, such as web pages containing viruses, or rather ‘trojans’ – programs designed to deliver a hidden programme onto your PC and record what you do online, keystrokes, websites, etc… even take over your webcam. And you can’t just rely on automated virus and internet protections. Many of these dangers are aimed at ‘you’ and designed to make you react (what we call socially engineered) and without realising it download malware or divulge secure information which the criminal can use. Socially engineered attacks also now account for the vast majority of security breaches.
How do you get past a security gate? You get someone to open it!
There’s a silent battle being raged online. As soon as you start using the net you are part of it. It’s not one with explosions, but it’s one where there are consequences that affect lives and whole corporations. The damage can vary:
- using your account/machine to carry out a bigger crime
- stealing or extorting money,
- using your information to pretend to be you,
- obtaining personal images of you
- stealing private information
- getting you to open the internet security gate to a school or a company and their information!
So in the same way as there are rules about how to use the road without hurting yourself or others, there are rules and about using the internet.
Physical protection
Use virus protection software and keep it active and updated. There are new viruses being created all the time and the software needs to know what it is looking for, or it will not spot it.
Firewalls are also very useful and help a lot, but should not be relied on. Criminals are waiting for you to let them in.
Incidentally, it’s a myth to think that Apple devices are immune to viruses… they are not. There have been viruses and trojans discovered for Apple and other mobile devices. The programmers of viruses/trojans/worms malware in general are always looking to what is popular and the popularity of iPhones and iPads makes these a great target as is any smart phone.
Have strong passwords
Do you use a ‘safe’ password, something no one else can guess?
If you can look your password up in any dictionary, it is NOT safe. Remember, computers are fantastic at carrying out repetitive tasks and at speed. They can test any login by submitting a whole dictionary or two of words in a matter of minutes, if not seconds. Even replacing letters with common substitutions is not that safe anymore, (e.g. s4f3 instead of safe), but it does help make a stronger password.
Have you told a friend your password? If you have – it is not safe, no matter how much you trust your friend.
Do you use something that’s personal to you? E.g. address, your sibling’s name, pet’s name? This might be easier for you to remember, but it can also be guessed, accidentally divulged, or even worked out by someone who is ‘very’ interested in accessing your account.
So what are the current recommendations for passwords?
Don’t use the same password for multiple sites or devices.
One of the things that frequently happens is that websites get hacked and login details of users stolen. That information is then sold and the list of possible passwords and login details then added to a list to try against other sites, banks, schools, businesses, etc.
Make it complex.
The longer the password, the harder it is to guess or a computer to work it out. Making some characters uppercase (capital letters), adding in numbers and including special characters such as *, #, !, $, etc all make a password so much harder for a machine to work out.
Technology has also moved on to help. For example Firefox (an internet browser) offers to generate a secure password and remember it for you, and also remembers your passwords for various sites. So you don’t need a single password for different sites.
If you’re worried about forgetting all those passwords, Apps like Dashlane and eWallet are great for holding secure on your machine and smartdevices any passwords you generate.
Regularly change your passwords.
The longer you use the same password, the greater the chance that this password can be stolen from the site and a hacker use your credentials to gain access.
The pass-phrase method.
The need for complexity and different passwords for different sites means it is difficult to remember truly complex passwords, even when technology tries to help. It all very good when you use the same machine, but what happens if you need to access things from a different device which you don’t normally use? Using a pass-phrase helps make your password easier to remember, but still keeping the password length long. While “egg” is likely to be broken (excuse the pun) in a matter of seconds by a computer, something like “egg_wetQueen$” is much harder for a computer to break…. oh and that one I just invented as I wrote this. If you find it difficult to come up with random words, I usually find it easier to invent a pass-code by looking at a keyboard (it’s the easiest way of seeing all the letters of the alphabet), letting a letter jump out at me, or my eyes settle on a key, then thinking of a word that starts with that letter. I also avoid creating phrases that are meaningful, so “egg$fried$rice” although good, is still easier for a machine or somebody to guess than “egg_wet$_Queen”
Use two-factor authentication (2FA) if its available.
Many sites, in particular financial ones, have switched to using to two-factor authentication (2FA). This involves entering a security code generated on another device you own. You can use apps like Google Authenticator or Microsoft Authenticator for most cases. Some banks supply a bespoke card reader which requires the use of your bank card and PIN code to generate a unique number to authorise things. If this is available to you, do take advantage of it. It might be a bit more hassle and an additional step, but it is more secure.
Learning the rules
Cyber S-M-A-R-T
There are lots of organisations out there to help. Childnet is one of them. For children and youth there are additional problems, mostly through not understanding the internet or mobile and smart phones. If you share something with someone by internet or phone, although you might think it’s private there is always the chance it can be seen by others and you are assuming the person receiving it is who they are.
So what is Cyber SMART? It’s an acronym to help children and young people remember some rules of using the internet:
- S = Secrecy: Keep your personal details secret. Never use your parents’ credit card without their permission, and never give away your name, address, or passwords – it’s like handing out the keys to your home!
- M = Meetings: Never meet someone you have contacted on the web without your parent’s/carer’s permission, and then only when they can be present.
- A = Accepting: Do not accept or open attachments or download files from people or organisations you don’t really know or trust – they can contain viruses
or nasty messages. - R = Remember: Anybody online may not be who they say they are. If you feel uncomfortable or worried in a chat room simply get out of there!
- T = Tell: Tell your parent or carer if someone or something makes you feel uncomfortable or worried.
(Information courtesy of Childnet International https://www.childnet.com/)
Sexting
One of the more recent problems is ‘sexting’. Sending explicit texts or images by phone. As mobiles have become more powerful, it’s become so much easier to send images and video (you need to remember this website has been online since the very early days of the internet when mobiles were not smart, you only had the ability to talk or send a short simple text message). The ability to make videos or take photos and share them has made it very tempting to do this, especially intimate images between close friends. Unfortunately, a lot of young people are finding those images or even texts are coming back to haunt them – from finding out that the images or messages were being shared around, to blackmail and being coerced (forced) into doing worse things. Some more information here
Sexting and the impacts on young people
https://kidshelpline.com.au/parents/issues/sexting-and-impacts-young-people
What you need to know about sexting
https://kidshelpline.com.au/young-adults/issues/what-you-need-know-about-sexting
Further advice and help
Sites offering help and advice on all issues for youth and children.
While all the above links provide good advice, be aware that some sites cover issues that may not be so suitable for younger children.
Internet Safety Tips for Kids
A short animated YouTube video that gives a good introduction aimed at younger children. It has a busy backing soundtrack though which might make it hard for those with auditory processing and/or ADHD to concentrate on the main message.
Protecting Children’s Privacy Online – A Guide for Parents, Carers and Educators
https://www.comparitech.com/blog/vpn-privacy/protecting-childrens-privacy/
A long, but excellent piece aimed at parents by Paul Bischoff. Well worth a read by parents and older children. Lots of background information about privacy, government stance, risks, etc. Excellent all-round starting point.
ChildLine 0800 1111
UK Charity that’s been around since 1986, providing a confidential helpline for children to call in the UK. Very useful website and charity to know about. Information on school problems, trouble at home, tips on how to be a good friend.
It’s a number worth remembering, for yourself or a friend in need. If you are a child in trouble or in danger ring them. It’s free… Keep trying if they are engaged. You are not alone!
Need that number again: 0800 1111 (and no it’s not missing any digits, it’s short to remember)
They can also be contacted by email and text
Childnet International
A non-profit organisation working around the world to help make the internet a safer and a great place for children. Website full of resources for all ages from 4 – adults, parents and teachers.
7 Rules to Protect my Child Online – Internet Safety for Kids
https://www.broadbandsearch.net/blog/internet-safety-kids
A good US-based blog post on the Broadband Search website, on helping advise how to keep children safe online and what to look out for. Covering a broad range of issues around internet safety, including what those acronyms used in a chat mean (or can mean).
Kidscape
A charity committed to keeping children safe from bullying, harm or abuse focusing on preventative policies and tactics to use before any abuse takes place. The website concentrates on material dealing with bullying and contact information for the organisation.
National Society for the Prevention of Cruelty to Children (NSPCC)
The UK’s primary charity dealing with the prevention of child abuse. Also has a 24-hour helpline 0808 800 5000
Missing People
https://www.missingpeople.org.uk/
A site dedicated to help reunite missing people with their families. It’s not just for children. Lots of useful information. The site has support from a number of UK charities and organisations.
Keeping Children Safe Online
https://pixelprivacy.com/resources/keep-children-safe-online/
A useful piece by Pixelprivacy with some of the things parents/guardians can do help keep children safe online. Particularly if you are not so internet savvy. Covering not just things that can be good practice, but helpful suggestions about devices and settings you can use to help.
[At the time of writing (March 2021) the link on the article to the San Diego County District Attorney was not working, but can be found here: https://www.sdcda.org/preventing/protecting-children-online/facts-for-parents#facts]
Shopping online?
With the ability to shop online, criminals are constantly finding new ways to part you from your money, be it scams or malware computer programmes. Online stores are not always genuine, so do your research first. The following link to advice about shopping online and security was recommended by a fellow user of funandgames.org
http://coupons.answers.com/guide/13892702/Online-Couponing-and-Shopping—Basic-Consumer-Safety.html
Mobile phone cyber security
Nice concise piece for all ages on general smartphone/mobile or cell phone security and risks. Well worth reading to add to your knowledge. https://www.cellphonedeal.com/blog/security-and-your-phone-what-are-the-risks-and-how-to-stay-safe
Social engineering, phishing scams and how to avoid them
Kaspersky
https://www.kaspersky.com/resource-center/definitions/what-is-social-engineering
Long and informed article by Kaspersky about what social engineering scams are and look like.
NHS
Although the NHS (National Health Service UK) is not an obvious choice for information about social engineering threats, they have a need to keep vast amounts of very private personal data safe. Web page provides good information, which might be more accessible than that detailed by Kaspersky.
Keeping Devices Safe by Avoiding Phishing, Scams, and Clickbait
https://www.zipsec.com/learn/avoiding-phishing-scams-and-clickbait
Useful blog article by Kelli Trapnell covering the basics and a bit more detail about phishing and what to look out for so you can identify those emails which are phishing scams and/or clickbait to help you avoid being caught out. Lots of links to other useful sites.
