Keeping Children Safe Online
Due to school closures and stay-at-home orders from the COVID-19 pandemic, children’s’ increased online presence may put them at greater risk of child exploitation.
When a child is using your computer, normal safeguards and security practices may not be sufficient. Children present additional challenges because of their natural characteristics: innocence, curiosity, desire for independence, and fear of punishment. It would be helpful if you consider these characteristics when determining how to protect your data and child.
You may think that because the child is only playing a game, or researching a term paper, or typing a homework assignment, they can't cause any harm. But what if, when saving their report, the child deletes a necessary program file? Or what if they unintentionally visit a malicious web page that infects your computer with a virus? These are just two possible scenarios. Mistakes happen, but children may not realize what they've done or may not tell you what happened because they're afraid of getting punished.
Online predators present another significant threat, particularly to children. Because the nature of the internet is so anonymous, it is easy for people to misrepresent themselves and manipulate or trick other users. Adults often fall victim to these ploys, and children, who are usually more open and trusting, are easier targets. Another growing problem is cyberbullying. These threats are even greater if a child has access to email or instant messaging programs, visits chat rooms, and/or uses social networking sites.
Below we will break down the different tips that you can use to protect yourself and your kids against these different scenarios while using the internet online.
Be involved - Consider activities you can work on together, whether it be playing a game, researching a topic you had been talking about (e.g., family vacation spots, a particular hobby, a historical figure), or putting together a family newsletter. This will allow you to supervise your child's online activities while teaching them good computer habits.
Keep your computer in an open area - If your computer is in a high-traffic area, you will be able to monitor the computer activity more easily. Not only does this accessibility deter children from doing something they know they're not allowed to do, it also allows you to intervene if you notice a behavior that could have negative consequences.
Set rules and warn about dangers - Ensure your child knows the boundaries of what they are allowed to do on the computer. These boundaries should be appropriate for the child's age, knowledge, and maturity. Still they may include rules about how long they are allowed to be on the computer, what sites they are allowed to visit, what software programs they can use, and what tasks or activities they are allowed to do.
Monitor computer activity - Be aware of what your child is doing on the computer, including which websites they are visiting. If they are using email, instant messaging, or chat rooms, try to get a sense of who they are corresponding with and whether they know them.
Define the types of websites or games they can access and why they are appropriate or not. It is especially important for younger kids as they will want to play the latest games, not realizing the adult themes and content involved. The danger here is not just the games themselves but who your children can end up interacting with without you knowing. For example, if a younger child plays an online game with mainly older teenagers, that younger child could be bullied or exposed to inappropriate behavior.
Keep lines of communication open - Let your child know that they can approach you with any questions or concerns about behaviors or problems they may have encountered on the computer.
Consider partitioning your computer into separate accounts - Most operating systems give you the option of creating a different user account for each user. If you're worried that your child may accidentally access, modify, and/or delete your files, you can give them a separate account and decrease the amount of access and number of privileges they have.
Consider implementing parental controls - You may be able to set some parental controls within your browser. For example, Internet Explorer allows you to restrict or allow certain websites to be viewed on your computer, and you can protect these settings with a password. To find those options, click Tools on your menu bar, select Internet Options, choose the Content tab, and click the Enable... button under Content Advisor.
What Are Parental Controls?
Parental controls are software and tools that allow parents to set controls on their children's internet use. They are a great way of helping prevent children from accessing unsuitable content online.
The talk of parent “controls” can sometimes be confusing. There are three types of controls parents need to be aware of:
- Network-level controls are set on the hub or router and apply to all devices connected to that hub or router (covering your whole household.)
- Device-level controls are set on devices, such as a smartphone, and will apply regardless of how and where it is connected to the internet.
- Application controls are set on the platform or application that is being used. Examples of this would be the settings applied to Google or YouTube. Check that they are working on each device your child accesses.
Review more information on Enroll MFA
While working on many different applications online you may need to keep track of usernames, email addresses, and passwords. It may be tempting to use the same username and password wherever you can to make things simple. If you use the same username and password and your credentials are compromised or leaked someone would be able to access not just that site but other sites as well that you use. Trying to keep track of many different credentials may become very overwhelming. It is recommended to use a password manager in this case.
Benefits of using a Password Manager
- Stores passwords for different sites
- Automatically fills in passwords on websites (depending on which password manager
- Store secure notes generate strong passwords, etc.
- Reduce the number of passwords you have to remember. You only have to remember one master” password
- Makes keeping secure passwords easier
It is recommended that you use a different username and password for each site that you are logging into.
There are many tools available for Password Management
- Major browsers have built-in password managers
- Most can sync passwords between computers and devices
A strong password you have to look up is better than a weak one that’s easy to remember
- It’s tempting to use short, weak, easy-to-remember passwords
- Many sites enforce password complexity rules
- Below are the password complexity rules for the DOE
What makes a strong password?
A strong password is one you can’t guess or crack using a brute force attack. What is a brute force attack? Brute Force Attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys.
Modern computers can crack short passwords consisting of only letters and numbers in a matter of seconds. As such, strong passwords consist of a combination of uppercase and lowercase letters, numbers, and special symbols.
What’s considered a good password?
- Creating a long password is a good password. What is considered a long password? A long password would be a password that is 12 characters or more. Each additional symbol in a password exponentially increases the number of possible combinations.
- A strong password should not be something generic. Ex. “password”, “12345” etc.
- Strong passwords should not contain memorable keyboard strokes Ex. “qwerty”, these passwords are very easy to crack.
- Don’t use personal information about yourself to create your password. Ex. nickname, date of birth, pet’s name etc.
- A good password should be unique. Even though it may be tempting to use the same password for all of your online accounts, that would not be a wise decision. If someone was able to discover your password, they would have access to all of your accounts. You should create a unique password for each account.
- Avoid past passwords that you have used in the past. Make sure you don’t recycle your passwords. Especially if you had issues with a password being hacked in the past.
Examples of good passwords
Below are methods that can be used to create a good password
Use a password generator
If you don’t have time to come up with your own strong passwords, a password generator is a quick and easy way to get a unique and strong password
Use a passphrase rather than a password
Passphrases are much more secure than passwords because they are typically longer, making them more difficult to guess or brute force. So instead of choosing a word, pick a phrase and take the first letters, numbers, and punctuation from that phrase to generate a seemingly random combination of characters. You can even substitute the first letter of a word with a number or symbol to make it even more secure.
Below are examples of how you can use the passphrase method to create strong passwords
I first went to Disneyland when I was 4 years old and it made me happy
My friend Matt ate six doughnuts at the bakery café and it cost him £10
For the first time ever, Manchester United lost 5:0 to Manchester City
NOTE: Don’t use common phrases, because there are vulnerable dictionary attacks - random combinations are what you want
Another method for choosing a password is to open a dictionary or book and choose a random word. But as a random, as it may seem to you, a single word is quite easy for a hacker to guess.
So rather than opting for just one word from the dictionary, choose a few and string them together along with numbers and symbols to make it much trickier for someone to figure out.
Words from the dictionary
Jigsaw, quest, trait, fork
Glimpse, stuff, prize, koala
Trombone, fish, quick, upside
If you want a password that’s difficult for others to guess, but easy for you to remember, it can be a good idea to use a variation on a meaningful phrase or quote. Simply take a phrase you’ll remember and swap out some of the letters for numbers and symbols.
Method for creating unique passwords for each account
After creating the strong password that you can remember, you’ll still have to create different passwords for each of your online accounts. Rather than starting the whole process again to create a password, you could simply add a different code to your password for each online account.
As an example, if your password was cHb1%pXAuFP8 and you wanted to make it unique for your eBay account, you would add £bay on the end so you know it’s different to your original password but still memorable.
Using two-factor authentication
Even if someone does manage to steal your password, you can still prevent them from accessing your account by adding an additional layer of security with two-factor authentication (2FA).
The idea behind two-factor authentication is to use two factors (things) to authenticate your credentials when logging into an online application or site.
This means that anyone trying to log in to your account will have to enter the second piece of information after the correct password. This is usually a one-time code that’ll be sent directly to you.
Sometimes this will be sent to you via text message, although this isn’t necessarily the most secure way of receiving that code. Why? There are methods used by hackers to compromise your mobile number and still get access to your verification code.
It’s much safer to use a two-factor authentication app instead, as they’re much trickier to intercept. Below are a few authentication apps:
- Google Authenticator
- Microsoft Authenticator
For someone to gain access to a site or application, they would need your password and that second factor Ex. Username + Code (Authenticator App)
Below are the three different methods for generating a code for MFA
- SMS Text
- MFA Application (IBM Verify)
DOE employees can learn more information on how to enroll in MFA by going to the following link Enroll MFA
Using a laptop is very convenient because you can carry it wherever you go so are a few tips on securing your laptop
Sync with a cloud service, or use specific backups to ensure your data doesn’t get lost if your laptop is lost or damaged
Ex. OneDrive, Google Drive etc.
Benefit: Encryption protects your data by converting your data into unintelligible data (data that you can’t understand). In the scenario in which your laptop is stolen that person would not be able to access your sensitive files
- Full-disk encryption helps protect data and is widely supported
- Encryption is widely supported on just about every operating system.
IMPORTANT: If you decide to encrypt your files it is very important that you don’t forget the password used to encrypt your files. If you forget the password, you will NOT be able to access your files.
Benefit: Requires password to unlock
Implementation varies across platforms
NOTE: Don’t set lock screen or screen saver to show personal photos
- Ctrl + Alt + Del Click Lock
- Windows Key + L
It is recommended to always change the default password when you first get a laptop
Today just about every information technology device has an integrated camera or has a camera connected to it. Whether it be a laptop, iPad, Chromebook, or other mobile devices. The problem with having integrated cameras is it offers hackers a possible insight into your world. Allowing them to monitor your every action and capture extremely sensitive images from your life.
There are multiple examples of malware designed to specifically target webcams to allow hackers secretly watch their victims. Most malware designed to hack webcams are usually accessed by getting victims to visit infected websites, opening malicious email attachments or by plugging USB drives into their PCs.
Preventing Webcam Threats
The preferred choice to prevent your camera from being compromised is to cover up your camera. The preferred method to cover your camera is using a piece of black electrical tape. It also suggested that you test to see if your camera blocks everything by testing it on your mobile device using the camera app dedicated to controlling your webcam. Please be advised one of the issues with using this method is in the event you may need to use your camera; the tape may leave a sticky residue on your device.
If you don’t want to use this method another way to cover your webcam is purchasing webcam covers online, which come in a variety of shapes, sizes, and colors with some even featuring a sliding door making it easy to protect yourself when the camera is not in use.
Scan your computer for webcam malware
Even though you can use antivirus software to scan your machine for webcam malware, hackers have been extremely good at circumventing this software still allowing them to access your webcam. With that said the better option would be to use a second malware scanner dedicated to detecting webcam malware.
Turn on the LED notification light
Another method that you can use to identify if someone is actively accessing your camera without permission is LED notification lights. Some webcams come with LED notification lights that turn on whenever your camera is active. You can use this as a method to spot if someone is using your camera without your knowledge.
NOTE: Unfortunately, this is not a foolproof method of protecting your camera. There are hackers who have been able to code malware (software) to circumvent this feature as well.
Change the default admin and password
If you are using a standalone camera in conjunction with your computer, make sure you have changed the default settings that are configured by the manufacturer. Please read the instructions that came with your webcam to find out how to change these settings.
- Payment details are often leaked in data breaches
- Payment information can be used to make unauthorized purchases
- Some vendors may not properly secure saved data
- Vendors may misuse payment information
Use a dedicated card for online purchases
- Use one and only one credit card for online purchases, and another for real-life purchases
- Can help contain the damage if your payment information is leaked
Use prepaid gift credit cards
- You can buy these at many stores, and reload and balance them
- They work like regular credit cards
- Helps to prevent tracking by card number, useful for people without credit cards
Apple Pay, Google Payments, Samsung Pay
- Creates a stand-in number for your real credit card
- Transaction information is only valid once, which reduces the chances of leaked payment information
- A caller claims to be from your computer manufacturer or OS vendor
- They say your computer has a virus, is compromised, etc.
- They ask you to install software that will give them remote access to fix it
- Sometimes, this software steals information, or the remote user steals info or installs software
- Just hang up, do not call back
- A caller claims to be from a tax agency or someone working for them
- They say computers have a virus, are compromised, etc
- Just hang up, do not call back
- If you are concerned, contact a tax professional or your tax agency through official channels
- A caller claims to be from “your bank” or “your credit card” without saying what the organization is
- Do not give them any information
- Just hang up
- If you think an issue might be legitimate, contact your bank or card issuer using their official phone numbers
Home Services/Free Inspection
- A caller claims to offer a discount or a free inspection of your home
- Do not share your information, and don’t invite unknown callers into your home or business
- If a program sounds legitimate, do some research and use official channels
Characteristics of Scam Calls
Often from a distant area code or invalid phone number
- Faking a phone number is easy
- Caller ID isn’t always reliable.
Protect Against Inappropriate Content
Tools like parental controls can help protect your children from accessing inappropriate content, but you can’t check everything they see on the internet. You need to help them avoid unsuitable content, and cope with it if they see it. The first step is to talk to them about it. Below are a few tips on what conversations should be started with your children about what they see online.
- Explain age limits and age-appropriate sites
- Talk to other parents and the school
- Agree to ground rules
- Be calm and reassuring
- Talk about what is fake and what is real
- Use storybooks to start conversations
Review more information on inappropriate content.
Protect Against Strangers Online
Below are several internet and social media tactics used to attack or gain personal information that parents/students should be aware of when surfing online.
Online trolls are most similar to the playground bullies you would have encountered at school. These people deliberately provoke arguments and fights on social media and forums, often by saying the most grossly insensitive and offensive things.
These people are often perfectly normal and polite when met “in real life”; but when protected by the anonymity of the Internet, they can be incredibly aggressive. Often they will make sexist, racist or homophobic jokes to stir up an argument.
Sometimes online trolls will target specific people, like the family of Madeline McCann, making unfounded (and untrue) accusations of murder, abuse and other crimes. Others will seek to humiliate their victims, tricking them into sharing sensitive personal information that they will then publish publicly online.
Best defense against online trolls is to ignore them. Learn more about online trolls and hear from a real-life Online Troll.
When you think of addiction, you may think of drinking, smoking and drugs. But did you know that online use is also an addiction?
This behavioral addiction is where a person becomes dependent on the use of the Internet, or other online devices, as a usual way of coping with life's stresses.
As Internet addiction is not formally recognized as an addictive disorder, it may be difficult to get a diagnosis. However, several leading experts in behavioral addiction have contributed to the current knowledge of symptoms of Internet addiction. All types of Internet addiction contain the following four components:
- Staying on the Internet for too long
- When the internet is not available, exhibit withdrawal symptoms such as anger, tension, and depression
- Needing more and more computer-stimulation until it takes over your entire thought process
- Offline life suffers, i.e. relationships, finances, grades
Learn about this very real problem and watch the newscast about online addiction.
As a member of society, you are expected to wait your turn to cross the street, not litter, and to say please and thank you.
Digital Citizenship is about much more than online safety or a long list of don'ts. It's also about the do's that help create thoughtful, empathetic digital citizens who can wrestle with the important ethical questions at the intersection of technology and humanity.
Those do's include:
- Using technology to make your community better
- Engaging respectfully online with people who have different beliefs than you
- Using technology to make your voice heard by public leaders and to shape public policy
- Determine the validity of online sources of information
Learn more digital citizenship and Accountability and Responsibility.
Every day, whether we want to or not, most of us contribute to a growing portrait of who we are online, a portrait that is probably more public than we assume.
This portrait helps companies target content at specific markets and consumers, helps employers look into your background, and allows advertisers to track your movements across multiple websites. Whatever you do online, you might be leaving digital footprints behind.
So no matter what you do online it’s important that you know what kind of trail you’re leaving, and the possible effects.
While it’s not possible to have ZERO footprints, the first steps toward reducing your digital footprint and managing your digital identity are not that hard.
Learn more about digital footprints and review the digital footprint info gram.
Online scams are different methodologies of fraud facilitated by cybercriminals on the Internet. Scams can happen in many ways- via phishing emails, social media, and SMS messages on your mobile phone, fake tech support phone calls, scare ware and more.
These scams main purpose can range from credit card theft, capturing user login and password credentials and even identity theft.
Most Common Types of Online Scams:
The top online scam today is Phishing. Internet thieves’ prey on unsuspecting users by sending out phishing emails. In these emails, a cybercriminal tries to trick you into believing you are logging into a trusted website that you normally use. It could be a bank, your social media account, an online shopping website, shipping companies, cloud storage companies and more.
Another type of popular phishing scam is the Nigerian Prince, or 419 scam. These are phishing emails in which you’re asked to help bring large sums of money into the country, cash phony money orders or wire money to the thief. The trick is that the scammer first asks you for a small fee because the larger sum of money is “tied up” whether it be in wire transfer fees, processing fees or some other tall tale.
One close to our industry is fake security software, which is also known as scare ware. These start with a pop-up warning saying that you have a virus. Then the pop-up leads the user to believe that if they click on the link, the infection will get cleaned up. Cybercriminals use the promise of “Free Anti-Virus” to instead implant malware on a victim’s device.
Social Media Scams
Social media scams are a variety of posts you will see in your news feeds, to get you to click on a link that could potentially be hosting malware.
Mobile scams can come in many forms, but the most common are phishing apps. These apps are designed to look like the real thing, just like phishing emails. It is the same premise; however, instead of emails, the malware is passed through a fake app.
Social Engineering Scams
Social engineering is a way that cybercriminals use human-to-human interaction to get the user to divulge sensitive information. Since social engineering is based on human nature and emotional reactions, there are many ways that attackers can try to trick you online and offline.
Below are additional resources about online scams:
Cyberbullying is bullying that takes place over digital devices like cell phones, computers, and tablets.
It can occur through SMS, Text, and apps, or online in social media, forums, or gaming where people can view, participate in, or share content.
Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation. Some cyberbullying crosses the line into unlawful or criminal behavior.
The most common places where cyberbullying occurs are:
- Social Media, such as Facebook, Instagram, Snapchat, and Tik Tok
- Text messaging and messaging apps on mobile or tablet devices
- Instant messaging, direct messaging, and online chatting over the internet
- Online forums, chat rooms, and message boards, such as Reddit
- Online gaming communities
Below are additional tools about cyber bullying:
Strangers no longer come up to your child in a car and offer them candy; they now come through the computer! Stranger danger is all around our kids in the cyber world. They are constantly approached by people they don’t know as they put their entire lives on display in their social media feeds.
For some reason, even as adults, we don’t connect the real world to the cyber world. We like to post that pic of the best ice cream we’ve ever had and tag the location in real-time not realizing that “Joe Shmoe Creeperton” can easily track us. Our teens snap, insta post + insta story and tweet their every move tagging locations as they go.
Stranger danger is also an issue when it comes to dm (direct messaging), snaps (snapchat direct posts), and online gaming.
Below are additional resources about Stranger Danger:
Sharing Personal Information
Think before you post anything online or share information in emails. What you post online, can be seen by anyone. Sharing personal information with others you do not know personally is one of your biggest risks online.
Sharing sensitive information such as your address, phone number, family members’ names, car information, passwords, work history, credit status, social security numbers, birth date, school names, passport information, driver’s license numbers, insurance policy numbers, loan numbers, credit/ debit card numbers, PIN numbers, and bank account information is risky and should be avoided.
Consider removing your name from websites that share your personal information obtained from public records (including your phone number, address, social media avatars, and pictures) with anyone on the internet.
Photos taken from smartphones embed the GPS Coordinates in the photo, which will allow others to know the location of where the picture was taken and may be used to find you. Beware of this when posting photos to online social media sites.
Remember that pictures posted online may be copied, altered, and shared with many people without your knowledge or consent, unless you use privacy settings to limit who has access to the pictures.
Below are additional resources on sharing data: