Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

Securing Devices At Home and Work

 Last week I blogged on the topic 8 home tips for Cybersecurity. Given this week’s Cybersecurity Awareness theme of Securing Devices at Home and Work, I thought I’d delve a little deeper into a couple of the broad topics brought up, and how to extend them through your whole family.  

 The first device I want to secure, if you’ll pardon the simile, is your kids. It is never too early to start teaching kids about cybersecurity and being safe online. This is not solely to protect your credit card when your child discovers that you left yourself logged in to Amazon, but to protect your child’s identity so that they don’t turn eighteen and discover that someone borrowed their identity and defaulted on a mortgage in their name.  

 Home and online education are doing great things for both child safety and preventing the spread of Covid-19and for others, it’s a way of life. Both homeschool kids and alternative learning needs will enjoy long-term opportunities from the changes the current pandemic has created. However, there are dangers to look for from both websites and information gathering. While Universities have had budgets and departments dedicated to IT security, many K-12 school systems do not and have not and are scrambling to cobble their systems together to support Zoom and other online meeting sites as well as fully virtual learning experiences. I want to go on record as saying Bravo to those educators learning how to convert their lesson plans to a series of virtual engagements, while simultaneously offering parents some cautions to look for.  

 The FTC has a great site on the topic of how to look for child identity theft, and it’s worth monitoring for these warning signs. If your child has an SSN, go ahead and get their free credit report annually when you get your own. Scams out there are designed to lure in kids and adults alike, either for phishing information or merely to drop a trojan onto your kid’s laptop, iPad, phone, or other personal devices. Stealing a kid’s personal data can help them create fake identities and build a bad credit history. 

 It’s seldom “too early” to teach kids how to be safe online, and what to look for in dangers. Gamification and cartoon learning and modeling is fantastic if presented at appropriate levels, and the FBI site on NCSAM has a whole page for kids. Consider interactive fun, and as a parent challenge your kid for who gets a better score on a “Spot the Phishing” game. Maybe kick off the games with this spin on an old Dr. Seuss favorite 

 Finally, and I know this one can be challenging, it’s worth it to sit down and talk as a family about identities and logins and security. Kids on playdates will log into their Instagram or Facebook or Tumblr accounts on each other’s devices – it happens all the time if one brings a device the others don’t have. Remind them to NEVER click on “save password” when they are on someone else’s device or a public device like the Library or school systems. Remind them until they roll their eyes and assure you that every safety-minded warning is an old hat. 

 I also recommend setting up a fake email address under a different name to use for logins and gaming. Any time a system asks for an email, and many do for marketing purposes (or shady purposes) and it’s not attached to payment systems, it may be wise to use a fake identity. You do not owe truth and PII to random games on the internet, nor on many social media systems. And I’d recommend using a cute picture of your favorite animal (or something equally innocuous) in place of a child’s face for any online social media accounts while making sure they are all locked down to friends only and family.  

 Facebook has Messenger for Kids – which you can help tailor and be involved in. Read the Parent’s Guide for Instagram. This Tumblr discussion has excellent points on how privacy can be an illusion on social media.  

 On the final topic of home devices, many people have installed CCTV systems for home security. I’m generally not a fan, because there are two ways to ask the same question – from a marketing standpoint, and from a security standpoint. I gave this talk years ago at a VMUG group for Law Enforcement, and end up repeating it a lot:  

Marketing for CCTV systems says, How many of you like to look down at your phone and see that your kids are home safe from school?” Many hands might go up. Then I ask, “Same question from a malicious agent perspective: How many of you are comfortable that strangers might be able to see that your kids are home and alone in the house because they’ve hacked your network?” The hands usually go down again.  

I encourage you all with these systems to patch early and often, ask questions about the security of the connection and how the company will continue to assure your safety. And on the topic of privacy, I offer this discussion from the UK because even though the US doesn’t have GDPR yet, the concepts are universal. 

Topics: Credential Compromise, Hacking, October Cyber Security Awareness Month, Security Skills,

Posted by Jeannie Warner on October 15, 2020 7:36 PM

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More

Developer

What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More

Events

A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More

Research

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More