One of my distinct grade-school memories is filing out of fourth grade class, nervous, but excited to miss a portion of math class. We were having our quarterly disaster-survival drill; instructing students on what to do in case disaster strikes.
While the type of drill varies by location, just about every school kid has participated in a hurricane, tornado, fire or flood drill so they are prepared to handle the situation should it arise.
While working through yet another attempted malicious cybersecurity attack it dawned on me, why can’t we apply this diligence and training to cybersecurity? Why can’t we have cybersecurity drills?
Today, children are savvy consumers of technology. If you’ve passed by a television in the last month you may have seen the ads for Microsoft 10. It starts with great music and a voiceover, “Imagine, these kids won’t have to remember passwords or obsess about security…” This seemed a little naïve to me. According to a 2014 report from IBM, 95 percent of IT security breaches are caused by human error. And it gets worse. You may also be shocked to learn “123456” is the most common password on the Internet, closely followed by “password,” according to SplashData’s annual list of 25 most common passwords.
Why? The answer seems simple: The majority of the population does not receive cybersecurity training in any form.
We must do something about the lack of cybersecurity education available. People should know the basic ways to protect their online reputation. I think the solution is to go straight to the native generations. Kids in school today are very familiar and comfortable with tech gadgets. They have access to laptops, tablets, Internet-connected watches and mobile phones all day long.
My company was contacted by a local school because a sixth grader hacked the school district’s firewall to override the web content controls. It wasn’t a malicious black hat attack, the student simply wanted to access restricted content on a school computer.
Think about it. While the hack wasn’t malicious, it was performed by a sixth grader! How old is a child in the sixth grade, 11 or 12? The fact that a child at such a young age has these skills underscores the point: We can’t underestimate the cyber skills of the upcoming generation — or anyone, for that matter.
Technology won’t keep us safe if we don’t adhere to cybersecurity basics.
What we can and should do is seize the opportunity for a teachable moment, where we can demonstrate the right course of action and inspire kids to work for the good guys. In this case, we participated in an all-day cybersecurity superhero training program at the school to help students and faculty understand basic cybersecurity rules of the road.
Everything Is Connected
We kicked off the training by asking the room full of students if they had a smart phone, computer or tablet at home. Every hand in the room shot up in the air. The first step for good cybersecurity hygiene is to identify all the ways you and your family are connected to the Internet. You might be surprised once you start counting and realize all of the IP-enabled devices in your home.
Next, we asked the kids if they knew a strong password. One student took the bait and shouted out her secret code. We hammered home that kids shouldn’t share passwords with anyone except their caregivers. We also detailed what goes into a strong password. The kids were surprised to learn they shouldn’t use names of pets or best friends, as those words are easy to find on social media. Passwords should include letters, numbers and symbols, and should be at least eight characters. And everyone should change their passwords regularly.
Lock Those Screens
Next, the kids learned the importance of screen time outs and auto locks. One security expert on the panel used an Apple Watch as an example. The minute it was taken off his wrist, no student could access it.
You Did Not Win $1 Million
Then students learned about safe clicking. When playing games or perusing the Internet, they may experience a pop-up box claiming they are a winner or that their computer needs an immediate update. Kids (and parents) should never click on these links. Close the window and move on.
The Biggest Fish You Ever Caught
When asked about fishing, many kids told stories of hanging out on the water. No one knew about phishing and spear phishing. Once they learned what this cyber risk was all about, most realized they had received an email from a stranger asking for something. The team taught the kids to never open suspicious emails or click on unknown links.
Software updates were a hot topic of discussion. The students needed to understand that software updates are an important way companies provide security updates. However, they need to make sure they access only updates from the company or a program’s website. Otherwise, these updates could be pop-up malware.
The day closed out with a panel of white hats chatting with the kids about using their powers for good. Topics ranged from games to programs to what a job in cybersecurity might look like. Hopefully we inspired the gifted young student who hacked the school’s firewall to use his powers for good.
What I discovered is something I think I have known innately: This type of basic training and preparedness helps to create a society of people who are aware of the dangers, how to prevent them and know what to do in case something happens. Even better, it is something that can be shared. We asked these kids to go home and make sure their parents and relatives abide by these new standards, changing passwords and updating software.
There are no silver bullets. Technology won’t keep us safe if we don’t adhere to cybersecurity basics.