Classic Childhood Lessons Can Protect Us from Today's Cybersecurity Threats

Recently, I had the distinct pleasure of spending nearly two full weeks with my Mom. While spending time with her- and working remotely at the same time- I was reminded that many of the lessons that we’re taught as children can be incorporated into cybersecurity best practices.

So, this won’t be one of my traditional application security best practices blogs. Rather, the purpose of this blog is to link the sage advice we all received in childhood with ways to improve your family’s modern-day cybersecurity.

“Don’t take candy from strangers”

I always found this advice to be paradoxical. We were told never to take candy from strangers, then on Halloween we graciously accepted candy from lots of different strangers, just by saying, “Trick or Treat!”

How does this situation relate to cybersecurity? A phishing e-mail can be viewed as proverbial candy from a stranger on the Web. However, the stranger in the phishing e-mail example is masquerading as someone you know- a business colleague, your financial institution or even a community organization that you support.

How this childhood advice applies to modern cybersecurity:

• You should be cautious about receiving unexpected messages from others, even if they appear to be coming from trusted sources.
• Carefully review the sender’s e-mail address and all of the links in the message, without clicking on any of the links. And, If the message appears to originate from a legitimate retailer that you do business with, don’t hesitate to reach out to the retailer to confirm the message’s authenticity, via traditional customer service channels.
• Be especially wary if there is unnecessary time-sensitivity to the message, with verbiage demanding “Immediate Action Required,” threatening “Act Now to Avoid Account Closure,” etc.
• If a “friend” has sent you an e-mail about an activity that you’re collaborating with him/her on but it doesn’t appear legitimate, use a different communication method (such as a phone call or social media interaction) to confirm authenticity of the friend’s message.
• Remember that legitimate companies don’t request sensitive information or send you file attachments via e-mail.
• Consult trusted resources such as this US Federal Trade Commission site to learn more about threats like phishing.

“Never share your personal information”

Fortunately, I grew up in a neighborhood where most of the local parents knew my parents well, and they all kept an eye on us when we were playing outside. My how times have changed!

So, admittedly this advice is a tough sell in the modern era. I recently read that this is the first era in world history in which we become “friends” with most of our contacts- through social media, dating apps and gaming technology- without ever meeting those same contacts in person.

How this childhood advice applies to modern cybersecurity:

• There’s a time and place for the information that you share online. Remind your family members that they should be careful not to share their complete name, age, detailed contact information or physical location on the Web. A 2018 episode of “Web of Lies” on ID Discovery titled “Dangerous Games” documents a real-life situation in which a teenage gamer revealed his physical location to a fellow gamer, resulting in extremely unfortunate consequences for both.
• Heed my classic advice that if something or someone online appears too good to true, it probably is. Listen to your instinct and disengage if you need to.
• Remember that simple questions such as, “Your dog is so cute! What’s his name?” might represent social engineering attempts to obtain information that could be used later to access your online accounts.
• Never utilize passwords that contain your personal contact information, such as your date of birth, Social Security Number, mother’s maiden name, etc.
• Review trusted resources such as this My Sudo blog, to protect your online information more effectively.

“Don’t be afraid to speak up.”

Society has made a lot of progress on this element over the years. Electronic communication has helped to document undesired communications from others and viral smartphone video has literally transformed the world.

However, the volume of electronic communications and the power of Internet search engines mean that it’s much easier for others to find you and contact you anytime. To give a direct comparison, bullying essentially occurred during school hours when I attended school, but now cyber-bullying can occur 24/7/365.

How this childhood advice applies to modern cybersecurity:

• Recognize classic cyber-bullying warning signs, including uncharacteristically emotional reactions after family members are online or utilize their phones, withdrawal from social activities that previously brought them pleasure or unusual fear associated with school attendance or a particular class at school.
• Maintain an open environment within the family, where online activities can be discussed openly, even activities like social media postings that may have resulted in a sense of regret after they are made.
• Remind all family members that, “if you see something, say something.” They should be encouraged to take action right away when they experience unusual online behavior, because it’s much easier to address problems immediately without allowing them to snowball.

To Learn More

I’ve been a major proponent of StompOutBullying.org’s Blue Shirt Day for many years now. You can find a lot of beneficial cyber-bullying resources on the site’s “Get Help Now!” tab. And, if your organization develops applications for users of any age, you can sign up for a 30-day free trial of HCL AppScan to protect your business apps from potential security vulnerabilities that can be leveraged by cyber-criminals.