A few years ago, from time to time I used to visit the school where my wife taught IT, to talk to some of their students about IT security. In fact, we wrote a paper at that time(along with my good friend Eddy Willems), based on some research data we gathered between us in the UK and Belgium about student knowledge of and attitude towards security issues: Teach Your Children Well - ICT Security and the Younger Generation. We also drew on the same data for a chapter in the AVIEN Guide to Malware Defense for the Enterprise.

All that was six or seven years ago, but the online safety of the younger generation is an ongoing concern. However, Urban Schrott, my colleague at ESET Ireland, while considering the same issue, came up with an angle with an unexpected resonance. A teacher is expected to act to some extent "in loco parentis" during school hours - that is, to take on some of the role of a parent, though exactly what that means is open to debate, and indeed varies widely according to which part of the world you live in - but sometimes teachers feel that their role has been extended far beyond education and into areas that are closer to the role of a nanny or au pair. Urban's article, though concerned with IT issues rather than the pastoral side of education, asks, rather pertinently, "Has the web become a nanny for Irish parents?"

ESET Ireland commissioned a survey from Amárach Research, to find out how Irish parents supervise their kids’ activities online. It may not surprise you that 73% out of a sample population of over 1000 parents said that they don't supervise their children's access to the web. However, you might be surprised to see how many children surf unsupervised at a much younger age: certainly I was.

Urban suggests, convincingly, that "most parents will probably say “But my child knows much more about computers than I do!”, so how to stay on top of what’s going on?" My experience suggests that many teachers (even some who spend at least some of their time teaching IT-related subjects) would probably also subscribe to the view that their students are more internet-savvy than they are. And all too many teenagers are convinced they know more about everything than their parents and their teachers. But are they more security-savvy?

There's a big difference between knowing your way round Facebook and being a computer science hotshot. (Bear in mind that the lowest age-groups here shouldn't even have a Facebook account.) And it's another big leap to being at home in the world of backdoor Trojans and buffer overflows. However, Urban suggests a number of countermeasures that are more common sense than technical knowledge, and I'd consider it a parent's job to help younger children to develop those on-line life skills:

  • Know (and discuss) the dangers. I'd suggest that with younger children, learning about safety issues could be a family project where parents and children could learn from each other.
  • Issues such as piracy aren't just moral issues (important though moral issues are): they have dangerous practical implications, too.
  • The web (and especially social media sites) are about social interaction with people you or your children may never have met. The idea of Facebook as a paedophile's playground may be overstated, but it's not fiction.

It's harder, in some ways, to keep your children safe online nowadays, than it was when my child was in this age-group: they're likelier to have their own computers and iGadgets (as we're never tired of reminding you, a smartphone is a computer, and more and more cellphones are smartphones), so it's not just a matter of locking down the family PC. But do you really want to leave it to your children to take care of their own safety? It's not just a matter of taking care of them, either: in a complex, interconnected online world, your child's online misadventures can have impact on you in ways you may never have thought of.

I think I may feel a blog series coming on.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow