A few years ago, from time to time I used to visit the school where my wife taught IT, to talk to some of their students about IT security. In fact, we wrote a paper at that time(along with my good friend Eddy Willems), based on some research data we gathered between us in the UK and Belgium about student knowledge of and attitude towards security issues: Teach Your Children Well – ICT Security and the Younger Generation. We also drew on the same data for a chapter in the AVIEN Guide to Malware Defense for the Enterprise.
All that was six or seven years ago, but the online safety of the younger generation is an ongoing concern. However, Urban Schrott, my colleague at ESET Ireland, while considering the same issue, came up with an angle with an unexpected resonance. A teacher is expected to act to some extent "in loco parentis" during school hours – that is, to take on some of the role of a parent, though exactly what that means is open to debate, and indeed varies widely according to which part of the world you live in – but sometimes teachers feel that their role has been extended far beyond education and into areas that are closer to the role of a nanny or au pair. Urban's article, though concerned with IT issues rather than the pastoral side of education, asks, rather pertinently, "Has the web become a nanny for Irish parents?"
ESET Ireland commissioned a survey from Amárach Research, to find out how Irish parents supervise their kids’ activities online. It may not surprise you that 73% out of a sample population of over 1000 parents said that they don't supervise their children's access to the web. However, you might be surprised to see how many children surf unsupervised at a much younger age: certainly I was.
Urban suggests, convincingly, that "most parents will probably say “But my child knows much more about computers than I do!”, so how to stay on top of what’s going on?" My experience suggests that many teachers (even some who spend at least some of their time teaching IT-related subjects) would probably also subscribe to the view that their students are more internet-savvy than they are. And all too many teenagers are convinced they know more about everything than their parents and their teachers. But are they more security-savvy?
There's a big difference between knowing your way round Facebook and being a computer science hotshot. (Bear in mind that the lowest age-groups here shouldn't even have a Facebook account.) And it's another big leap to being at home in the world of backdoor Trojans and buffer overflows. However, Urban suggests a number of countermeasures that are more common sense than technical knowledge, and I'd consider it a parent's job to help younger children to develop those on-line life skills:
It's harder, in some ways, to keep your children safe online nowadays, than it was when my child was in this age-group: they're likelier to have their own computers and iGadgets (as we're never tired of reminding you, a smartphone is a computer, and more and more cellphones are smartphones), so it's not just a matter of locking down the family PC. But do you really want to leave it to your children to take care of their own safety? It's not just a matter of taking care of them, either: in a complex, interconnected online world, your child's online misadventures can have impact on you in ways you may never have thought of.
I think I may feel a blog series coming on.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, We Live Security