Monday, June 24, 2024

5+ Things to teach your kids about Social Media

With children now back at school, it’s time to think about social media, and their use of it.

Are they already firing out tweets, chatting in Discord channels, or even just looking to set up a Tik-Tok account? Now is the time to consider giving your kids some security and privacy tips for all their social media needs.

1. Get to grips with default settings

Most sites are in the business of making your data their business. EULAs and privacy policies are frequently terribly confusing for grown ups. Expecting a child to make sense of 1,000 very legal words is unfeasible. Social networks are absolutely in the business of providing services for free, and then using analytics to drive advertising on their sites.

Often, privacy settings are defaulted in a way which makes it easier for marketing/advertising/data-gulping to take place. Some examples:

  • Allow third party/relevant advertising tailored to your interests
  • GPS location set to on (usually ties into the targeted advertising point above)
  • Find your friends (in other words, import your address book and make connections between email addresses and social media profiles)

These are things which may sound helpful, and no doubt are to some, but everybody using an app does not need any or all of these enabled by default. With this in mind, here’s what to tell your kid about default settings:

Look out for anything mentioning offers, location, advertising, relevant content, and finding friends. All of these options and settings help the site you’re using to operate, but they’re not necessarily going be helpful for you too. Before you start posting, ensure options like location in particular are disabled unless you have a very good reason for needing it.

2. It’s all about location

We touched on this briefly above, but this is a key component of your “Please watch out for these things” conversation. Trolling. Doxxing (grabbing personal details in a way which identifies an individual and then publishing them online). Swatting (sending fake emergency calls to law enforcement which results in armed officers crashing through your door). All of these things are very bad, and you don’t want your child getting tangled up in any of it.

Sadly, location services on social networks can cause problems in this area. Sometimes location is kept private for the user only. Other times, the location is in full view. It may be somewhat generic and say a major city like London, or it may drill down to a street.

Even without tech related issues or troublesome settings, the real-world can also give details away. Thanks to open-source tools, reverse image searches, and crowd-sourcing data, it’s never been easier to give the locational game away:

  • A letter in a photograph with your address on it
  • Unique identifiers (views outside a window, for example)
  • Regional dialects or other specific references in the background of video footage
Recommended:  Hacker publishes credentials stolen from Fortinet’s FortiGate VPNs

Almost anything can provide somebody with the clue to get an idea of where your child may be living. Here’s what to tell your child:

Pay close attention to the world around you if you’re a fan of streaming, Tik-Tok, or selfies. Keep your home, identifiable locations, and anything with your name and address on it out of shot. Even grown ups make these mistakes, so it’s very easy to accidentally do it yourself. Oh, and if you’re going on holiday you may wish to reference it only once you’ve returned home. Tales of empty houses being broadcast to the world at large on social media may not end well.

3. The value of anonymity

Back in the olden days, most of us were online using a pseudonym. It wasn’t massively common to have your real name or other potentially unique identifiers following you around from site to site. In fact, for the first few years of my security career, writers and journalists referred to me as my online handle because they didn’t actually know my name.

This is a far cry from what we currently have, with real names everywhere, verified profiles, authentication, and the common refrain that only people with something to hide don’t use their real name.

The reality is, people don’t use their real name online for all sorts of valid reasons. There might be domestic abuse or harassment issues. They may live somewhere where free speech or being critical of their government is frowned upon.

However, it’s important to note that you don’t have to be in one of the above awful scenarios to insist on anonymity of one form or another. Indeed, going down the anonymous route from the get-go may help ward off potentially unpleasant situations at a future date anyway.

Most sites will allow you to use whatever visible username you like. A few insist on real names, but it’s unlikely your kids are currently hanging out on Facebook. While you’re usually asked to put a real name alongside your online handle, it’s not mandatory and there’s a good chance nobody will ever check what you put there. Nor are the platforms likely to suddenly lock an account and demand additional verification of some kind at a later date. Here’s what you should tell your children about this issue:

There’s nothing wrong with being anonymous on social media, and unless the site explicitly asks for a real name and additional information you shouldn’t feel pressured into handing it over. Keeping yourself anonymous also helps to ward off some of the issues related to location oversharing. Pick the level of generic anonymity that you’re comfortable with.

4. Watch out for the fakers

Social media is rife with scams, and scammers will happily target anyone in front of them. In fact, some will actively target children specifically because of their likely inexperience in spotting a fake-out. Kids are also unlikely to use additional security measures like two-factor authentication. This means less work for the attacker. Fortunately you can help with this.

Recommended:  CommonSpirit says 623K patients are affected by the data compromise

Any platform you can think of has scams particularly suited to it. Instagram is awash with Bitcoin scams and bogus competitions. Twitter has lots of phishing, NFT scams, bogus video game downloads, and get rich quick schemes. Facebook sees a fair amount of fake PlayStation sales and more generic Messenger scams. Compromised verified accounts, which add legitimacy to fraud, are common across all platforms.

What you should tell your kids:

Every site has its own groups of scammers, each with their own preferred method of attack. Spend a few minutes reading the site’s security pages to ensure you keep your account safe from harm. If an offer or deal sounds too good to be true, it probably is. Very few social media giveaways are genuine.

If you receive direct messages from strangers, or you’ve been notified that you violated a website policy and need to re-verify your identity, come and tell us and we’ll take a look for you. Never, ever grant someone access to your account…even if they claim to be employees for the site. This is never going to be a genuine request from a member of staff and you may lose your account.

5. Be honest and respect privacy

Many times, young children and teens don’t want the hassle of locking everything down and micromanaging passwords or security settings. They may already have email addresses and various social media accounts. Are those email addresses locked down? Using two-factor authentication? Do your kids know their way around the various security settings across all of their logins? How about password managers?

In these cases, parents often offer to help. Where younger children are concerned, I know some parents who use one of their pre-locked down email addresses to tie social media accounts to. Most of the time, you don’t really need to do much with whatever address you link to Twitter or Tik-Tok or anywhere else, you just need it to tie your username to. As a result, hooking the accounts to a secure email managed by parents can be a quick and easy win for everybody.

Of course, there are privacy issues here to consider. The older the child, the more likely they may be to send other social media users direct messages. Parents should be open about this; some platforms send a digest of all private messages to the connected email account. You can turn this feature on and off in Twitter, for example, but every site is different. You should see how your child feels about this. Some may not care, but others most definitely will. What to tell them:

I’m happy to micromanage the security practices behind the scenes. The trade-off is that some, or all, of what you do may be sent back to me through the email used to register the account. We can check how the site in question works in relation to this, and set it in a way you’d be comfortable with. Remember that sites often change existing features or add new ones, and we may have to adjust as we go.

What Can Parents Do?

It’s important to be aware of what your kids do online. But snooping can alienate them and damage the trust you’ve built together. The key is to stay involved in a way that makes your kids understand that you respect their privacy but want to make sure they’re safe.

Recommended:  Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

Tell your kids that it’s important to:

  • Be nice. Mean behavior is not OK. Make it clear that you expect your kids to treat others with respect, and to never post hurtful or embarrassing messages. And ask them to always tell you about any harassing or bullying messages that others post.
  • Think twice before hitting “enter.” Remind kids that what they post can be used against them. For example, letting the world know that you’re off on vacation or posting your home address gives would-be robbers a chance to strike. Kids also should avoid posting specific locations of parties or events, as well as phone numbers.
  • Follow the “WWGS?” (What Would Grandma Say?) rule. Teach kids not to share anything on social media that they wouldn’t want their teachers, college admissions officers, future bosses — and yes, grandma — to see.
  • Use privacy settings. Privacy settings are important. Go through them together to make sure your kids understand each one. Also, explain that passwords are there to protect them against things like identity theft. They should never share them with anyone, even a boyfriend, girlfriend, or best friend.
  • Don’t “friend” strangers. “If you don’t know them, don’t friend them.” This is a plain, simple — and safe — rule of thumb. Let them know that kids who follow friends are generally happier than those who follow strangers.

Closing out the Summer

It’s not easy getting kids ready to go back to school. It’s even trickier to ensure they keep themselves safe from harm online. We hope the advice above will be helpful to you in getting one of those two gargantuan tasks off the table. Stay safe out there!


Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates