The Story Goes As Follows:
Mrs. D’Souza works at company OpEd for the past 10 years. She plays a leading role as Chief Information Security Officer whereby she oversees the business’ security program and ensures that strategies and technologies are in place to effectively protect the organization from cybercrime and privacy breaches. Mrs. D’Souza is also responsible for raising awareness on information security and ensuring that all staff understands and commits to best practices in the workplace.
It has been a long, albeit productive, week at the office, and Mrs. D’Souza decides to call it a day and heads home. In the train, she rests her head comfortably on the headrest and contemplates her recent activities at work: establishing a new security awareness campaign, making sure that employees are well-informed on the training that is to come, and working with IT to guarantee a smooth launch for the learning platform.
Her mind, ever active, pushes the privacy envelop further and considers the status of her family’s online behavior and the amount of information each member shares when using social media or browsing on the internet. She sits upright in her seat. Thinks. And decides that she would apply a few information security tools – which she uses with employees at work – in her home. By the time the train reaches her destination, Mrs. D’Souza has drafted out a nifty information security toolbox for her family.
In her toolbox, she includes five items:
A Quick-Access Guide on Information and Privacy
Families should understand that some information is confidential and should not be revealed on social media platforms – not only our information, but also that of others. Adults and children should review privacy settings in social media platforms and maximize their effectiveness. Parents should get familiar with the online platforms on which their kids are interacting.
Conversations about Information Security and Safe Online Behavior
The same way that parents discuss safe behavior when it comes to strangers and playing outside, parents should have a dialogue with their kids regarding information security and the right to privacy. Tweens and teens are smart and learn very quickly. Therefore, age-appropriate discussions about spam, phishing, online predators and social engineering could be interesting conversations at dinnertime. If we are to give kids smart devices, we need to have smart dialogues!
Passwor!s Passw*ords P@sswords
We cannot stress enough the importance of using strong passwords and maintaining their privacy. Kids should know that their online identity needs to be protected, and the information that is revealed should be safeguarded by effective passwords. Let us teach our kids what makes a strong password and the rationale for non-disclosure. The Office of the Privacy Commissioner of Canada (OPC) writes, “Encourage them to ensure their passwords are strong (eight characters or more and a variety of letters and/or numbers). If they need to write their passwords down to remember them, they should keep them offline in a secret, secure, locked place”.
We must understand the influence that we have over our children and their behavior, advised the OPC. The same goes for online behavior. Throughout your career as responsible adults and parents, your behavior echoes within the private sphere and shapes each member. Thus, the next time you answer emails or shop online, think about the best practices you wish to instill in your family, and apply them accordingly. Use what you have learned during your information security campaign and make it part of your domestic routine. Indeed, home and work spheres constantly overlap in this ever-increasing digital era in which BYOD and working from home are part of our professional landscape.
Families should be security-literate when it comes to scams as these tactics do not discriminate among targets, indicates the OPC. Young and old, we are all potential victims. Nevertheless, we can learn about best practices to better protect our families. The key is dialogue. Let us have conversations about social engineering. Again, kids are resilient and are often eager to acquire new knowledge. In addition, we discuss the importance of verifying the legitimacy of sources and the different elements that are included in the email: phony name or email address, suspicious URL link and website, and email messages originating from pseudo leaders and requesting your urgent attention. Teaching conscientiousness is part of raising young humans. Facilitate dialogues around security certificates for websites, and what it means to navigate on a secured HTTPS website versus a non-secured page. Home is a safe space for such discussions and a great setting for challenging existing ideas and assumptions. If we are to give kids access to smart phones and tablets, then we have a collective responsibility to provide them with the tools and skills to carry out safe online behavior.
As she sits down to enjoy dinner with her family, Mrs. D’Souza takes one last moment to contemplate her new project. “Literacy in information security signifies empowering loved ones with best practices so that they feel well-equipped to perform their own respective role as digital citizens,” she thinks. Mrs. D’Souza then turns to her 13-year-old son and inquires about his day. “My friends and I just joined this social network,” says the boy, smiling. And so, it begins…