Keeping Kids Safe From Online Threats: Advice From a Malware Analyst and Mom

Keeping kids safe from online threats is part of our job as parents. But being parents means we aren’t necessarily digital natives like our children. That makes the task of keeping our kids safe online, a daunting one. We may feel intimidated because we just don’t know enough about how things work in cyberworld to keep them safe. Or we may feel unnerved at the thought of our children surfing and playing, left vulnerable to predators hidden from view.

It would be nice if we had a sort of guide to tell us how to navigate this scary world in which our children are immersed. So we went to Elise van Dorp, self-described geek, malware analyst, and mom. We hit her up with every question we could think of relating to online threats and how to keep our children safe.

Varda Epstein: What are the main threats to our children in the online world?

Elise van Dorp: Online threats to children include bullying, cyberpredators, sextortion, scholarship and financial aid scams, talent agency and modeling scams and schemes designed to trick kids into installing password-stealing malware, to name but a few. Even playing popular games like Fortnite is not without risk. The unfortunate reality is that pretty much everything a child may do online has some degree of risk attached.

It’s also important to remember that kids’ activities can have serious consequences for their parents, especially in the case of shared or family devices. If your child installs password-stealing malware on a device that you use for online banking, for example, your bank account could be quickly emptied.

Perhaps the biggest threat is lack of knowledge. If parents aren’t aware of the threats their kids face, they’re not going to be able to help them avoid those threats.

Varda Epstein: How much should we, as parents, concern ourselves with our children’s online security?  At what point does a parent’s involvement become intrusive and hamper a child’s exploration of the internet?

Elise van Dorp: Parents should be involved in their children’s online activity. If parents don’t know what their child is doing, they also don’t know what possible dangers their child is facing. The way we monitor our children is, however, important. We can present ourselves as the internet police and show STOP signs whenever we think our children are visiting places they shouldn’t, or we can make the journey alongside them. Communication is the key.

Policeman holding stop sign
“We can present ourselves as the internet police and show STOP signs whenever we think our children are visiting places they shouldn’t, or we can make the journey alongside them.”

As soon as a child has a device that can be used for online activity—a phone, tablet, or laptop—work together on some ground rules. But know what you are doing. If you have no clue how a phone works, it would be much better if you don’t allow your child free access to all its online functions until you’ve invested some time in finding out what risks your child is facing. Read online articles and watch videos that describe the function of your child’s device if you aren’t technologically savvy.

Right To Privacy

That said, depending on their age, children also have a right to privacy within the limits you have established as their parents. If you have an app like Google Family Link that tracks the location of your child’s phone, don’t use it to obsessively track every movement of your child. Don’t use such apps surreptitiously as this may simply result in children leaving their phones at home or at a friend’s house when they go out.

Explain what you are doing. Honesty builds trust. If you decide to check your child’s social media activity from time to time, let the child know what you are doing and why.

As children get older, parents should begin to let go and hope that the lessons they’ve taught their children will stick.

Varda Epstein: Children today are digital natives. Why doesn’t being savvy with technology protect them from the dangers that are out there?

Elise van Dorp: Knowing how something operates doesn’t make you a skilled operator. Think about it: An expert mechanic isn’t necessarily going to be a safe driver. Safe driving is a skill that needs to be learned. It is the same with kids and technology. They know how to use their devices, but they don’t necessarily understand how to use them safely. Like driving, online safety is a skill that needs to be learned. A parent can serve as a child’s guide and teacher to safe online behavior.

It’s also important to note that being familiar with technology and online interaction doesn’t immunize or protect a child from bullying, peer pressure, or flattery from cyberpredators. Children are as vulnerable online as they are in the real world.

Children Are Soft Targets For Online Threats

Varda Epstein: What makes our children soft targets for online threats?

Elise van Dorp: Children are susceptible to peer pressure and manipulation, at which cyperpredators excel. Younger children may also be less aware than adults of the risks that exist online and can therefore more easily blunder into a bad situation.

Varda Epstein: At what age can parents finally step back and stop worrying about a child’s safety in the cyberworld?

Elise van Dorp: That depends on both the parent and the child. There is always room for a parent to worry, even when the children are grown. As for actually stepping back from playing an active role in a child’s online activity, this must be done gradually and in communication with the child.

father and son surf the internet together
Taking the journey together

Varda Epstein: How many children are likely to encounter pornography online?

Elise van Dorp: According to a study by the National Society for the Prevention of Cruelty to Children (NSPCC) in the UK, about 53% of kids aged between 11 and 16 have encountered explicit material online and of those, 93% encountered such material by age 14. The study shows that children are more likely to encounter the explicit material by accident, rather than seek it out.

Open communication between parents and children on this subject is particularly important. Children need to understand that what they see online doesn’t necessarily reflect reality. They need to know that they can talk with their parents if they encounter material that they find disturbing or upsetting. Parents can explain what pornography is according to the age of the child and in a way that jibes with their comfort level. This is better than pretending that pornography doesn’t exist and hoping that your child won’t encounter what he is almost certain to encounter, sooner or later.

Varda Epstein: What is phishing (and smishing) and how can parents protect their children from phishing and smishing attempts? Is it only a matter of education?

Elise van Dorp: Phishing is an attempt to obtain sensitive data from someone by pretending to be trustworthy and gaining their trust. Smishing is the same thing, except the scammer uses SMS phone texts. Phishing can be done anywhere there is online context, for instance via email, social media, and websites set up for this purpose. The sensitive data that is mined through phishing attempts may be anything from passwords to address information or even credit card details.

In addition to educating children about the dangers of phishing, there are a number of things parents can do to protect their children from these scammers. Parents can use a DNS filtering service such as OpenDNS. These services may sound complicated but are actually very easy to set up, even if you don’t have a lot of technical know-how. You can read about how this filtering service works, here.

Filtering services like OpenDNS not only provide phishing protection, but can be used to block access to certain categories of content, such as pornography. These services can be set up on specific devices and also on the family router to provide protection for every device that accesses the internet through that router.

No Perfect Solution

But services like OpenDNS are not perfect. While they make it less likely that your child will accidentally encounter inappropriate content, they will not block all inappropriate content, nor will they block all phishing websites or content supplied over a data connection. Google Family Link, mentioned above, can block content accessed by either WiFi or data connections but again, may not block everything that should be blocked. This is why it’s so important to have open communication with your child and to clearly define your ground rules and expectations.

Parents may worry that implementing some form of parental control software like OpenDNS, will begin a battle with their children, but that may well not be the case. In 2018, a survey carried out by Internet Matters, a not-for-profit organisation, found that 65% of young people between the ages of 11 and 16, were actually in favor of parental controls.

Varda Epstein: What kind of scams do children fall for and how can we prevent this from happening?

Elise van Dorp: It depends a bit on the child’s interests. A child interested in social media can easily fall for deceptive advertisements or clickbait videos. A child interested in gaming may look for game cheats that may, in fact, prove to be malware. In all cases, a good online security education, as well as keeping the way open for your children to discuss anything they aren’t sure about, is very important. Take some time to explain that, if something appears too good to be true, it probably is (which is an excellent rule of thumb for any internet user).

Varda Epstein: Are kids more likely than adults to download malware?

Elise van Dorp: Not necessarily. It really depends how well they’ve been educated in malware prevention. Children may, however, more often be the victim of game scams (“click here for free Roblox money!”). They may download files that claim to offer certain new features or benefits to their games, which, when executed, infect their computers. Adults, on the other hand, might be more likely to open a malicious email attachment (“open the attached file to see your bill!”).

Varda Epstein: Are kids vulnerable to ransomware that holds their systems hostage so that their parents then have to pay? How do we protect our children from such a situation? And in the worst case scenario, should we pay the ransom?

Elise van Dorp: It depends on how well the parents and/or school has taught the children about online security. Any device ought to be protected with an antivirus solution that blocks ransomware; that is a rule of thumb for both parents and children. To protect our children, we, as parents, need to ensure that their devices are properly protected and that important data is backed up. This is the best protection from ransomware as, if the worst does happen, encrypted/ransomed data can easily be replaced from the backup.

Important data that should be backed up might include family photos, business records, research data, home videos, music or art you’ve created, stories you’ve written, and family histories, for instance. In short, any data you cannot easily recreate, and that you wouldn’t want to lose, is data that should be backed up. Having a back up, in a sense, makes you invulnerable from ransomware. You have copies of your files, so nothing is lost, and there is no need to pay a ransom to retrieve anything important.

Ransomware: Getting Help

But let’s say the worst happens and your data is held hostage. If the data on your device is encrypted, it may still be possible to decrypt it without paying the ransom. Cybercriminals often make mistakes in their code which enables security companies to crack the encryptions they use. Security companies then use this information to create tools that can be used to decrypt data held hostage by ransomware.

A good place to look for decryption tools is the No More Ransom Project website, which serves as a central repository for such tools. This is a joint initiative between Europol’s European Cybercrime Centre, other law enforcement agencies, security companies, and various other bodies. All the tools at this website are free.

Another good option for decryption tools is ID Ransomware, especially if you’re not sure which type of ransomware you’re dealing with. All you need do is upload a copy of the ransom note and/or an encrypted file, and the service will automatically identify the ransomware and point you in the direction of the appropriate decryption tool.

Dos and Don’ts

Pro tip #1: Don’t immediately delete the ransomware. Understandably, most folk want to do this ASAP, but it’s the wrong course of action. If we’re able to tell what encrypted the files, we have a much better chance of being able to work out how decrypt them. Once all traces of the ransomware are deleted and gone, we’re flying blind. To use a medical analogy, if you’ve accidentally consumed some household cleaner, it’s a good idea to bring the bottle with you to the hospital so that doctors will know what you drank and can work out how to treat you.

Pro tip #2: Get advice from an antivirus company. Some will provide no-cost help to people whether or not they are customers.

Paying Only Enables Criminals

If decryption is not possible, it’s still best to avoid paying the ransom if at all possible. Paying only enables criminals. This too, is an important lesson for children.

Again, the only absolute protection against ransomware is having a backup. If you have a backup, you can use that to restore your data and will never need to choose between losing the data or paying the ransom.

Varda Epstein: Do we know what the future holds in store in terms of online threats to children?

Elise van Dorp: The short answer here is no. Technology constantly evolves and unfortunately there will always be people with bad intentions towards others—including children—online. We can’t say what threats the future holds. We can say that security companies strive to stay on top of the latest developments in online threats in order to inform and protect their customers.

Varda Epstein: What is the most important thing to know about protecting our children from online threats?

Elise van Dorp: Knowledge is power. If you know what you and your child are likely to encounter while exploring the internet, it will be that much easier to recognize and avoid any online threats.

Found what you just read useful? Why not consider sending a donation to our Kars4Kids youth and educational programs. Or help us just by sharing!

Found what you just read useful? Why not consider sending a donation to our Kars4Kids youth and educational programs. Or help us just by sharing!

Subscribe via email

About Elise van Dorp

Elise van Dorp is a mom, a geek and a malware analyst with security company Emsisoft.