National Cyber Security Awareness Month: Family Safety on the Internet
Imagine only having one email address among the entire family to conduct online activities in 2018. The idea seems absurd that a typical nuclear family would all share a single e-mail address when nowadays each family member has accounts for as many as hundreds of websites used to shop, communicate, and manage their finances. This idea is absurd because halfway through the 1990’s free web-based e-mail services started to pop up. Sometime around 1998 and 1999, a sea change happened with internal policies when shopping sites, chat sites and banking sites decided to open their services up to non-ISP, read non-paid, e-mail domains. Imagine not being able to sign up for an Amazon.com account, or online banking, because the user’s e-mail address ends in @gmail.com, or one of the favorites from the 90’s, @hotmail.com.
With that freedom to use any e-mail, or even to have multiple e-mails, complacency kicked in and we started giving away our e-mail addresses to just about anyone that asked for it in person or online. In more modern times, complacency has also come across in parents letting their children have unmonitored e-mail and social media accounts. Would a smart person tell just anyone they meet their home address? Of course not. So, why should a family member give out their email address to any website or stranger that asks for it online? The same goes for telephone numbers. Modern user account policies mandate not only a valid e-mail address and password, but a valid telephone number to which one-time-use codes are sent, only then authorizing access.
An e-mail account and telephone can be as useful to a cybercriminal as the keys to someone’s home are to a cat burglar. I specify cat burglar because, in a traditional robbery the victim is aware of the robbery happening or having happened almost immediately. A cat burglar, on the other hand, will rob their victim without the victim realizing they were robbed, at least long enough to get away with the crime. The major problem with giving out e-mail addresses and phone numbers becomes evident when modern technology can be used to intercept e-mails and text messages en route, or even to obtain direct access to both. When considering children have access to both, the stakes are raised a little higher. Sadly, once a cybercriminal starts monitoring a victim’s e-mail it’s not until losing access to the account that users may start to notice something’s wrong. Non-email accounts, such as social media, may also suddenly have different passwords, effectively locking the real user out of their own online identities.
This is only the beginning, depending of course on how deep each family members’ relationship is with the Internet. Some people may only have an e-mail and few-to-no social media accounts. The worst they’ll have to do is make a new e-mail address and contact their friends in real life to reestablish their Internet presence. Other people, despite having multiple e-mail accounts, may use the same password across many of them. They may have multiple social media accounts, along with checking accounts, credit card accounts, and even stock accounts. A hacker gaining access to any these accounts could make purchases, steal money, or even take over the user’s online identity to spread the criminal trail out into their online circles of family and friends. At some point, to get their life and possibly their money back in order, the police will need to get involved.
These are just a few reasons why we, as students, teachers, and Internet-savvy family members in general, need to keep our digital information private. Passwords we all have, some more poorly conceived than others. Everyone should already know to keep their passwords as secret as they would a PIN number to their debit card. Just think of the term PIN, personal identification number. It screams “personal,” that is, not to be shared with anyone else. Encourage family members to use complex passwords on all their accounts, and to not reuse passwords across different sites. Use work e-mails only for work, school e-mails only for academic purposes, and leave personal e-mails at home.
When it comes to e-mails and phone numbers, treat them with just as much secrecy as one should treat a home address. Don’t give it out to just anyone who asks for it. If someone asks for it, ask why they need it and decide if the benefit outweighs the risk of it being re-shared with strangers or otherwise used against the owners’ wishes. Nowadays people can open one email account solely for use with sensitive accounts like shopping or banking, and another e-mail for their friends and family to keep in contact with, or yet a third e-mail that they wouldn’t mind giving out publicly.
If no important services are attached to an e-mail address, it could be looked at like some people view a post office box. Businesses will sometimes give out their P.O. Box address rather than a physical address because they can avoid people stopping by their offices uninvited. Sometimes the sheer volume of mail received by people or businesses will merit a P.O. Box, because their physical mailbox can’t handle the load. Other reasons for a P.O. Box may be that a person or a company moves around a lot or has more than one physical location. Those reasons, and more, align with the reasoning behind using one e-mail for general communications and another semi-secret e-mail used for receiving private or confidential communications such as those from banks or online stores.
E-mail security also includes spam filtering, phishing protection, and virus scanning at the client end, the provider end, or hopefully both. The work of humans as end-users is to ensure e-mails don’t get opened that look suspicious, and to know what it means for an e-mail to look suspicious in the first place. Is the e-mail from a known sender, someone on contact list or in an address book? Was an e-mail expected from this person, is it a reply from a previously sent e-mail? Does the e-mail mention real names, or contain other information that would indicate it’s from a known sender? If this is a work account, does it come from someone else in the same company, or from a vendor? If this is a school account, is it from a professor or classmate?
There are exhaustive lists of what if’s and how-to’s when it comes to family safety online, but sometimes cybersecurity comes down to either not opening the message at all, or at least not opening any attachments that come with it. In general, one shouldn’t read spam e-mails, but as a rule, never open an attachment in any e-mail unless the contents are more-or-less known ahead of time. Knowing the contents of an attachment means a bank e-mailing a statement, or an online store sending a copy of an invoice. Opening photos from a family member who e-mailed after a recent, unannounced trip is probably fine. The absolute opposite of keeping the family PC secure would be downloading a program, a Word document, or a scanned PDF attached in an e-mail from a Nigerian prince who’s promising a million dollars. A virus is all that’s in that attachment, not a million dollars.
For more information about keeping families safe online, visit the following links:
FTC Consumer Information - https://www.consumer.ftc.gov/features/feature-0002-parents
NYS Division of Consumer Protection - https://www.dos.ny.gov/consumerprotection/identity_theft/internet_security.htm
National Center for Missing & Exploited Children - https://www.netsmartz.org/Home