There's little doubt that the next generation of today's families will grow up with open and continual access to technology. This generation, more than any before, will be "digital natives," meaning they won't have ever lived without applications (apps), email, the Internet, social networks and mobile devices.
The numbers are staggering: Estimates suggest that an additional 1 billion people will have access to the Internet over the next five years, and they will be doing so almost exclusively via smartphones.1 There's no question that these devices provide convenience and play a growing role in our lives, but they also allow for increasing financial risks. Because people accustomed to constant online access may not fully understand these risks, never before has it been more important for everyone to protect their assets and identity from cybercrime and those who commit it.
Attacks can come from anywhere. For example, a family noticed, during a routine check of a credit report, that someone had purchased over 100 gift cards—each worth $150—and had given them away to people whose names they didn't recognize. The hack occurred through a shopping app on a teenager's smartphone when an item was purchased through a store's Wi-Fi connection.
The family contacted Tania Neild, a cybersecurity consultant, to analyze and diagnose what had happened. In the process they learned some key preventative measures. A Ph.D. in database integration who spent five years at the National Security Administration (NSA), Neild says family members usually have little idea about how much their daily online activities may be putting their assets at risk. This family in particular was victimized because they weren't following some of the basic guidelines of cybersecurity.
"We worked backward to find out what went wrong," says Neild. "Were they on a public Wi-Fi? Yes. Were they doing a transaction? Yes. Were they successfully processing the consequences? No." Neild said it was helpful to have the whole family in the room so they could work on the issue together. "This was a four-generation family," she says, noting that different family members had very different skill sets when it came to technology. "I had everyone from an infant to a great-grandfather in front of me, and although I had my work cut out for me, in the end, it was helpful to work as a team."
Thinking through vulnerabilities
While cybercrime has increased by 38% in 2016,2 this doesn’t mean families can’t use email and social networks. Kids, especially, want to participate since so many of their friends are online. A recent independent study found 24% of American teens are online “almost constantly” via smartphones and almost 75% of teens have smartphones.3
Neild says rules are important, but the real key is balance. "I try to move everyone to the middle," she says. "If it gets too strict then it's not practical. But if it's too loose, you open yourself up to great risk." She begins with the basics:
- Access financial information only via a private Internet connection—only with a mobile device if the site is secure
- Don't email private information like birth dates, Social Security numbers or credit card information.
- Avoid social media posts with personal information that could take a hacker inside a family’s home or divulge their whereabouts on vacation as well as respecting those around you, and considering their privacy too before posting.
- Establish passwords —the most common security breach—no one can guess or decode (see “Building Stronger Passwords,” on page 2 for more).
- Use two-factor authentication whenever possible, especially when using banking and online marketplace sites that involve financial transactions and information (see “Two is Better Than One,” on this page for more).
- Minimize the use of “Forgot your password?” function when logging into sites that involve financial transactions or store sensitive personal information. These may include your bank’s website and online marketplaces used to make purchases. In the event you do need to use this function, remember to change the temporary password immediately and avoid using vulnerable email services such as AOL, Gmail or Yahoo whenever possible. These personal email services are the first places hackers go to access your information, Neild says.
Recognizing different kinds of cybercriminals is paramount to a family’s security, as is taking precautions.
Sometimes stating the obvious is necessary, Neild says, such as reminding kids they should never share their passwords. Likewise, children need to understand the dangers of posting photos and personal information. “They need to recognize what is and isn’t visible and act appropriately,” she says. A large public donation, for example, could end up in local media for positive reasons, but also could lead cybercriminals to individual family member's work or social network accounts. From there, seemingly innocent public information can be used against a family. “It could be something as benign as a post like ‘Having fun in Cabo,’” she says. “But if someone recognizes your name because your family just donated $10 million to build a library, there you are in Mexico, where kidnapping is big
Over 100,000 breaches in cybersecurity occur every day, says Neild. And there's more than one kind of cybercriminal. Just like in the real w orld, different people want different things, and have different tactics to try to get them.
Some cybercriminals are outsiders, digging up information on a family via social networks or by accessing networks illegally. Others may have insider information about the family, or even be family acquaintances or on the family’s payroll. Recognizing different kinds of cybercriminals is paramount to a family’s security, as is taking precautions.
The criminals behind these acts can be divided roughly into three categories:
- Cybercriminals: They use the Internet with the intention of monetary gain. Their targets may include companies, individuals and their families. Criminals go after capital, but also target assets with monetary value, such as music accounts, gift certificates and frequent-flier miles.
- Cyber spies: A growing number of cybercriminals steal information—such as passwords to music accounts or store credit, instead of capital—and sell it on the black cybermarket, an increasingly popular underground economy similar in function to the traditional black market.
- Cyber activists: A group seeking access to networks in order to disrupt them for political reasons, activists will often use hijacked accounts to hide their own identity as they breach an organization’s security systems. Neild points to a recent email attack that aff ected 150 million users, including some of her clients whose accounts contained financial information. It was a wake-up call for all parties. “Nothing was stolen, because that wasn’t the goal,” she says, “but the cyber activists brought the network to its knees.”
What are some best Practices
As the threat of cybercrime grows, so does the need to protect family assets. How is this done? Some suggest working with a web master to establish a family domain— a secure site accessible by a small number of approved family members, each with their own domain email (e.g., firstname.lastname@example.org). While this is often fairly simple to set up, it can require engaging your children in discussions about cybersecurity, which is far easier said than done. “It’s the last thing they want to talk about,” says Brad Deflin, founder and president of Total Digital Security. “The private domain is like a fort from which the family is protected – a safe haven from the hostilities on the variety of vulnerable “free” email services available.”
Though initially hearing from clients about the challenge in communicating the importance of security to their children, Deflin eventually observed that the idea of a family domain was an effective starting point to pique children’s interest and get them thinking differently about the subject. “There is a vanity element to it,” he says. “When they see their last name in the domain it somehow creates a different perspective and the kids are like ‘well, that’s kind of cool.’”
In addition, Neild suggests having a trusted technology (tech) expert help set up secure email and build a private server—or firewall. This server should be used when handling family assets, instead of public servers or Wi-Fi devices. The server design should include a desktop accessible to authorized family members with unshared passwords. The desktop should not have wireless capabilities, and should be hardwired via ethernet to the serv er. The firewall should be checked and reinforced in regular monthly installments, or at least once every quarter.
Neild says it’s also essential to choose the right tech expert, and that the person designing the system should be evaluated the way one would a mechanic. “References, references, references,” she says. “You want someone to be focused and very rigorous when setting this up.”
While complexity often plays an important role, simply increasing the length of a password can also help ensure a family’s online safety, according to Deflin. “Length is everything,” he says. “Certain hacking software can sometimes crack an eight character password in less than a day, while a 14-character password could take a year and a half to crack using the same software.”