How to keep your kids safe online this summer

It’s a fact of life: once school is out,  kids spend more time online. You may try to schedule when they can and can’t use the PC and use solutions like Parental Control to prevent some trouble. But simply limiting access to Facebook and YouTube and the rest of the online world is a limited strategy. The fact is whether it’s on a desktop, a laptop or a smartphone, most kids—or at least, most teenagers—can get online whenever they want.

That’s why we suggest spending a few minutes explaining the risks of cybercrime and online predators to your family. Of course, your kids will probably brush you off  by repeating “I know, Mom (or Dad)” over and over, as if you’re trying to discuss the birds and the bees. So don’t go in unprepared. Check out these five quick tips to keep your kids and your PC safe until school resumes in fall.

1. Repeat the mantra “Links are not your friends”
Cybercriminals are aware that millions of people Facebook have plenty of time to kill. That’s why they’re spreading their scams with links described as “The Sexiest Video EVER” or “You’ll never believe this LOL.” When you’re bored and a link like that appears on a Facebook wall posted by a friend, it takes incredible will power not to click it. So repeat this mantra: If a link looks too good to be true, it is. Of course, this won’t always work. That’s why you should bookmark F-Secure’s free Browsing Protection. If your son or daughter feels they must click, have them check it out first. What else do they have to do? It’s summer.

2. Keep up with the updates
If you don’t keep your system software up to date, you risk inviting predators into your PC. Monthly updates for Windows, Adobe Reader, iTunes, and other applications are essential for your online safety.  F-Secure’s Health Check makes this time-consuming process easy. Run it once a month and save yourself some major headaches.

3. Tell your kids that you will handle installing software
Once you’ve run Health Check and made sure you’re protected, there’s no need for your kids to install any random software that pops up. So tell your child that it’s mom or dad’s job to install new software, no matter what pops up.  Once you’re home and had a nice summer beverage, check out the software. Google it to see if it’s a legitimate and then decide if it’s worth your hard drive space. Nothing ruins a nice summer afternoon like getting tricked into installing malware on your PC.

4. Make clear what information your kids should not share
Most kids know more about Facebook than you’d ever want to. They know how to add and erase apps or how to block this user and not that one. But they may not know what they should NOT share. Tell your kids that they should never private information—email addresses, phone numbers, home addresses—on any social network. They should also avoid posting information about their schedule, especially vacations or details about when their parents will be home or not. Your kids need to know that no matter how private their settings tell them they are, anything they post on a social network should be considered as public as the front page of a newspaper—if they know what that is.

5. Let them know that you are watching
You need to know which social networks your children are on. If you have the time and patience, it’s a good idea to start a profile on the site and become their friend or follower. It doesn’t take long, maybe five minutes per site. You can’t watch your child every minute. But if they get the sense that you could be watching, it can only help them think before they click or post.


CC image credit: James  Emery

More posts from this topic


Cyber Monday Mythbusting

It's Cyber Monday, and marketing companies expect online shoppers to flock to websites and apps in order to take advantage of holiday sales. And naturally, this causes concerns about what kind of risks people are taking when they shop online. But F-Secure Security Advisor Sean Sullivan says any security warnings focusing on Cyber Monday are simply part of the hype. “Cyber Monday is no more or less safe than any other day of the year. People just expose themselves to more online threats when they do more stuff online, but that really has nothing to do with Cyber Monday. And people that tell you otherwise aren’t doing you any favors.” So there you have it. On the other hand, Sullivan does point out that holiday shoppers should beware of the extent to which they expose themselves while online shopping, which is becoming more popular during the holidays. Adobe is projecting an eleven percent increase in online spending during the holidays this year, amounting to a whopping 83 billion dollars. So that’s 83 billion dollars that will be up for grabs (compared to just 3 billion on Cyber Monday), so it’s naïve to think that criminals are just going to ignore the opportunity. Last year, F-Secure Labs registered a sharp increase in ransomware detections during November and December, including a 300 percent increase in the Browlock police-themed ransomware family. Sullivan published a recent blog post examining the Crytowall ransomware family, which he says is prevalent during the holiday season but virtually disappears in early January – when people celebrating Orthodox Christmas in Russia begin their holidays. One easy way to protect yourself from ransomware and other online threats while holiday shopping is to be conscious of the threat landscape. Its trends like these that Sullivan pays attention to, and warns others to do the same. “It would be safe to say that people should be worried about ransomware this holiday season, and probably through next year. I expect that we, or at least security researchers, will look back on 2016 as the year of extortion.” For example, even though mobile device are now widespread and used by many people, they’re not necessarily good tools to use for making financial transactions while online shopping. “I use an iPad running Freedome for the vast majority of my online browsing, which works great for me because it’s easy to use and I can bring it with me if I leave the house. And between the security benefits of a VPN and the relatively small amount of malware targeting iOS devices, I feel pretty confident in using it to casually window shop on different websites. But I always use a PC to make actual purchases. I trust that my PC is secure and the actual keyboard makes it easier to enter financial data.” You can find more great advice on how to stay safe while online shopping here. [Image by Atomic Taco | Flickr]

November 30, 2015

A temporary profile picture but permanent app permissions

We are all sad about what’s happened in Paris last Friday. It’s said that the terrorist attacks have changed the world. That is no doubt true, and one aspect of that is how social media becomes more important in situations like this. Facebook has deployed two functions that help people deal with this kind of crisis. The Safety Check feature collects info about people in the area of a disaster, and if they are safe or not. This feature was initially created for natural disasters. Facebook received criticism for using it in Paris but not for the Beirut bombings a day earlier. It turned out that their explanation is quite good. Beirut made them think if the feature should be used for terror attacks as well, and they were ready to change the policy when Paris happened. The other feature lets you use a temporary profile picture with some appropriate overlay, the tricolor in this case. This is a nice and easy way to show sympathy. And it became popular very quickly, at least among my friends. The downside is however that it seemed so popular that those without a tricolor were sticking out. Some people started asking them why they aren’t supporting the victims in Paris? The whole thing has lost part of its meaning when it goes that far. We can’t know anymore who genuinely supports France and who changed the picture because of the social pressure. I changed my picture too. And it was interesting to see how the feature was implemented. The Facebook app for iOS 9 launched a wizard that let me make a picture with the tricolor overlay. Either by snapping a new selfie or using one of my previous profile pictures. I guess the latter is what most people want to do. But Facebook’s wizard requires permissions to use the camera and refuses to start until the user has given that permission. Even if you just want to modify an existing picture. Even more spooky. The wizard also asked for permission to use the microphone when I first run it. That is, needless to say, totally unnecessary when creating a profile picture. And Facebook has been accused of misusing audio data. It’s doubtful if they really do, but the only sure thing is that they don’t if you deny Facebook microphone access. But that was probably a temporary glitch, I was not able to reproduce the mic request when resetting everything and running the wizard again. Your new profile picture may be temporary, but any rights you grant the Facebook app are permanent. I’m not saying that this is a sinister plot to get more data about you, it may be just sloppy programming. But it is anyway an excellent reminder about how important the app permissions are. We should learn to become more critical when granting, or denying, rights like this. This is the case for any app, but especially Facebook as its whole business model is based on scooping up data about us users. Time for an app permission check. On your iOS device, go to Settings and Privacy. Here you can see the categories of info that an app can request. Go through them and think critically about if a certain app really needs its permissions to provide value to you. Check Facebook's camera and microphone permissions if you have used the temporary profile picture feature. And one last thing. Make it a habit to check the privacy settings now and then.   [caption id="attachment_8637" align="aligncenter" width="169"] This is how far you get unless you agree to grant Facebook camera access.[/caption]   [caption id="attachment_8638" align="aligncenter" width="169"] The Settings, Privacy page. Under each category you find the apps that have requested access, and can select if the request is granted or denied.[/caption]     Safe surfing, Micke   PS. The temporary profile picture function is BTW simpler in Facebook's web interface. You just see your current profile picture with the overlay. You can pan and zoom before saving. I like that approach much more.   Photo by Markus Nikander and iPhone screen captures    

November 16, 2015
facebook login

Using Facebook to log in – safe or not?

Open up your favorite web site and you can see what this is about right away. There are in many cases two options, an ordinary log-in and “Log in with Facebook”. Have you been using the Facebook option? It is quite convenient, isn’t it? I was talking to a journalist about privacy a while ago. One of the hints that ended up in the final story was that it isn’t necessary a good idea to link your other accounts to Facebook. And that raised questions. Some people have wondered why it is so, and pointed out that we at F-Secure also provide that option in our portal for F-Secure SAFE, MY SAFE. So let’s take a closer look. Is it good, bad or ugly? Here’s the important points: Facebook acts like an authentication service in this scenario. One single password opens the door to many services. This is indeed convenient and reduces the need to remember a lot of different passwords. But you should use different passwords on every service to reduce the damage if a password is leaked. That could happen for example in a phishing scam. Using Facebook’s log-in everywhere is putting all your eggs in the same basket. The worst thing you can do is to use the same user ID and password on all your sites, but *not* the Facebook function. A leak in any of them could give the attackers access to all your systems. Using the Facebook login instead is in this case a way to *improve* security. Facebook's servers are well secured, a leak from them is highly unlikely. It may reveal private info from Facebook to the other service unnecessarily. Most of us just click OK when Facebook asks for permission to give data to the other service, without thinking about what we really approve. Facebook will get yet another sensor to profile you. They will know that you use a certain service, when and how often you use it, and on what kind of device and where in the world you are when using it. Most people are on Facebook under their real name, but you may want to use other services more anonymously. If you don’t want it to be publicly known that you use a particular service, then you shouldn’t use your real-name Facebook account to log in. Remember that privacy on-line is not just about how much private data you reveal. It’s also very much about whom you reveal it to and how fragmented your digital footprint is. Preventing different services from consolidating your data improves your privacy. So should I use this feature at all? Maybe, it depends. There are some downsides, but it's a convenient way to log in, that can’t be denied. But first, the security-savvy approach is to instead use separate strong passwords on every site and a password manager. It’s a little bit of work when you set it up, but it is really the most secure approach. Don't use Facebook log-in for critical services. Those are sites containing sensitive information or where you make payments. They always deserve a strong unique password. But there's also a large number of sites that aren't that critical. Your on-line newspaper for example. If crooks get your Facebook password then your compromised newspaper account will be the smallest of your problems. Go ahead and use Facebook log-in for those if you find it convenient, but keep in mind the privacy concerns listed above. It's all about how picky you are about privacy. And don’t forget to review the permissions you have givens to apps and sites in Facebook. Go to Settings / Apps and you see the list of approved apps. Remove anything that sounds fishy, that you can’t remember approving or that you aren’t using frequently. Don’t be afraid to remove too much. The worst thing that can happen is that an app or site stops working and asks you to give it Facebook permissions again. Open all remaining apps and review what permissions they have. Think about what they do for you and if they really need all their permissions. Fix the permissions if needed. To wrap up. The Facebook log-in feature is not a security problem. Facebook's security system is solid and your security is not in jeopardy if you use it. But I still recommend separate passwords for the critical sites. The question marks are on the privacy front instead. Linking sites together contributes to forming a more comprehensive digital footprint. It's up to you to decide how worried you are about it. With this info you should be able to make an educated decision about where Facebook log-in can and can't be used.   [caption id="attachment_8629" align="aligncenter" width="266"] Jamendo's permissions in Facebook. This is the basic permissions most well-behaving apps/sites ask for. If the site asks for more, consider carefully if it really is needed.[/caption]   Safe surfing, Micke     Images by C_osett and Facebook screen capture

November 12, 2015