Parents clocking a chocolate-smeared kid’s candy-fueled lies? Not a problem. Kids spotting digital scams better than their elders? Also not a problem, according to Infosec VP of Product and Portfolio Strategy Keatron Evans, especially ones about adult matters like unpaid tolls and unexpected Amazon orders.
“If you think of most public social-engineering attacks, they’re designed around our demographic, working adults, because they’re trying to compromise businesses and people at work. A lot of those things, kids find ridiculous and laugh at them,” Evans said.
That doesn’t mean kids aren’t subject to effective, targeted attacks. Young people face disturbing cyber threats, including fraudulent offers in popular videogames, identity theft, and online child abuse.
Infosec, which offers enterprise security awareness training, is adding cybersecurity lessons for schools, thanks to a new partnership with nonprofit Common Sense Media (CSM).
“It gives us a way to provide that to customers without having to take the time and the resources to build it out, which could take some years,” Evans said.
Evans spoke with us about why this partnership is an important one, and how some third graders have better cybersecurity than adults.
Excerpts below have been edited for length and clarity.
Does K–12 cybersecurity training really start at “K”?
Well, it should definitely start at K now, because we start kids on mobile devices at K. We have been using iPads to take courses and learn how to do things. With the right piece of malware, or the right attacker with the right motivation, you will see, even on little kids’ apps, things popping up that they can click on that take them to places that can be harmful or unsafe.
How do you train young people to be aware of threats when some are difficult to explain to adults?
A lot of these kids were born with a mobile device in their hand. Some of the lessons that we teach them make sense right away. We don’t have to break it down like we maybe would for some adults. They teach each other as well…If we go from, let’s say, third grade up, they may have better cyber hygiene than most adults in our workplace today.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Is there a way to summarize your instruction for these kinds of threats?
Before you click anything [if] you don’t know what it is, make sure it’s okay with your parents. That’s typically the high-level messaging. Then we can get into very detailed specifics about, here are some things to look out for. If they’re offering you free currency or free things, it’s probably too good to be true. Don’t necessarily believe that until you get your parents to verify that it’s okay to do it.
Is there an obvious difference in instruction style, to reach kids versus adults?
That’s like asking, is there a difference between a kid’s show and an adult show, right?...Ninety percent of our content library that we have for the enterprise, which is who we mostly serve, would not go over well with kids. So, there is a difference in style, and I think there’s a difference in how it’s delivered and how much of it they can take at a time. Kids are a lot less tolerant of 10-minute videos. They need short pieces of content.
Why are these K–12 cybersecurity lessons important?
I think we owe it to our kids and that generation to bring them up to speed on this education. When you look at how they live their lives, they live them mostly in a digital world. They’re always on devices, so we owe it to them to, as best as we can, provide them information, to [teach] that security, because that’s the biggest risk to them. Most kids that are compromised through some type of human trafficking or child exploitation, it all starts with some type of digital communication.