14 October 2022

Water on the stone of cyber risk

Tessa Loftus

elevenM’s Tessa Loftus on the importance of ongoing cyber awareness conversations with kids and teens. 

The move to online learning in 2020 saw a 144% increase in cyber-crime against kids, following a consistent 5-9% year-on-year rise in the five years prior to that. It’s not that we needed reminding about the importance of good cyber awareness education, but if we did, it’s right there in that stat.

I don’t know if you’ve ever tried to have a ‘I need to teach you about this thing’ conversation with a teenager, but it can be challenging, even with the most amenable of teens. I recently had a conversation with my 13yo where he asked me if I’d locked the front door, even though he was the person who had just walked through it — I’m sure he’s using his brain power for something, but it isn’t always for paying attention to his surroundings. Sending him back to check/lock the door is easy, and the fact that he thought to ask gets us halfway there, but it’s not always as easy to remedy a cyber door that’s been left open.

It’s easy to feel like our little (and not-so-little) digital natives already know everything about this environment that we can possibly tell them, and there’s truth in that — the DQ Institute Child Online Safety Index puts Australia in the top 3 in the world for cyber awareness education, and that’s great. But the fact that my 11yo judges me for not using an ad-blocker is not enough of a reason to get complacent about his knowledge — if anything, I worry that my kids’ comfort level in the online world will lead them to overconfidence (I mean, it’s not like any teenager has ever thought they knew everything…).

The same report showed that a third of kids have experienced some kind of cyber threat, such as phishing or hacking. I know that my teens get flubot text messages all the time, and my son walked in literally as I was writing this to show me a ‘you must have a RAT test before travelling’ text message that he had just received (fortunately, presented to me with the comment ‘this is a very well-executed scam’).

My solution is not to constantly lecture them, but instead to apply the ‘dropping water on a stone’ approach. I received a terrible Optus data breach notification, addressed to ‘Dear Customer’, and I commented on it as I made a coffee, that I couldn’t tell if it was genuine or not because of the generic intro. I gave a friend a lecture about not having changed her wifi password from the factory-set one on the router while the kids were emptying the dishwasher. At the dinner table, my partner and I discussed the risks of mapping our house with a robot vacuum cleaner, and how and where that data would be stored.

By normalising cyber security awareness, I hope that it just sinks in, not as something I’m lecturing them about, or as something they have to ‘learn’, but as sub-conscious normal behaviour, like locking the house (we’ll get there eventually). And I feel like it’s working, because my son just walked back in to say ‘by the way, did you know it’s Cyber Security Awareness Month? You should check your passwords.’


Photo credit: Sergej Eckhardt on Pexels