Unlike when we were the age our children are now, today’s children are increasingly exposed to technology, which makes it very important for Parents and other Guardians to monitor their online activity. They are young, with little experience, and therefore are not prepared to identify and understand certain situations that may be harmful to them when they use the Internet. This Guide for Parents and Guardians is intended to serve as guidance for what I consider to be the basic precautions.

Parents and Guardians themselves sometimes fail to recognize some of the dangers, so it is imperative that they acknowledge the importance of staying informed and up to date. The worst thing you can do is to think that it only happens to others. Prepared Parents and Guardians will better prepare their children and dependents for a future that, in all likelihood, will be increasingly technological, regardless of their interests, wishes, and professions.

Applying all the security recommendations can be an extensive and complex task, but don’t be alarmed. Start somewhere. Cybersecurity should be understood as something continuous and not a one-off action at a particular moment in time. So, don’t try to apply all the recommendations at once; instead, make this article (and others on this blog) a reference that you return to from time to time in order to improve your online posture.

Start by Raising Awareness in Your Children

Recognize that the human factor is the weakest one, as demonstrated by the various companies that invest thousands or millions of Euros in cybersecurity and end up suffering an attack because of a human failure. There is little point in following all the best practices if someone then provides data or carries out actions that compromise everything.

Don’t share personal data

It is important to start raising your children’s awareness from an early age not to share personal data - such as their full name, phone number, address, among others - without your assessment and authorization. Since you don’t know who is on the other side, sharing personal data should only be done when the situation justifies it and the adult understands and accepts the purpose of that collection.

You should also consider whether the child’s accounts will be created using their first and last name in the username, or whether they will aim to remain completely anonymous.

Be cautious with strangers

From a very early age, children are taught not to talk to strangers in the physical world. In the virtual world, they should also be cautious. The truth is that they don’t know who is on the other side, and the data and profile picture - or even the photographs or videos the other person sends - are not always genuinely of that person.

Adults can pose as children; boys can pose as girls and vice versa; men can pose as women and vice versa; people with bad intentions can pose as people with good intentions; and so on.

Over roughly 20 years I have collected several striking stories, some involving people I know personally, which are examples of the dangers that young people can face.

I’m sharing two situations with you just as examples, but I could tell you about many more cases.

“The Sausage”

A boy thought he was developing a friendship - or perhaps something more - with a supposed girl he was talking to in an Internet chat. He gained confidence to the point of sharing some rather intimate photographs of himself. The next day, those photographs were all over the school he attended. In other words, the person on the other side was, in fact, a boy or a group of boys posing as a girl.

They managed not only to win the boy’s complete trust but also to get him to share something ridiculous. The boy became known as “The Sausage” because the situation involved a sausage. He had to leave the school, and the incident is still a topic of conversation today among the former students of that school. Who knows what other impacts it had on the young man and his family.

The fight against pedophilia

Without wanting to be dramatic - and I know these cases are more extreme, but it is important that we are all aware that they exist - I’m sharing with Parents and Guardians the work of one of the best (ethical) hackers in the world, Ryan Montgomery, who, together with his friend Dustin Lampros, an MMA fighter, has been exposing several cases of pedophiles who, from the Internet, try to arrange meetings with children, most of them around 13 years old.

The hacker began by reporting several situations that prompted no action from the authorities. So he decided to team up with his fighter friend and, under the name 561 Predator Catchers, to pose as the victims, accepting the meetings proposed by the pedophiles, but with the two of them showing up publicly instead of the child the pedophile expected to find.

With the evidence, and face to face, they force the pedophiles to admit their intentions, ultimately also making them call their spouses to confess their actions, and then reporting them to the authorities.

Share events with Parents and Guardians

It is also essential that the dialogue between Parents and their children, or between Guardians and their dependents, be open, and that a safe space be created for children and adolescents to share with their Parents and Guardians what is happening in the virtual world.

Whether it’s something they’re asked, shown, or sent - or, above all, a meeting that someone wants to arrange - this should always be known to the family. But for that, Parents and Guardians must create the conditions for their children and dependents to feel comfortable doing so. We may be moving into an area that belongs more to psychology than to technology, but the key takeaway is that if you want your children and dependents to share these situations with you on an ongoing basis (and not just at a given moment), it is essential that your reaction allows for it, so that they don’t feel afraid or intimidated. Stay calm, take a deep breath. Make sure you resolve that specific situation, but that you also create the conditions for that channel of sharing to be maintained.

Protect Your Home Network

This is the point most neglected by people, perhaps because it is technically the most complex, but the goal is simple to understand: it is perhaps on your home network that most of the Internet traffic received and sent by the devices your children use passes through. As much as the devices themselves may be protected, if the network is not, you have a huge security hole.

In addition to the tips below, you can consult here the recommendations of the United States National Security Agency (NSA) on this matter.

And if you don’t feel comfortable with this topic, skip to the next one and come back here later.

Get a firewall

I think few people are aware of this, but the routers that telecom operators install in our homes are not exactly secure. And complaining to your telecom operator probably won’t get you very far. Those are the models they have available, and they won’t pay much attention to your cause.

What you should do, however, is make sure that device is updated from time to time. For example, when you renew your contract, you should demand the replacement of the device. In other words, we’re not just talking about updating the firmware, but the equipment itself. Given the relatively short cycles of technological updates we experience, the equipment will probably be obsolete by the time the contract is renewed.

This update is important for the performance of your network, but mainly for security reasons.

So, these devices are designed to provide you with Internet, cable television, and landline phone services, but they are not exactly designed to keep your network secure. With this in mind, I would not be exaggerating if I said that most homes worldwide end up being, to a certain extent, unprotected.

Unlike other measures that don’t require investment, this one requires purchasing equipment (or repurposing an old computer with two network cards). But it is an investment that turns out to be very worthwhile, in that it protects your entire home network (we’re talking about computers, tablets, smartphones, smart TVs, IoT, etc.) and will allow you something I consider essential, which is to have some visibility over your network.

In other words, it’s one thing to use our devices in our home without much awareness of what is going on across the network, and quite another to have a console with a dashboard showing all the information needed to understand whether the traffic is normal or whether there is something strange.

You will be able to tell whether the protocols being used are normal or not, to and from which countries the traffic is coming, and which services are being used, such as Google, Facebook, Instagram, Microsoft 365, etc. So if something suspicious appears, you can take immediate action.

You can, for example, block traffic to and from certain countries; that is, if you don’t want your network to communicate with systems in Russia or China, you can create that block (even though the block can easily be circumvented with a VPN), both for the traffic leaving your home and for the traffic coming in.

I’m talking about solutions such as pfSense, for more experienced users, or the Dream Machine from UniFi, for less experienced users who value a modern and simple interface, with the added benefit of integrated Wi-Fi.

Create separate networks

If you work from home, have you ever considered that when you connect your company devices to your home network, you are allowing your personal devices and your company devices to see each other, with all the risks that this can bring to you and to your company or the company you work for?

And that the devices your children use (who usually click on any link and open any attachment) are also on the same network segment as your devices, which you use to access your bank account, your email, and other personal documents and services of great importance to you?

Firewalls allow you to create separate networks for specific purposes. That is, you can create a network for your personal devices, another for the devices used by your children, another for IoT devices (assistants, video surveillance cameras, kitchen and vacuum robots, etc.), one just for guests, and, if you work from home, another for company devices.

Then you can even specify which networks pass through the router’s physical ports, if you want to connect devices via Ethernet cable, commonly known as a network cable.

The advantage of this configuration is that if something goes wrong with a device on a particular network, the likelihood of it affecting the devices on the other networks will be much lower, since the networks will be isolated - that is, the devices on one network cannot see the devices on the others.

Create separate Wi-Fi networks

In addition, you can create Wi-Fi SSIDs for each of these needs and associate them with the VLANs you created.

Use WPA3

Wi-Fi Protected Access 3 (WPA3) is the most recent standard for Wi-Fi networks, allowing the communication between each device and the Access Point (AP) to use stronger encryption, protection against attacks that under WPA2 made it possible to discover the SSID password, etc.

Add your devices to the white list

You probably remember from when you were younger that some people managed to figure out their neighbors’ Wi-Fi password and get free Internet that way. Nowadays most homes already have Internet, so this kind of access is no longer done for that purpose, but when it is done it has worse goals, such as spying or attacking.

With this in mind, adding your devices’ MAC Addresses to the white list and blocking all others gives you additional security.

Enable the Intrusion Detection System (IDS)

The Intrusion Detection System (IDS) feature makes it possible to detect intrusion attempts and notify the administrator, so that action can be taken. However, it does not make any change to or blocking of the traffic.

In other words, this means that if an attack is taking place, the IDS will not contain it. It will only inform you of it.

Enable the Intrusion Prevention System (IPS)

The Intrusion Prevention System (IPS) acts proactively in preventing attacks, seeking to keep them from reaching your internal network.

Create traffic rules

With traffic rules you can “be in charge” of your traffic; that is, you can create inbound and outbound rules that allow or block traffic, based on conditions such as applications or groups of applications (social networks, online games, etc.), domains, IPs, regions, etc., and you can even schedule the times at which the rule applies.

Use a VPN

A Virtual Private Network (VPN) creates an encrypted tunnel between your device and the VPN server. This means that if someone captures the traffic, they will not be able to interpret it, because it will be encrypted. This gives you privacy, because neither your Internet Service Provider (ISP) nor other entities will be able to see your traffic.

When choosing a VPN, you should make sure it has a certified no-logs policy - that is, that no data about your traffic is stored - because otherwise you would be protecting yourself from some entities but giving information to the VPN provider.

VPN services like (affiliate links) Proton VPN, NordVPN, Bitdefender VPN are recognized as trustworthy.

VPNs are commonly installed on devices such as computers and smartphones, but installing them at the router level allows all the devices in your home to use the tunnel and therefore be better protected.

Receive notifications and monitor traffic

Enable notifications to your email or smartphone, and monitor your network from time to time, to ensure that everything is normal.

Protect Your Devices

Now that your home network is minimally protected, it’s time to protect your devices.

Don’t routinely use privileged accounts

On computer operating systems such as Windows, macOS, or Linux, it is possible to have administrator users and standard (non-administrator) users.

In your day-to-day use, you should use non-privileged - that is, non-administrator - accounts. The same goes for your children.

The reason for this is that privileged (administrator) users can perform any kind of task on the computer, such as installing software, changing advanced settings (including security settings), among others.

By using administrator accounts in your daily routine, you run a greater risk, because in the event of infection, since the user has administration privileges, the malware will be able to more easily install other malicious software or make changes to the computer that it could not make with a standard user.

In the case of children and adolescents, they will be able to do the same - sometimes installing software without your supervision, which can prove dangerous. They may also make changes or run programs that you don’t want to be run.

With this in mind, the whole family should have their own standard account, and only one or a few family members should have administrator accounts. This way, whenever a family member wants to install an application or change more advanced settings, they will have to request permission from the person who knows the administrator password.

But be careful: you should not share that user’s credentials with your children, because if you do, they will be able to authorize these tasks themselves without needing your consent.

Install antivirus on all devices

Another recommendation is to have antivirus on all the devices in your home - that is, not only on yours but also on those of the children/adolescents. This is because if adults fall for tricks (we’ve all heard news of people who were hacked because they clicked on a link or opened a malicious attachment), minors fall for them even faster, clicking and opening anything.

An antivirus recognizes malicious files based on their signature, and the more advanced ones include heuristics - that is, they have the ability to identify suspicious behavior. Some test files in a sandbox (i.e., in an isolated environment), thereby being able to tell whether they are malicious or not, even without knowing them beforehand.

For this reason, antivirus software is a great help in preventing the infection not only of that device but the spread to other devices on the same network.

An infection that starts on a child’s device can spread to the devices of Parents or Guardians with severe impacts.

There are free antivirus programs, but my recommendation goes to the paid ones, in that their identification rate and recovery capability are usually higher, and they also include priority support.

And it is not always apparent at moment zero that devices are infected. To give you an idea, there are companies that, when they realize they have been attacked, find that the attackers had already had access to their systems for months.

So invest in good antivirus to protect yourself. You pay for a one-year subscription, and that subscription usually includes more devices, allowing you to protect 5 or 10 devices - which can be computers, tablets, and phones - thus protecting the whole family. You can, for example, use (affiliate link) Bitdefender.

Use a Virtual Private Network (VPN)

As mentioned above, a VPN creates an encrypted tunnel between your device and the VPN server, which means that if someone captures the traffic, they will not be able to interpret it, because it will be encrypted. This gives you privacy, because neither your Internet Service Provider (ISP) nor other entities will be able to see your traffic.

When choosing a VPN, you should make sure it has a certified no-logs policy - that is, that no data about your traffic is stored - because otherwise you would be protecting yourself from some entities but giving information to the VPN provider.

VPN services like (affiliate links) Proton VPN NordVPN Bitdefender VPN are recognised as trustworthy.

Only use official sources

If apps with malware are installed even via the official stores, imagine what happens through unofficial channels. The tip here is to use, as much as possible, only official sources, that is:

• On Windows, the Microsoft Store;

• On macOS, the App Store;

• On Linux, the distro’s official store;

• On Android, the Play Store;

• On iOS, the App Store.

This doesn’t mean you can’t install applications from other sources, which is actually quite common on computers. But in that case you should be extra careful and make sure you are downloading from the official sources.

Keep operating systems and applications updated

Operating system and application updates don’t just deliver new features; they also fix bugs and vulnerabilities. It is therefore recommended that you always keep your operating system and applications as up to date as possible.

I recognize that it’s a nuisance to have your device unavailable while the update is being installed; however, I emphasize their importance, especially the critical ones, which protect the device from newly discovered threats, thereby preventing them from being exploited against you.

Replace devices that have reached End of Life (EOL) and, in particular, End of Support (EOS)

Just as it is important that, when renewing your contract with your telecom operator, you request the replacement of your router with a newer one, it is also important to do the same with your devices. Pay attention to the dates on which they reach End of Life (EOL) and especially End of Support (EOS).

The term End of Life means that the manufacturer has stopped making more of those devices, and End of Support means that it has stopped providing support for them. This means it has stopped releasing updates, such as security updates, which prevent vulnerabilities from being exploited.

When this happens, the time has come to update your hardware with a new one.

Naturally, technology is not cheap and it is not always possible for us to stay up to date, but it is important to be aware that the older your devices get, the more vulnerable they are. That is, over time more and more flaws are discovered, and if the device is no longer receiving security updates, the vulnerabilities will become increasingly well known. There are websites on the Internet that list vulnerabilities for the general public.

Pay attention to app permissions

It is also essential to be careful about the permissions you grant. For example, it may be strange to have a fitness app requesting permission to access your device’s contacts, or a football scores app requesting permission to access your calls.

The same can happen with the apps your children install. A game that requests permission to use the camera and the microphone - does it really need that permission?

When we grant these permissions, we allow these applications to have access to our data or to perform tasks we don’t want them to perform.

So pay attention to the permissions you grant, and from time to time carry out a review to remove the permissions that don’t make sense for the scope of use of the application in question.

Uninstall apps you don’t use; disable features that aren’t useful to you

Kids tend to install endless games. They install one, play it for a while, get bored, search for and install another, play it, get bored, and the cycle repeats for days, weeks, months… Sometimes Parents or Guardians only notice this when the device gets slow and runs out of space.

This not only affects the device’s performance but also increases the likelihood of mishaps. Remember that each app or game you install increases the likelihood of your device having vulnerabilities that can be exploited. So uninstall the apps or games you don’t use.

You should have the same mindset with other technologies or features of your device. For example, did you know that Bluetooth has vulnerabilities that are frequently exploited? If you’re not using it, turn it off. You’ll save battery and reduce the attack surface.

Take special care with cameras and microphones

There is nothing more secure than combining software controls with physical controls. That is, if one fails, the other is there to compensate. To give a concrete example, if a particular malicious application activates the camera behind your back, if you have a physical blocker, all the person will see is darkness.

The same happens if you have a physical microphone blocker. Even if someone bypasses the software controls, they won’t be able to hear anything - I wrote about this here.

Believe me, this happens more often than you think, and more easily than you imagine. And if you don’t have good antivirus, you could be being spied on without even realizing it - including by apps that hide themselves in the apps menu.

In the specific case of assistants, disable the microphone whenever they are not being used.

Protect Your Online Accounts

The cloud has greatly simplified our lives. Consider, for example, swapping devices. We set up a new device with our account and, voilà, our contacts, emails, and photographs are already available on the new device without us needing to transfer them manually.

The value of the information that online accounts contain is usually quite high for individuals and companies. It is imperative to protect them as best as possible. However, this is not always done, and the consequence is that they can end up being broken into by strangers, unauthorized people.

And no one wants to have a stranger with access to their emails, reading private documents or notes, viewing family photographs, etc. But to avoid this, it is important that you observe some best practices that I describe below.

If you want to learn more about this subject, I invite you to read the article I wrote on this topic: Password Management - Best Practices to Know.

Set up strong passwords

Start by setting up strong passwords. Be aware that short passwords are easily guessed by software widely available on the Internet, and that a password starts to be considered strong from 14 characters onward.

For a password to be strong, it doesn’t need to be hard to memorize. A very effective technique is to combine 3 random words, such as “window-sun-beach”, apply upper and lower case, add numbers and special characters, and you end up with a password that takes centuries to guess.

Replacing “a” with “@”, “E” with “3”, “T” with “7”, or “O” with “0” only makes them harder to memorize and type, and doesn’t really add security to passwords, because software has long been programmed to do that too. Just to give you an idea, the password “P@ssw0rd123!” takes only 2 minutes to crack.

Use unique passwords for each service

Never use the same password for all your accounts! Strictly speaking, the ideal is for each account to have a unique password that is not used on any other account.

The mindset here is that if one account is compromised and you use the same password on other accounts, you can already see what is going to happen, can’t you? Instead of one compromised account, you’ll have several.

A concrete example is using the same password for your Gmail and Instagram accounts. If someone discovers your Gmail password, they will not only be able to read your emails but also access your Instagram conversations and, who knows, post in your name.

Teach this to your children from a young age. Remember that as they grow they will have more and more exposure to technology and, consequently, more and more accounts. Each new account should have a new password.

Encourage your child not to share passwords outside the family circle

In their innocence, children - and even adolescents - can sometimes share their passwords with friends or schoolmates, and also with other people outside the family circle.

This is dangerous, because no matter how well intentioned the other person may seem, the temptation to access our private data can be great. Moreover, often the best way to spread a piece of information is to ask someone to keep it secret. That is, what certainty do we have that that person won’t share our credentials with other people, even more distant from us?

Don’t let your young children know account passwords, especially if they contain sensitive data. But if they already have their own accounts or if they know your passwords, do some awareness-raising work to prevent them from being caught out like the people in the video below.

Use password managers

To help us easily manage the growing number of accounts we have, as well as to simplify the best practices of having passwords that are complex enough not to be easily guessed, different for each service, among others, the use of a password manager is indispensable.

Services like (affiliate links) Proton Pass, 1Password and NordPass are recognized as trustworthy services and are widely used.

Secure storage of passwords

First of all, password managers store your credentials securely. This means they use strong cryptography so that, even if their servers are compromised, no one can view your passwords.

Organization

Password managers also have the great advantage of allowing you to store the whole family’s credentials in an organized way. That is, you can create virtual vaults in which you store each of the passwords. For example, a vault for your own credentials, another for your child’s credentials, another for your parents’ credentials (in case you help them in this virtual world), etc.

In addition, besides the name/label you can give to each of your credentials, you can specify the website address. This way, the password manager will be able to identify the credentials it has to use whenever you access a site where you have an account, simplifying the process.

Creation of secure passwords

These services usually offer features to generate passwords with the characteristics you want; that is, you can specify the number of characters, whether to include numbers and special characters, and they even indicate the strength of the password you are generating.

You only have to memorize a single password

That’s right, you only have to memorize the master password, which you will use to access and decrypt all the others. You don’t need to memorize any other password, because they will all be stored within the service, so from the moment you are logged in, you can view or copy the passwords you want, or even use browser extensions that do it for you.

And since you only have to memorize one password, what’s the issue with generating passwords with 16, 32, or 64 characters for the services you use? The effort of logging in will be the same regardless of the number of characters the passwords have, and at least it ensures they are secure.

Simplicity in login: extensions and mobile apps

Password managers offer extensions for the best-known and most widely used browsers, as well as apps for Android and iOS, which greatly simplify the entire login process.

Enable Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds an extra layer of security to your accounts and your children’s accounts, by requiring one or more authentication factors in addition to the username and password. In other words, without MFA enabled, you can log into the account using just the username and password. If someone somehow discovers that data, they can access your accounts with no further obstacle. With MFA enabled, after entering the correct username and password, it is necessary, for example, to enter another code or approve the login on a different device, which proves that the account is really yours.

That other code can be sent by SMS, email, or it can be a hardware token or even one from an Authenticator-style app, such as Google Authenticator or Microsoft Authenticator.

I know it’s a nuisance to have to resort to extra codes to log into accounts, but believe me, this is a powerful configuration for protecting your accounts. Furthermore, you can increase login simplicity while increasing account security by setting up passkeys or using security keys such as the Yubikey, which allow you to log in without a password.

Learn more about this subject in the following article I wrote: Why you need to activate Multi-Factor Authentication (MFA) immediately

Set up Parental Controls

Parental controls allow you, as the name suggests, to have some control over the devices and applications used by your children. When enabled, the device or the application understands that it will be used by a minor, and immediately performs content moderation so that the child only views information appropriate for their age.

In addition to this adaptation of content to age, it will also allow you to set the total time limit you allow the child to use the device or application. After that time, it gets blocked and the child will have to enter a code to unlock it - a code known only to the parent. That is, you can set your dependent to use the tablet for a maximum of one hour, with the device getting blocked after that hour.

This way, you complement your household rules with an effective lock, preventing the little ones from taking advantage of a moment when you lose track of time, or while you’re dealing with other tasks. It also prevents possible secret use.

These tools also provide access to usage statistics and even notifications, as they are linked to your own device and/or application.

I do not, in any way, advocate that children should not use technology. On the contrary. I think the teaching of technology lags far behind what are the actual current and future needs, and behind all the doors it opens. People with technological literacy will increasingly have opportunities that cannot be granted to those who lack it. I am also not the right person to talk about the limits that should be set, since that may be a role for psychology professionals. However, I cannot fail to stress the importance of children playing and learning without technology, especially outdoors and with other children, which is why I advocate that limits be set.

Protect your bank account

One of the problems that occurs fairly often is children buying games, in-game items (such as virtual houses, cars, clothing, or others), or activating subscriptions through the mobile device stores, such as the Play Store or the App Store. This happens because parents associate their physical debit or credit card details, which is something you should never do.

Instead, a safer way to avoid unpleasant surprises on your bank statement - from payments made without your consent - is to create bank cards and define what use you want them to have; that is, you can create cards for:

• A single purchase, where you make a single payment and can’t buy anything else with that card. In other words, services also can’t charge you anything more on that virtual card;

• Multiple purchases, where you can make several purchases with that card;

• Recurring payment, which is useful, for example, for the monthly subscription of a service.

For each of the options above, you can set the card’s validity, as well as the limit amount that can be charged. You can also cancel the cards at any time, with no impact on your physical card.

Financial apps are increasingly offering these features, just like the well known MBWay in Portugal and Pix in Brazil.

In addition, and because protection is built in layers, you should configure the app stores to always ask you for the account password before any purchase is authorized. If that password is not shared with your children, they will always have to come to you, regardless of which card is configured. But watch out for shoulder surfing while you enter the password - that is, you should not let your children see the keyboard or the screen while you enter the password. Believe me, they memorize it in an instant!

Learn more details about this subject in the article I wrote on how to protect bank cards - Bank Cards - Learn How to Protect Them