How many contacts have you got on your MSN Instant Messenger (IM) contact list that you have only met online? I had asked this question, many times. On this occasion, at a primary school in Kent, the pretty blond nine-year-old girl had the most contacts: 257 ‘friends’ that she had never met in real life.
This was 2010, and I’d been an (ISC)² Safe and Secure Online (SASO) volunteer for over a year. Facebook was not that popular in schools at that point – instead, online chat was preferred. I recall a ten-year-old boy in the same class who admitted to meeting some of his online ‘friends’ without taking a parent or adult. His parents were shocked; but unfortunately, having done a few of these sessions in secondary schools, the shock factor for me had subsided – replaced only by acute sadness.
In one secondary school, two 12-year-old girls said they had gone to meet a ’14-year-old guy’ they had spoken with in an online chat room. He had ‘confirmed’ his age by sending a photograph. They insisted they met in a public place, which turned out to be the local park: the most un-public, public place I know.
The results of an electronic survey I have carried out on 1555 10- to 12-year-olds show that 10% have physically met someone they first encountered online. Of these, a quarter went alone to the meeting.
The Facebook Era
In the last few years, Facebook has become very popular with students. Despite the minimum age for Facebook being 13, this rule is regularly flouted. Students from age seven have their own Facebook accounts. In one incident relayed to me by the head teacher of a primary school, an eight-year-old girl sent a ‘friend’ request to her male teacher; the teacher was distraught because the friend request included a topless photo of the girl on a beach. He feared for the implications that could be drawn from that.
By the time children get to year five in school (nine to 10), about 60% have Facebook accounts, approximately 75% of year six, and 90% of year sevens. I ask the classes what age Facebook thinks they are. Responses have ranged from between 18 and 75, with most claiming to be in their mid-twenties.
I was recently asked to do a SASO session by a local council in a number of schools following a report that an eleven-year-old pupil had accepted a friend request from an individual overseas who was posing as a child but was actually an adult male. The pupil had a number of similar-aged friends on their Facebook. The individual from overseas started grooming the youngster’s friends, as they had not turned off the ‘friends of friends’ option. I understand that he was arrested in the US and prosecuted. (ISC)² UK volunteers did a number of sessions in the schools in that local authority area.
A more subtle danger is children and teenagers being exposed to adverts on Facebook that are targeted according to the user’s age. Because many lie about their age, they are regularly subjected to inappropriate adverts such as weight loss or ‘hot date’ ads.
Beating the Bullies
Cyber bullying and gaming are also huge concerns. It is regarded so seriously that the latest Ofsted inspection guidance has cyber bullying as an issue that the inspection must address. A copy of the guidance can be found online.
With regards to gaming, the most popular games among school children are rated 18 or older – Modern Warfare 2 and 3, Call of Duty, etc. On 8 November 2011, I was doing a SASO session in a catholic primary school when I met a nine-year-old who was looking forward to going home because his parents were taking him out to buy the latest 18-rated game. Children often play the games online against other adults. One group of year 6 boys were in tears telling me and their headmistress that they love the game, but really hate the adults who swear at them all the time (as they can talk to the other players using headsets during the game). One primary school teacher told me that children often arrive in class first thing in the morning making bomb and machine gun sounds.
Furthermore, of the children I surveyed, 50% said they had been online after 10pm and 13% had been online after 1am on a school night. This poses real issues for every school regarding punctuality, attendance and ultimately attainment.
If they cannot afford the games, youngsters will obtain them and other games online via illegal downloads or from non-reputable websites. When asking a group of pupils whether they have had a virus on their computer, over 90% will say they have.
Making it Count
During the SASO session, I show a video that tells the story of a pupil who is the victim of cyber bullying by text message, instant messenger and creation of an unpleasant spoof website. At the end of the film, I always ask the students how they would have felt if they were the main character, Joe, who had been the victim of cyber bullying. Most children respond by saying angry, upset, sad, etc. Often, it has allowed pupils to open up about their own experiences.
In addition to educating the industry about the Safe and Secure Online program, there are three main reasons why I am writing this article:
- To make parents think seriously about what their children are doing online
- To make you consider whether you sharing your IT system at home with children or teenagers is exposing your organization to information security vulnerabilities? I am aware of some large financial institutions that provide free anti-virus and anti-malware products to their employees to help combat this.
- To offer a word of warning in relation to how children and teenagers use social networking. If you are offering employment to the younger generation, you should be aware that some have become conditioned to making outrageous statements and posting inappropriate pictures on social networking sites. They need to be educated about what is acceptable and what is not.
If you are a member of (ISC)² , you can also get involved by volunteering for the Safe and Secure Online program and help make a difference.
If you have responsibility for information security training in your organization, then consider changing the sessions to assist parents and caregivers so that they understand the threats and vulnerabilities to the family. That change will generate a greater interest in the employer’s information security messages they wish to convey.