Cybersecurity Awareness Month 2022: Five Disastrous Pitfalls to Avoid at All Costs

Cybersecurity Awareness Month Keynote Speaker

Security Awareness Training that Won’t Put Your Peeps Asleep

National Cybersecurity Awareness Month, which takes place every year in October, is a lot like spring cleaning. It’s when we buckle down and finally get to that pile of papers we’ve been staring at all year. It’s also when we learn to build new systems that prevent the pileup in the first place. Fall is when we turn on the throwback tunes, grab some reinforcement, and dance our way through important cyberthreat mitigation. As a cybersecurity keynote speaker, it is my responsibility to help you know where to start, what to do next, and how to prevent the mess that comes from not paying attention to security awareness training. It is the combination of deep work in October and preventative education throughout the year that make cybersecurity digestible, effective, and even a whole lotta fun. In the meantime, here are 5 Disastrous Pitfalls you can avoid during your organization’s Cybersecurity Awareness Month 2022:

1. Don’t Overstuff October with Awareness

Assuming that your employees are appropriately educated after just a month of data protection training is as ridiculous as saying “I washed my sheets once, so I’m set for the year!” First of all, no. Second of all, gross! To continue our cleaning metaphor, if you wouldn’t ask your most treasured house guests to sleep in a bed with sheets you washed last October, why would you entrust your company’s most sensitive data to a team that is dealing with year-old information??

It is all too easy for organizations to assume that their responsibilities are contained and fulfilled when they dedicate an entire month and a substantial budget to those responsibilities. Don’t get me wrong, I LOVE that we have a month dedicated to cybersecurity awareness. But many organizations concentrate all of their efforts into October while completely neglecting the other 11 months. Here’s the point: Information overload is not effective, for your people or your budget. Corporations that rely on October alone may forfeit some of their responsibility while exhausting their staff into a state of disengagement.

How do I know this? Every year, I am booked solid from September through November, right around–you guessed it–Cybersecurity Awareness Month. And I’m not complaining about the business! But I am concerned that we see a sudden yet fleeting burst of motivation by companies and yet a lack of accountability the rest of the year. More and more, in addition to a keynote event during their October campaign, smart organizations will supplement their education with monthly emails, phishing contests, brown bag lunch dates on personal security, funny social engineering videos and other relevant updates that keep their staff current on the latest cyber trends.

2. Don’t Hire Speakers Who Bore Them to Tears

Emotions matter. Your people matter. A relatable, captivating experience is critical to creating personal buy-in among your employees. And let’s face it, your people are only your weakest link if you let them be. When you bring in engaging, entertaining speakers who make the topic personally relevant to their lives (not just to your bottom line), they will naturally expand and apply that learning to your organization.

Take Facebook for example. They have successfully implemented “Hacktober” during National Cybersecurity Awareness Month, which provides workshops and gamified contests for workers to implement everything they learned throughout the year. And then in October, they reward their team with a highly entertaining speaker (shameless plug ;-) that benefits them personally and professionally.

When I live hack the iPhone of an audience member (using humor to socially engineer them) or run a game show about deep fake technology to educate them on trending threats, they leave not only with tools for protecting the company, but with personal buy-in about why data defense matters. But if it’s boring, it gets forgotten.

3. Don’t Force Feed Them 8 Straight Hours of cybersecurity awareness training

More is not always better. Faster is rarely better. Eight hours of pure content without a bathroom break is not better. And it’s probably illegal. Because we are productive beings focused on “more”, we sometimes confuse efficiency with effectiveness. In the case of cybersecurity awareness training, eight hours of hearing about hackers, fraudsters and scams (oh my!) isn’t going to do much besides–at best–convincing your people to tune out and enter BORED, SLEEP and WASTE and in their latest Wordle puzzle.

Organizations that treat cybersecurity awareness month as a time to stuff all content into one long day and hope that everyone learns something (or at least stays awake) tend to be wasting their money. More education in less time is not the way to prevent cybercrime from landing you at the top of the news cycle. In fact, content stuffing will dull down the topic so much that your people will care less than when they walked in.

It’s like one of those weeks where you put off doing the laundry just long enough that your clothes barely fit in the washer. So you stuff it all in and not only don’t the clothes get clean, but the machine is toast before the spin cycle subsides. The lesson? Don’t leave your people half-washed by stuffing their brains so full that they can’t finish the cycle. The most savvy data protection education I see tees up the topic with a few new best practices–let’s say password or click hygiene–paired with real life stories of what happens when it all goes bad. Audiences love stories, so don’t drown them with statistics and a boring PowerPoint.

4. Don’t Make it Only About the Organization

Would you rather fold your own underwear or those of a random stranger? If you have any common sense (or knack for hygiene), you’d choose your own. Doing the laundry may not be the funnest part of your Sunday routine, but you know it is necessary because in the end, it directly impacts you. Forget to start the wash? You’re the one going commando. Dumped the basket of dress shirts on the floor and forgot about it? Monday is going to be stress with a side of wrinkles.

The point is, when something impacts us personally, we notice it quicker and invest in it more fully. Many keynote speakers on cyber threats ask you to fold someone else’s laundry–they only want you looking out for the good of the organization. They don’t give individual employees a “why” that impacts each of them personally.

In other words, Cybersecurity Awareness Month is not just about educating. It is about creating emotional buy-in. In order to be remotely effective, cyber education should come over the course of the entire year–not just one month dedicated to it. So why have a dedicated month at all? Because October serves as a national reminder about why this matters. It is the responsibility of your keynote speaker to 1) Get employees and executives passionate about protecting the data that drives your profits and 2) Illustrate how protection affects them personally first. If the individual doesn’t give half a load of laundry about defending their own private information, they sure as heck aren’t going to care about protecting the corporation’s information capital. By bridging the personal and the organizational, we can encourage personal buy-in that leaves the individual and the company better off for it.

So, if Pitfall #3 is an oversupply of content, then Pitfall #4 is having an inadequate reason to listen and take ownership in the first place.

5. Don’t Focus on Failure, Focus on the Future

When organizations and leaders only focus on what their people are doing wrong, those people are far less likely to embrace change. Employees want to feel like they are successfully contributing to the health and well-being of the company. So, if you approach cybersecurity education and awareness from a peripheral angle and point out what IS working and where you have thwarted attacks, individuals feel proud and therefore much more empowered to continue the momentum into the future. Cybercrime is already a negative topic, needlessly harping on past failures only depresses progress.

For example, in my cybersecurity keynote presentation, I make it a priority to point out how it is generally the human beings inside of any organization that catch fraud in process. Your people are your superheroes when it comes to data defense. You can have the greatest technological tools in the world, but if you don’t have a smart human wielding them, they are worth next to nothing. This approach is called Appreciative Inquiry, and it is an incredibly powerful tool in your arsenal of human cyber weapons. And it is generally missing from the average Cybersecurity Awareness Month playlist.

And with that in mind, here is the good news. YOU DON’T HAVE TO BE VICTIM TO THESE PITFALLS. I have witnessed hundreds of cybersecurity awareness month events in my two decades of keynoting events, and the leaders that understand and avoid these pitfalls don’t just create a better awareness event, they build a long-term cybersecurity culture. And that’s something that doesn’t come out in the wash.

_____________________________

John Sileo specializes in Cybersecurity Awareness Month 2022 keynote presentations that set your month, year and awareness program up for success. If you’d like to learn how John will customize his speech to your event, contact us directly on 303.777.322 or by filling out our friendly contact form.

Local Government Cyber Security: Our Next Big Threat

Mobile Device Statistics on Our Children

I found these mobile device statistics on our children’s use of technology to be eye-opening. 38% of kids under 2 have used a mobile device – the digital babysitter, I suppose. Anyway, I think it’s important that we know what direction our kids are heading and what we, as parents, are doing to point them there. Part of security involves access: how much they have, how well they are monitored and what the consequences are for improper use.

Zero_to_Eight_2013_infographic

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

CryptoLocker Alert: A Virus You Need to Understand

Are you prepared for CryptoLocker, the next wave of Internet virus?

CryptoLocker is the next generation of internet virus that is currently circulating all over the world in large numbers. Once a computer becomes infected it will lock all your files plus any network files it has access to, even your server. Once the files are locked it will give you a three day countdown to pay the ransom, usually $100 or $300. If the time expires your files are locked with no option to pay the ransom.

Currently there are only two known methods to remove the infection, restoring your files from a backup or paying the ransom. Please be aware that paying the ransom is not guaranteed to work. We don’t condone paying the ransom as it supports and encourages these cyber criminals.

What makes CryptoLocker exceptionally dangerous is the fact in most cases it can pass right through all Anti-virus protection suites (my go-to IT security firm for matters like this, Sierra Ridge Networks, is working with their anti virus partners to make sure they provide the most current solutions – make sure your tech guys are doing the same.)

How CryptoLocker Generally Invades Your Systems

  • In the form of attachment, usually disguised in an email appearing to come from your bank, insurance company or courier service or scanner.
  • Through Trojan websites, which will ask you to download a piece of software in order to watch video clips or download songs off the internet.
  • Through malicious websites with names similar to popular ones, waiting for you to mis-type the URL and share as if on your favorite website.

Advice for Preventing the CryptoLocker Virus

  1. Never open attachments if you are unsure of the contents, the sender or if your gut says something isn’t right.
  2. Look for clues in the email content. Most legitimate emails will address you by name and not something generic like ‘customer’ with vague wording.
  3. Misspellings, faulty English, promises of riches, freebies or other bribes are all signs that something is fishy.
  4. Do not click on website links in emails until you have viewed the link location. Do this by hovering over the link, which will display the actual link at the bottom of your email program – if the link and the hyperlinked text don’t match, you’ve got a problem). Instead of clicking the link, you are best to manually type the URL into your browser.
  5. Make sure your anti-virus is updated regularly on EVERY system connected to your network, including mobile devices.
  6. Make sure your backups are current and working and backing up ALL critical data.

If You Get Infected by CryptoLocker

  1. Stop work! TURN OFF YOUR COMPUTER! Shut down your entire network, if possible until help arrives. 
  2. Contact an IT Security specialist. I use Sierra Ridge Networks out of Colorado.
  3. Alert people on your network, as any work completed after infection will be overwritten when the backup is restored.

John Sileo is NOT an IT Security Specialist, but an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Internet Privacy & Kids: Social Network Monitoring in Schools

librarians-watching computer useSocial network monitoring becomes big business. Fresh off the heels of learning that the NSA has been gleaning data about us using information found on social networking sites comes the news that a school district in California is paying a monitoring service to watch and report on what students are posting on sites like Twitter, Facebook and Instagram.

Glendale Unified School District is paying $40,000 over the next year to a company called Geo Listening to monitor its students’ social media activity.  This program was introduced after one of their students, 15-year-old Drew Ferraro, committed suicide by jumping from the roof of Crescenta Valley High School.  It started as a pilot project in three schools last year and is now being rolled out to all middle and high schools across the district.

Glendale is not the first school system to use monitoring services.  They are used fairly commonly at the college level.  Louisville and Kentucky use a social media monitoring system with their athletes that flags words for coaches that relate to drugs, sex or alcohol and they also have access to all of the athletes’ photos and videos.  (LSU, Florida, Texas A&M, Texas, Missouri, Ole Miss, South Carolina, Auburn, Baylor and New Mexico are among the other schools that use similar monitoring methods).

 

Mount Wachusett Community College was one of the first schools to monitor social media on a dedicated level and was recognized for being proactive by the National Council for Marketing and Public Relations.  Robin Duncan, vice president for marketing and communication at MWCC says simply, “If you don’t have someone paying attention to your new media … you’re being negligent.”

In Indiana, a high school senior, Austin Carroll, was expelled from Garrett High School and forced to enroll at an alternate school to get his diploma for a profanity-laden tweet that was flagged by his school’s social media monitoring system.  Many schools that don’t pay for a monitoring service still task their administrators with doing it.

So, while it’s nothing new for schools to monitor their students’ communications (I recall having a few notes intercepted and read by my teachers), it begs some questions:

  • Who should be in charge of monitoring our kids?
  • How much privacy should kids be allowed?
  • To what extent should schools be involved?

The answers are not straight-forward.  When daily reports of government surveillance cause a public outcry over privacy issues, we want to extend those same privileges to our kids.  Yet, there are cases like the Ohio school shooter, T.J. Lane, who killed three classmates and wounded others.  Lane had posted chilling comments on Facebook a few months before and tweeted the morning of the shooting that he was bringing a gun to school.  It was right there, publicly posted, yet no one knew to stop him.

It’s easy to blame the schools, to blame the district, to blame someone else, but as parents, WE should be the ones to monitor our kids’ posts…

  • WE need to remind them that all posts are permanent, public and exploitable – forever.
  • WE need to look for warning signs of violent intentions toward self or others, substance abuse, bullying…
  • WE need to get off our own Facebook pages and check in on our kids.
  • We need to have engaging, heart-to-heart conversations with our kids so that they feel we are the ones to reach out to when the dark days come.

The truth, however, is that some (okay-most) parents don’t do it.  As with countless other issues that we have come to expect our schools to teach (sex education, drug resistance, anti-bullying), keeping up with social media is something most parents aren’t comfortable with, don’t understand completely, or just don’t want to deal with. And that unwillingness has disastrous consequences for kids who are troubled, in trouble, or the victim of another troubled child.

Ralph Hicks, superintendent of Ashburnham-Westminster Regional School District in Massachusetts, explains that the legal doctrine “in loco parentis,” which is Latin for “in place of a parent” allows school officials to interfere in the lives of students only in issues involving the school.  More and more, that definition involves anything said about the school (or students and staff) whether the communication occurs on campus or not.

Parents (and students) who think that this monitoring is a violation of their kid’s privacy should remember that EVERYTHING BEING MONITORED IS ALREADY PUBLICSchools aren’t breaking into your child’s Facebook account, they are simply monitoring what everyone else on the Internet can see. And if it saves a life, thwarts a bully, or rescues a child in need, it’s worth it. 

John Sileo is a keynote speaker on Internet Privacy and CEO of  The Sileo Group, a think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable.

Interview with Reputation.com on Business Identity Fraud and Online Reputation

reputationcomDo you want to know how businesses can protect themselves and enhance their online reputations?

Would you like to know the answers to the following questions?  

  • Are businesses adequately protecting themselves online? If not, what more should they be doing?
  • What is business fraud and how does it differ from consumer fraud?
  • What should companies be thinking about when they get involved with social media?
  • What can businesses do to monitor their online reputation?
  • Should companies respond to everything negative said about them online? If not, what should they focus on?
  • Should businesses be paying attention to their employees online? If so, how can they do that in an ethical way?
  • What is the most important advice you would give a new business just starting to develop an online presence?

To learn the answers to these important questions, read the interview I recently did with Reputation.com.

Financial Planners: Give Your Clients Mobile Security this Holiday Season

Santa in summerWrap Up Your Mobile Security this Holiday Season!

Your clients compute almost as much on mobile devices as on desktop computers. They read banking and investment emails on their smartphones, log in to sensitive financial accounts via their iPad and store mission critical data on their laptops. But along with the freedom and efficiency of mobile computing comes a great deal of risk – risk that threatens their net worth. Small devices are easier to lose, simple to steal and are tempting targets for data theft. And to top it all off, your clients protect their mobile devices like mere phones and book readers, instead of the computers they really are.

So, if you are thinking ahead about what to get your best clients for the holidays, we have the answer.   How about a thorough list of privacy prevention practices to get them safely from Black Friday through New Year’s Eve?  Sure beats a reindeer sweater or a fruitcake!

Gather a group of your best clients and treat them to an hour of tried and true practical ideas to safeguard their privacy.  You provide the cookies and eggnog, we will provide the expertise and your clients will appreciate the useful gift!

We will provide simple, actionable tools to protect and enhance the mobile tools your clients use to do business. You will learn how to add value to your clients by helping them:

  • Lock down smartphones and tablets from thieves
  • Track mobile devices if stolen or misplaced
  • Safely use free Wi-Fi hotspots in cafés, airports and hotels
  • Determine which apps are safe and which aren’t
  • Evaluate mobile banking and investment apps

In addition to mobile security, we can customize the speech to cover other holiday hot topics, such as:

  • Protecting your identity from being stolen (think of poor George Bailey) at this busy time of year.
  • Becoming aware of what you unwittingly share on social media sites during the holidays.
  • Preventing your holiday parties at home or at work from becoming sources of data theft.

We’ll tie it all into a holiday theme to keep an edge of humor and the holiday spirit, all while delivering seriously practical ideas to protect your clients.  (Click here for a sample.)

Limited dates available. 

Call us today to secure your date The Sileo Group 303-777-3221

John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security, Van Wyk Risk and Financial Management and businesses looking to protect the information that makes them profitable.

 

 

 

 

 

 

 

 

 

 

 

Keeping Grounded When the Surveillance Accusations Start to Fly

NSAI’m in the business of encouraging people to keep their guard up.  I’m always telling people to watch for signs of something that doesn’t feel quite right, take precautionary measures, and stay informed.  But even I have to question the tactics some are recommending when it comes to reacting to the NSA PRISM surveillance program leaked by Edward Snowden.  In a previous post on this topic, I said it isn’t a black or white argument, but some people are asking you to make it one.

Best-selling author, technology expert and Columbia Law School professor, Tim Wu, has said that web users have a responsibility to quit Internet companies like Google, Facebook, Apple, Yahoo and Skype if it is indeed verified that they have been collaborating with the NSA.  In fact, Wu bluntly proclaimed, “Quit Facebook and use another search engine. It’s simple.  It’s nice to keep in touch with your friends. But I think if you find out if it’s true that these companies are involved in these surveillance programs you should just quit.”  Wu acknowledged that there is still much to learn about this program and admitted it was no surprise that PRISM exists, saying, “When you have enormous concentrations of data in a few hands, spying becomes very easy.”

Of course, the companies in question vehemently deny such complicit cooperation.  Google CEO Larry Page stated, “any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.  Facebook CEO Mark Zuckerberg said reports of Facebook’s involvement are “outrageous,” adding  “Facebook is not and has never been part of any program to give the U.S. or any other government direct access to our servers.”  Yahoo’s Ron Bell stated, “The notion that Yahoo! gives any federal agency vast or unfettered access to our users’ records is categorically false.”  Similar statements were issued by from spokespersons for Apple, Microsoft and others accused of complying.

To add fuel to the fire of this debate, top US intelligence officials have stepped forth with their own comments.  US Director of National Intelligence James Clapper asserts the National Security Agency’s PRISM program is “not an undisclosed collection or data mining program” but instead “an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information.”

In addition, claims that the sweeping surveillance programs have prevented multiple attacks keep swelling.  Immediately following the leak, House Intelligence Committee Chairman Mike Rogers cited one attack that he said was thwarted by the program, but would not give specifics.  Since that time, however, there have been dozens of reports of foiled terrorist attempts, from a plot to bomb the New York Stock Exchange to an attack against the New York subway system, that were prevented because of the surveillance.  Army Gen. Keith Alexander, director of the National Security Agency, said more than 50 attacks have been averted.  Alexander also stated that Snowden’s leaks have caused “irreversible and significant damage to this nation” and undermined the U.S. relationship with allies.

No doubt, the debate over the propriety, as well as the effect, of Snowden’s actions will rage on for some time.  There will be others who recommend and take drastic actions, such as quitting the Internet giants, for fear of their safety and/or privacy.  The key is to keep cool, find the facts and then NOT forget. The biggest risk is that our discomfort will be forgotten in a week when the next big topic arises. You can take the reasonable steps of doing your research, acting in calculated moderation and following through on what YOU feel is important.

John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable.

Talking Surveillance Once Again–Know Your Phone Carrier More Precisely

phone moneyWhen you log onto the Verizon Precision Market Insights website, the giant catch phrase that jumps out at you in bold red letters is:

“Know your audience more precisely.

Drive your business more effectively.”

Verizon is pulling no punches when it comes to letting advertisers know that they have valuable data- OUR data- and they’re willing to share it.  For a price of course.  Phone carriers, who see a continued decline in contract subscriber growth and voice calls, are hoping to generate new sources of revenue by selling the data they collect about us.  They already collect information about user location and Web surfing and application use (which informs them about such things as travels, interests and demographics) to adjust their networks to handle traffic better.  Now they have begun to sell this data.

Note: Verizon customers can OPT-OUT of this data sharing by logging into their accounts online and following the opt-out instructions. I recommend that you do so immediately.

Instead of seeing themselves just as providers of valuable services to their customers by providing a means of communication, carriers now see the potential profit beyond the service.  Businesses such as malls, stadiums and billboard owners can gather information about the activities and backgrounds of cellphone users in particular locations.  For example, Verizon’s data service is being used by the Phoenix Suns to map where people attending its games live “in order to increase advertising in areas that haven’t met expectations”, according to Scott Horowitz, a team vice president.

In Verizon’s own words, their analytics platforms allows companies to:

  • Understand the demographic, geographic and psychographic makeup of (their) target audience.
  • Isolate where consumer groups work and live, the traffic patterns of a target audience and demographic information about
what groups visit particular locations.
  • Learn what mobile content (their) target audience is most likely to consume so (they) can cross-sell and up-sell more easily.

The program does not include information from Verizon’s government or corporate clients and individuals do have the right to opt out on Verizon’s website.  Some European companies have launched similar programs and Jeff Weber of AT&T says they are studying ways to analyze and sell customer data while giving users a way to opt out, but at this point they do not have a similar product.

Carriers do acknowledge the privacy issues related to such data surveillance and companies say they don’t sell data about individuals but rather about groups of people. But Chris Soghoian, a privacy specialist at the American Civil Liberties Union, is worried according to an article in the Wall Street Journal.  In it, he says “the ability to profit from customer data could give wireless carriers an incentive to track customers more precisely than connecting calls requires and to store even more of their Web browsing history. That could broaden the range of data about individuals’ habits and movements that law enforcement could subpoena.  It’s the collection that’s the scary part, not the business use.”

In other words, it’s about more than well-meaning companies collecting our data; it’s that their company databases are vulnerable to attacks by hackers, competitors and foreign governments. And when a breach happens, it’s our data that goes missing.

John Sileo is a keynote privacy speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable. Watch John on 60 Minutes, Anderson Cooper and Fox Business.

Summer School for Parents: Protecting Your Kids' Social Media Privacy

girls phones summerSchool is out for the summer and the tasks that often fall upon the shoulders of your local schools are now sitting squarely on yours.   In addition to making sure your kids practice their math facts, read regularly and get plenty of exercise, you’ll want to watch out for how they spend their free time when it comes to using Facebook, Tumblr, Instagram, Twitter, YouTube and other sites that can expose their social media privacy.

Social Media refers to web-based and mobile applications that allow individuals and organizations to create, engage, and share new user-generated or existing content in digital environments through multi-way communication.  Okay, that’s too technical. Social media is the use of Internet tools to communicate with a broader group. Some of the most common examples are listed above.  If you have elementary aged children, they may use more secure, school-controlled forms such as Schoology, Edmodo or Club Penguin, but if your kids are older, I can almost guarantee they’re into Social Media sites whether you know if or not.

Statistics show that 73% of online adolescents visit social networking sites daily and two billion video clips are watched daily on YouTube.  The American Academy of Pediatrics recently conducted a study that found that 22 percent of teenagers log onto their favorite social media sites more than 10 times a day, and that 75 percent own cell phones.

So, how do you battle such a time-consuming, captivating influence over your children?  You don’t, because you won’t win!  Instead you look at social media privacy best practices that schools implement and do the same at home.

  • Expect the Internet to be used appropriately and responsibly and set agreements and consequences with your children if it is not.  The Family Online Safety Institute can guide your discussion and even provide a contract.
  • Expand your typical discussions about strangers to include social media
    • Don’t accept unknown friend requests
    • Don’t give out personal info – specifically: last name, phone number, address, birthdate, pictures, password, location
  • Warn kids about the dangers of clicking on pop-up ads or links with tempting offers, fun contests, or interesting questionnaires, even if they’re sent from a friend.  They may really want that free iPad being offered, but chances are it’s just a way for someone to glean their personal information.
  • Monitor the information your kids give out and their use of sites; let your children know they should have no expectation of privacy.  (Make that part of your contract.)  You can also install filtering software to monitor their social media use and even their cell phones.  A few popular ones are Net Nanny and PureSight PC to help keep your child safe online and My Mobile Watchdog to help with monitoring their cell phones.
  • Check your privacy settings for all Internet sites and make sure they are set to the strictest levels.
  • Remind your child that once it’s published, social media is public, permanent, and exploitable forever- even when “deleted”
  • If your children are not 13, keep them off of Facebook since that is their stated age limit. There are plenty of reasons, not the least of which involves the emotional repercussions of being “unfriended” or cyber bullied.  When they are ready, have your children read and study the actual Facebook user agreement and privacy policy and discuss it with them.
  • Set limits on social networking time and cell phone time, just as you would for TV hours. Many families limit total screen time, which includes everything from computers, iPads, smartphones, and video games to our old fashioned notion of television.
  • Be a good example yourself.  Monitor your own amount of time spent online and seek to find a balance of activities. When you are on you iPhone at dinner, you are letting your kids know that this is acceptable behavior.
  • Monitor your child’s activities and try to stay educated about the latest platforms!

Social Media can be a positive way for kids to continue to develop friendships while they’re home for the summer and to feel like they’re connected to a community that matters more to them than anything.  But there are risks that come with it and it’s your job as a parent to protect them from those risks just as surely as you keep them from taking candy from a stranger

Social networking has an addictive component because dopamine (a natural feel-good drug produced by the body) is released anytime we talk about ourselves. And what is social networking if not a constant exposé of what is happening in our lives? Just make sure you know what is happening in your child’s life, even in the more relaxed months of summer.

John Sileo is an online privacy expert and professional speaker on social media privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.