Cyber Security for children during study from home

Cyber Security for children during study from home

Hoping all my readers are healthy and safe from Covid-19 situation. With the current lock down in many countries, we have seen that not only commercial establishments have established work from home for their employees and other staff members, but also schools have enabled study from home where students are asked to have classes from home via telepresence tools like Microsoft TeamsZoom & Google Hangout.

This year, while many of us are confined to our homes, protecting our communities from COVID-19, and relying on our home networks more than ever it seemed especially important to write this blog post during these troubled times it will help provide a bit of peace of mind for households everywhere.

While this opens up different arenas for students to continue their learning from home during this lock down, it exposes children to cyber predators— people who search online for other people in order to use, control, or harm them in some way, cyber bullies — the electronic posting of mean-spirited messages about a person, often anonymously and dangerous online games like Blue Whale and similar games that promote self harm. Also, most teenagers are baited to work with illegal click farms to earn money since it needs a phone or computer with decent internet connection only.

This blog post discusses about how parents and children should work together to understand and address the cyber security issues and ensure that children are safe and away from harms way when spending their studying or leisure time online.

Parents

  1. Start with establishing screen time for your kids. Establish clear boundary between study/learning screen time vs entertainment.
  2. Keep a check on all email accounts used by your kids, especially the ones that include online communication functionality. Like gmail/hangouts, outlook/skype, etc
  3. Keep a check on how many social media accounts are created by your kids. Most kids have multiple Facebook accounts separated for friends and family. Ensure that you are passive part of these networks to monitor activity.
  4. DMs or Direct Messages should be audited periodically. This functionality is available on major social media networks like Twitter, Facebook, Instagram and TikTok for starters.
  5. Ensure that their phones and computers are always updated with latest system updates.
  6. Software downloads — Have them avoid unnecessary software downloads, and only download software from reputable sources. Although free games for kids may be fun, they could contain malware or viruses that can steal information off the device.
  7. Use webcam covers to cover the laptop cameras and ensure that they flip open only when they need to do video calls or conferencing.
  8. Use parental control apps for Computers and Mobile Phones/Tablets. AppleAndroid & Microsoft have some amazing tools to enforce parental control on their devices.
  9. Enable activity logging on your wifi routers. For devices like Netgear, there is enough documentation available or if your wifi router is provided by your ISP, ask them to activate it for you.
  10. If you are families with DNS configuration, use Cloudflare DNS Resolverto secure your internet access from malware and adult content.
  11. Don’t share Wi-fi Password with your kids. Or if your Wifi Router has ability to create multiple profiles, create a separate limited profile for your kids. Get Wifi routers like Amazon Netgear Nighthawk for enhanced security.

Children

  1. Develop Awareness – Talk to your parents or elder siblings with considerable knowledge in tech. Gain basic understanding of cyber bullying, netiquette, virus protection to identify wrong doings over the internet.
  2. Use Strong Passwords. Change your passwords when you receive an account from school. Gamefy your password creation process. Never use your personal information like date/year of birth, etc as passwords. Don’t use your best friends name as your password. Try keeping easy to remember passwords like !Like3Doughnuts (I Like 3 Doughnuts) or D0ntP00Phere (Don’t Poop Here) or something funny that you can remember. Share passwords with your parents or legal guardian or your elder siblings. Never share passwords with outsiders, friends or even relatives without first checking with your parents.
  3. Don’t open emails from strangers or from email address with names of your parents but email address not belonging to your parents. E.g. if you see an unusual request from your mom or dad via email with their name, validate the email it has come from. If the email is not recognized, call them and verify. Also don’t click any unfamiliar links or download files as attachments.
  4. Never accept invites from unknown people on Social Networking sites like Facebook or Instagram. Engage with Direct Messages only from friends you know. If you feel someone is trolling you or cyber bullying you in school, inform immediately to your parents and school teacher. Online Trolls and Cyberbullies are harmless once they are exposed to many people.
  5. Device Safety — Never leave your device unattended, log off or shut down when not using the device. Never allow others to connect to your device via Bluetooth or AirDrop nor share your device password with anyone other than your parent or guardian.
  6. Contests, Clubs or Challenges — Don’t enter any contest, challenges or clubs that are not associated to your school or community and even then, check with your parents or guardian when doing so. Most of these contests or clubs retrieve your personal information in pretext to malicious activities.

These are simple and easy steps to follow to ensure that your children are protected online. Encourage your kids to be cyber security champions and ask them to share these best practices to their immediate friends and classmates to gain confidence. You have an important role in protecting the internet. Play your part !!!

7 signs your digital transformation strategy is shortsighted and will be short-lived

7 signs your digital transformation strategy is shortsighted and will be short-lived

There are memes going around various social networking sites on who led digital transformation in your company. But what is the essence of this meme?

Digital Transformation is not the sudden digitization of your business, butrather as a holistic strategy to reform your company’s traditional processes and to streamline existing experiences for both your employees and your customers, with a focus on reinventing, rather than refining your existing services. It is a long term strategy that can be likened to a marathon, and not a sprint. The goal of digital transformation is to increase revenue, provide better customer experience, and to minimize wastage through any procedural inefficiencies that may exist within the organization while ensuring security and governance. However, due to Covid-19 situation, many organizations have rushed into business continuity management to keep their business running. Companies that never offered work from home or remote working, are now taking pride in offering work from home for all their employees. Companies that thought cloud was a security nightmare are now rushing to adopt cloud platforms. And companies who thought that client interaction can only happen in person are now finding innovative ways to connect with their customers remotely to comply with social distancing.

But have these organizations done thorough planning before adopting these digital workplace platforms? And do they align with their long term IT Strategy in helping their business go digital during and post Covid19?

A short-sighted digital transformation strategy is like a pain killer that can address your immediate problem but will not resolve the core underlying problem. This reminds me of a situation where I used to pop a painkiller every-time I had a migraine which in turn made caused more acidity which actually was a trigger to my migraine. The moment I started working towards fixing my acidity problem which actually took time as well as changing some of my habits, my migraine problem fixed eventually.

In the case of many organizations, shortsighted digital transformation strategy can cause major issues that can have a significant impact on your organization culture, decreased adoption programs, the increased total cost of ownership.

The following are the 7 signs that you need to pay attention to ensure that your Digital Transformation strategy is not shortsighted

  1. You are using time-bound platforms without post Covid19 conversion strategy — Email and Collaboration Tools like Microsoft Teams and Google Hangout Meet have offered six-month free usage of their remote working and collaboration platform. While these platforms are robust and enterprise-grade, what is their roadmap after the trial period completes? Has your organization budgeted the total cost of ownership once the trial period expires? Or what is the impact of downgrading the functionality to their most basic version? Are you prepared for functionality loss? Data Loss?
  2. You have offered BYOD (Bring Your Own Device) without having a Device Management Tool in place — Many organizations have offered employees, contractors, and partners to use their own device to access enterprise data. This is a great decision given the challenges in providing corporate devices to your users. But is there a device management mechanism in place to ensure that the devices are compliant and follow guidelines to ensure that your data is safe during transit or at rest? Do you have a mechanism in place which prevents any malicious attempt for data loss by the user knowingly or unknowingly by copying data in a flash drive or personal cloud storage devices?
  3. Shadow IT is prevalent in your organization — Shadow IT refers to the usage of applications and infrastructure without the knowledge of your enterprise IT department. IT can include hardware, software, cloud applications, or web services / API that employees turn to without IT authorization to accomplish their tasks or projects. Your employees may choose to use a variety of cloud platforms like Dropbox, Box, OneDrive, Google Drive for data storage, or your sales team my try or buy CRM applications without the knowledge of corporate IT, or build an application on various Low-Code/No-Code application building platforms like Power Apps or App Sheet that may be part of your Office 365 or G Suite tenant. Or buy one of the many Low-Code/No-Code applications in the market using their personal or corporate credit card against a reimbursement.
  4. You have a tech and talent mismatch and end up engaging OEM vendor for help all the time — Many tech vendors provide you with a complimentary trial during Covid19 that lasts for months, but does your organization have skills to support it? Is there an SOP made available for your IT Helpdesk to resolve basic queries about the platform? Do you have a specialist available in case of critical issues? In the absence of skilled resources or a managed services provider with predefined SLA, tech support from OEMs can do as much around their product but cannot help you fix your processes or adoption. It is imperative that your organization understands the skill gap across all levels and establishes a clear strategy to migrate this risk by employing the right resources or engaging with a cost-effective managed services provider to provide both proactive and reactive support.
  5. You have many initiatives going on in your IT Portfolio and most of them are at evaluation or experimentation stage by the same team— Your organization may be in the middle of migrating critical workloads on cloud or making available collaboration tools to your users, while at the same time the same team or leadership is busy with other initiatives like Bot, Blockchain, Machine Learning, IoT without a clear strategy or charter. Covid19 has triggered many initiatives to align enterprise strategy with remote working and IT departments are overwhelmed with several initiatives around cost savings, security, compliance, and collaboration. While running these initiatives in parallel may not be an issue, having the same team running these in parallel may be alarming.
  6. You don’t have a PMO (Program Management Office) — There is a misconception that a PMO is required for large enterprises. A PMO is beneficial to any business that would like to measure the effectiveness of their projects and gain insight on critical metrics that impact their organization directly. A PMO is a lense to an executive body to summarize performance on the projects, establish policies, processes & guidelines and bring down silos that may result in duplicate initiatives or lack of communication. Depending upon your organization size, a PMO with a small team can bring order to chaos and improve visibility to all stakeholders involved. PMOs can ensure seamless connection and communication between operational teams like Finance, Procurement, Human Resources with Delivery & Leadership teams.
  7. You don’t have an Enterprise Architecture Office — As the organizations grow and business processes evolve, their IT landscape tends to become more complex. There are always buy vs build decisions and cost may not be the only metric in picking the right approach. A suboptimal application or platform can result in an architectural debt, a situation where a system or group of systems don’t perform the way they were intended due to a root cause that can be expensive to resolve and thus causes many inexpensive short terms fixes that may involve adopting processes and workarounds for the systems to work as intended. An Enterprise Architecture team can range from a governance body to an active team in defining IT strategy, building to-be landscapes, ensuring business alignment and taking part in demand management, this all depends on the organization needs, what issues it is facing and what the Enterprise Architecture Office role is defined to be.

Organizations often term some digital transformation initiatives as failures, while others are put on indefinite hold. But in any case, they end up being ghosts from the digital past that may haunt many new initiatives going forward. If your organization sees any of the 7 signs above, it is imperative to analyze the risk and impact of your current situation and design a risk management plan. As a Digital Transformation Consultant, I can help you with your Digital Maturity Assessment, calculate Total Cost of Ownership, and provide a roadmap and a plan.

Stay Safe !!!