Konstantin Yuganov - Fotolia
The pandemic witnessed a growing number of incidents of cyber bullying and online grooming. Pupils are taught online safety as part of their ICT curriculum. However, many have unregulated access to the internet via their smartphones.
My 13-year-old is the only pupil in their year who does not own a smartphone. Children in primary schools have them too: I know of several primary school children with their own social media accounts.
According to Ofcom’s Children and parents: media use and attitudes report 2020/21, the older a child is, the more likely it is that they will own a mobile phone, including 93% of 12 to 15-year-olds.
The proliferation of smartphones among schoolchildren is driven by a number of factors. Rapid development within the smartphone sector means that most people own a smartphone for no more than three years before replacing it with a new one provided as part of their contract. This results in people keeping their old smartphone as a backup, as well as a flourishing second-hand market.
This has led to children being given older, but fully functional, smartphones. However, these phones may have security vulnerabilities because of their age; they may no longer receive updates, or the latest security apps may be incompatible.
Peer pressure is a major factor in encouraging children to ask for smartphones. If all of a child’s friends have a smartphone, then they will naturally want one too. Parents want their child to be happy and included, so it is understandable why many relent, especially if they have a spare. Some teachers expect pupils to use smartphones for educational apps, even if this does not align with school policy.
“We always want the best for our children,” says Paul Watts, distinguished analyst at the Information Security Forum. “We don’t want them to be ostracised, but equally we know that in cyber space, there be dragons – trolls and bullies, fraudsters, online predators and child traffickers. For the most part, children lack the situational awareness skills to know when they are at risk online. In short, they are not adequately cyber streetwise.”
The problem with children having unregulated access to the internet is that it can lead to exposure to violent or sexually explicit content. Also, it increases the risk of cyber bullying, online grooming and radicalisation.
“With the number of apps that the kids use, a lot of them are speaking to people from around the world without knowing who they are,” says Justina Meares, a child and adolescent counsellor for Family Welfare. “Grooming is easier and bullies have direct access to the kids they want to pick on. Some of the content children can also access is not age appropriate.”
Paul Watts, Information Security Forum
There has been an increasing number of online incidents involving children. According to Ofcom’s Online Nation 2021 report, more than half of children said they had encountered a negative experience online. The most common negative experience reported was “Being contacted online by someone you don’t know who wants to be your friend” and 35% had viewed something troubling or sexual. Although nearly three-quarters of 12 to 15-year-olds were aware of reporting mechanisms, far fewer ever used them.
This problem has been compounded by there being few child-specific devices. There are some, such as the Fire HD 8 Kids tablet, but there are no smartphones designed specifically with children in mind, with embedded safety tools. “You should be able to buy a device that is age appropriate for the child,” says Colin Tankard, managing director of Digital Pathways. “I do think there is a way of having technology that is appropriate for the age of the child.”
Educating children and parents
Children are educated about online safety as part of their information and communication technologies (ICT) lessons, which focus on the technology aspects. The cultural aspects are addressed in citizenship lessons, but it can be difficult for children to combine these two elements. Critical thinking, such as “Is this friend request genuine?”, is incorporated into online safety education, but this can be difficult for many children because of their limited experience.
The open nature of the internet is both a strength and a weakness – children may blindly accept everything they read online. There needs to be an understanding that information should be corroborated from multiple sources, and suspicious or unsolicited emails treated with caution. “Children need to be taught that the internet is not always an authoritative source of information,” says Watts. “It is important that they learn how to cross-reference and correlate online information sources, otherwise they become susceptible to misinformation and misdirection.”
Although children are educated in online safety, resources for educating parents are limited. Some schools have organised online safety presentations for parents, but these are few and far between. It is generally up to the parents to educate themselves about online safety, says Watts.
“You need to take the ‘stranger danger’ analogies of the past and translate them digitally to enable children to become situationally aware in cyber space,” he says. “Schools are doing a lot in this space, but I don’t think they are going to reach the level that they need to if parents are unable or unwilling to do the same in a home setting.”
The arms race between hackers and security researchers means that the security sector is highly technical. As such, there is a risk that parents could be deterred from learning about online safety if they feel they would never understand it. “I don’t think we make our field as accessible as it could be,” concedes Watts. “There are some great initiatives, like GetSafeOnline and Safer Internet Day, but I think there is more to do to make the information accessible, understandable and actionable to both children and parents.”
Impact on modern enterprise
Home security can be an important part of an organisation’s network security. Because hackers often take the path of least resistance, they will exploit weaknesses in home networks to use legitimate connections into the corporate network and bypass defences.
Although steps can be taken to mitigate such insider threats, such as by banning personal devices, this only addresses a symptom of the issue. To get to the root of the problem, organisations can evolve their approach to cyber security.
Colin Tankard, Digital Pathways
Rather than presenting security best practices as corporate policy, organisations could use this as an opportunity to demonstrate corporate social responsibility, by educating their employees in security good practices. This will not only encourage staff to be secure at work, but will also promote security of their home networks, thereby mitigating risks emerging from this vector.
“It disarms staff when you move away from preaching to them to it being a nurturing and supportive conversation,” says Watts. “You are supporting not only your staff in staying safe, but empowering them with the ability to support their children. This is something that we need to do more of because we are empowering them to protect their organisations, but they can then take that home and help to support their children and build those conversations up.”
Extending this corporate social responsibility further, organisations could offer webinars and discounted deals on security applications, which employees and their families could use to secure personal devices and home networks.
Regulating the internet
Online-monitoring family apps, such as Google Family Link, allow parents to monitor their children’s smartphone activity, set screen times and manage which apps can be accessed. But parents will need to set up this filtering of unsuitable content through their internet service provider. For example, the BT Parental Controls filter can be activated using the My BT app and will filter the content of all connected devices. However, this makes no distinction between parents’ and children’s devices.
There have been several attempts to legislate age verification online. There was the Digital Economy Act 2017, which included requirements for age verification technology, but was later quietly dropped – although it has now resurfaced in the Draft Online Safety Bill. The Draft Online Safety Bill seeks to protect children’s online experience by making the online platforms responsible for all content that is published on their platform, whereas previously the user was responsible.
Hannah Ruschen, NSPCC
“The responsibility for online safety isn’t just for parents alone and regulation is now certain,” says Hannah Ruschen, child safety online policy officer at the NSPCC. “However, the Online Safety Bill needs strengthening significantly if it is to effectively compel tech firms to make their platforms safe by design and put systemic protections in place for children.”
Concerns are also being raised about the ambiguous definition of “legal but harmful content” in the Online Safely Bill. “There should be more controls, and it should be pretty obvious to stop child abuse sites,” says Tankard. “There should be more ways of the internet being controlled, but I question whether it should be super regulated?”
Tech solutions not enough
The proliferation of smartphones among children is here to stay, resulting from rapid development and saturation within the smartphone market. This has exacerbated children’s online activities, often without the necessary parental limits.
Although technological and legislative measures can be put in place to mitigate some of the harm that can come from this, it is a cultural problem and should be addressed as such. Parents need to be educated in online safety, just as much as their children, in order to discuss appropriate smartphone use and being safe online.
Employers can encourage these conversations by expanding their internal security polices to incorporate educating staff through webinars on home security, as well as offering discount deals on technological solutions. Not only will this help their employees’ children be safer online, but it will also improve morale, reduce employee stress, improve security against insider threats and develop a community-focused reputation for the organisation.