To Deter Cyberbullying, Make Sure You Talk to Your Kids

Parents need to keep the lines of communication open

By Marco Martinez
Editor, MindEdge Learning
The rise in social media and the growth of faster, newer breeds of smartphones and other electronic gadgets have been beneficial in many social and educational ways. But these devices have also become conduits for online bullying. The eagerness of kids and teens to immerse themselves in virtual worlds, and to stay current with their peers online, can also expose vulnerable youngsters to cyberbullies.

Cyberbullying, also called “electronic aggression,” is the use of technology to harass or bully someone through electronic means. The term also applies to those who use another’s identity (or a fake identity) to harass others online.
The US Department of Education’s Office of Safe Schools defines bullying as “unwanted, aggressive behavior among school aged children that involves a real or perceived power imbalance.” A power imbalance can involve physical strength, but it can also involve a threat to reveal embarrassing information about the victim, or the use of the bully’s popularity to control victims. These imbalances can change over time and in different situations.
In a recent study of students between the ages of 10 and 18, 28 percent reported being bullied online. And while traditional or “offline” bullying remains more prevalent, cyberbullying has been increasing in recent years. This trend will likely continue as more and more youngsters acquire smartphones, video game consoles, and other devices that connect to the Internet.
Forms of cyberbullying can include spreading rumors and other false information about a victim; threatening violence; and purposely excluding someone from participating in a group. A bully may use pictures, comments, video games, audio, video, texts, instant messaging, and email to harass others. In addition, bullying may be directed toward minority groups based on race, gender or gender expression, sexual orientation, appearance or body size, disabilities, and religion. In many cases, bullies do not even know their victims.
The anonymity of being online can embolden a bully to harass others—a phenomenon called “deindividuation,” which can become more pronounced when the attacker is in the company of other like-minded cyberbullies. Deindividuation occurs when bullies engages in impulsive, harmful, or violent activities because they don’t think they will be caught or identified.
According to the Anti Defamation League, the effects of cyberbullying can be immediate. Adults should be aware of some of the signs that children and teens may exhibit:

  • Loss of interest in a particular class or in school in general
  • Withdrawal from family, friends, and activities that were once enjoyable
  • A decline in grades
  • Complaints of illness, headaches, and other ailments
  • Signs of depression, anxiety, or sadness

Other effects of bullying can include social and emotional distress; increased risk of developing mental health issues; increased risk of substance abuse; and panic disorders. The effects of cyberbullying can be severe, and in extreme cases been known to result in death.
It is important that parents and adults know how to identify the symptoms of bullying, because most teens will become more reluctant to tell anyone as they get older. Kids and teens may feel that adults will make the situation worse, or will not help at all, if they report being bullied; they may also fear that the bully (or bullies) will retaliate. Youngsters may also be fearful of being labeled a “snitch” or a “tattletale.”
In Massachusetts, the 2010 suicide of Phoebe Prince led to the criminal prosecution of six teenagers who had bullied the teen relentlessly, and to the passage of a tough new cyberbullying law. But the Phoebe Prince story illustrates how slow many states and local jurisdictions have been in addressing online bullying and harassment. Legislators and educators are more aware of the problem than ever, yet programs for identifying and preventing cyberbullying have not been rolled out extensively and studied for efficacy.
Some important facts about cyberbullying:

  • There are no physical boundaries to cyberbullying
  • It can occur any time of the day, continuously from many anonymous sources, using a variety of media
  • Evidence-based programs to address cyberbullying behavior—including the effect on victims and strategies for effective intervention and prevention—are still in their infancy

Further studies of evidence-based prevention programs are needed, especially as other forms of cyber-harassment are becoming more prevalent. For example, more kids and teens may become the victims of cyberstalking and sextortion, two types of online harassment that are also underreported. These trends can be addressed and reduced through increased education and communication between children, teens, their caregivers, and educators.
Prevention
What are some ways to prevent cyberbullying? The following tips are targeted toward families and can be accessed in more detail at the website of the Anti-Defamation League (ADL).

  • Show genuine desire in opening up dialogue with your kids and teens regarding their online activities and their lives in general
  • Observe your child or teen’s behavior in different settings to see if they show any warning signs
  • Promote positive social experiences
  • Discuss bullying and its effects
  • Be a role model to your child
  • Get involved with your child’s school to promote positive social behavior


Intervention
What are some ways to intervene if you suspect your child or teen is being cyberbullied? Again, these tips can be accessed in more detail at the ADL’s website:

  • Offer support
  • Gather information about bullying incidents without being judgmental
  • Meet with school authorities and be assertive and persistent
  • Contact law enforcement if the cyberbullying involves possible crimes
  • Encourage participation in activities that build confidence
  • Report serious incidents to Internet- and phone-service providers, as well as the websites where cyberbullying has occurred

To intervene effectively, parents and caretakers need to supervise their children and teens both online and offline, and become more engaged in talking about cyberbullying. Peer-led groups can also provide sanctuary for affected individuals, while outreach programs can be developed for the most vulnerable groups .
Students, parents, and educators can also take the following steps to help curb cyberbullying:

  • Further train young people in what constitutes acceptable online behavior, from elementary school onward—the earlier the better
  • Enable anonymous reporting via the same channels/technologies/media that are used to report crimes
  • Use of these channels/tech/media to provide awareness programs
  • Monitor children’s online activity, but do not take away devices or access to online resources—because this can further isolate the victim

For relevant statistics and information on cyberbullying intervention and prevention, please visit these sources:
The Anti-Defamation League: www.adl.org
The Cyberbullying Research Center: cyberbullying.org
International Bullying Prevention Association: ibpaworld.org
For a complete listing of MindEdge’s course offerings on cyber security and CISSP®, click here.


Copyright © 2018 MindEdge, Inc.

Six Things Every Parent Should Know in the Digital Age

Mom and Dad need to set the example


By Joe Peters
Editor, MindEdge Learning
Occasionally, friends will ask me a question like, “What’s the safest computer to get for my kids?” or “What software will keep them safe?” To me, these questions are like asking, “What kind of tires should I buy to make sure I never get into an accident?” Sure, some tools might be more secure than others, but ultimately what really matters is not what you buy—it is how you use what you have.
That’s why I emphasize to parents that they must set the example. Safe, responsible use of the Internet should be like looking twice before crossing the road or brushing your teeth: a good habit developed at a young age, learned from our parents and enforced by them.
social media apps on a smartphone
You can’t manage it if you don’t know it’s there
Whether you are managing a small family or a multinational conglomerate, the first step to getting a handle on technology is to know what you have. Whether you do that on a spreadsheet or on a piece of a poster board taped to the inside door of a closet, you need to sit down as a family and list every network-capable device you have. If that is too daunting a task, then start getting rid of devices until it isn’t. While you’re at it, make another list of all your online accounts. Your kids should have separate accounts from you. Plan ahead so that you are not sharing an account or creating one carelessly on Christmas morning. Once a month (or so), as a family, make sure all your devices are updated and change your passwords.
Probably the most valuable part of this exercise is that it requires you to talk regularly to your kids about technology. Remember to communicate, not dictate. Your kids will tell you more about the latest trends and apps than any parenting website.
Passwords are still a problem
As you have heard plenty of times, you should have different passwords for every service, and those passwords should be complex. But the task of formulating all those passwords doesn’t need to be overwhelming. For example: make a good base password out of a phrase, not just a word. Try to make it at least 12 characters, including some numbers and special characters. Then for each service, insert the initials of that service into the base. It’s a simple variation, but it will be enough to ensure that even if one of your accounts gets compromised, the others won’t instantly be vulnerable. Kids, by the way, tend to be very good at this exercise, as it indulges their creativity and imagination. Let them run with it.
Social skills should come before social media
Determining the right age for your children to jump into the digital world should be dictated by their ability to negotiate real-world situations properly—not by how adept they are with an iPhone or XBox.
The nature of social media allows kids to choose the people with whom they will associate; most often, those will be people who share their interests, beliefs, and prejudices. Ironically, this fact of online life is more likely to encourage anti-social behavior than genuine human interaction. Think about it: the ability to initiate a conversation, engage others, listen, and speak persuasively but cordially are important human skills. But when kids surround themselves with “like”-minded individuals, they don’t have to develop those skills.
What can you do? Limit screen time. Keep all devices in a central area—never in your kids’ bedrooms. When friends come over, put the cellphones in a bowl at the door. The more you can get kids engaging in genuine social behavior, even if it is just with you, the more they will carry these skills over to their digital lives. Remember, you need to set the example.
It’s not all fun and games
When I was a kid, the most violent video game might involve firing a blip at a pixelated alien invading from space. Today, there is a near-realism to gaming violence. What’s absent, of course, is the real-world consequence of what it means to fire a gun, punch someone, jump from three stories up, or do any of the other things that gamers do dozens of times a minute. While that sparks concern in and of itself, the derivative aspect of such gaming is that kids can begin to treat all online activity as though it is a game. When they respond to some post, for example, they don’t see a human being, just an avatar, another “player” in the social media “game.”
Before you allow your child to play a video game, try it yourself to see if it is appropriate. Learn the video game rating system and follow it. Understand that so-called “teen” games are played by many adults, who can interact with your kids through in-game chats. And many of these games have very adult themes.
You’re not as anonymous, or as temporary, as you think
Services like Snapchat promote their temporary nature: anything posted will disappear in 10 seconds. While 10 seconds is plenty of time for a lot of bad things to happen (such as someone making a screen grab), there’s a larger question that every rational parent needs to ask: What positive impulse, if any, does such a service indulge?
The truth is, there is no guarantee of anonymity on the Internet. Protecting your privacy requires real effort. For instance: just as you use different passwords for different services, you should also use different screen names and, if possible, different email addresses. Never incorporate identifying data, even a ZIP code, into a screen name, and learn how to disable location services tagging. Be especially cautious about geo-tagging any images, because that will automatically incorporate your location into image information.
All that said, you are only as private as your most gossipy friend. Even if you and your child exercise proper restraint, it only takes one “friend” to make a questionable post that undermines your privacy. Kids should understand that colleges and employers often look at social media profiles in making their acceptance and hiring determinations.
There is no app for logic
This may be a blog post about the Internet, but if you want to negotiate the hazards of the misinformation superhighway, it doesn’t hurt to turn the clock back to the days of Aristotle and the study of logic. The ability to distinguish a substantive comment from a spurious one is a timeless skill.
You don’t need to be a philosophy Ph.D. to help your kids in this area. Googling “logical fallacies” can get the ball rolling. After a particular dinner conversation a year or so ago, I purchased a poster depicting the various logical fallacies, and hung it in our kitchen. While my sense of interior decorating may be lacking, it has created a useful talking point in our home.
We’re approaching the second generation of the social-media age, where decisions regarding everything from news sources to afternoon activities can be crowdsourced. While resources such as Snopes and Yelp can be useful in determining what is fake news or where to get good ice cream, it’s not a bad idea to remind your kids that civilization figured out how to negotiate such conundrums long before there was an app for that. The subtle equating of popularity and quality is perhaps the slipperiest of the slopes social media has brought. The more we can equip our kids with the resources to think independently and critically, the more it will pay dividends in all areas of their lives.
Resources
Nearly any time I talk to parents about the challenges kids face on the Internet, I point them to the story of Ryan Patrick Halligan (www.RyanPatrickHalligan.org). While Ryan’s story is a bit dated today (15 years old, to be precise), it remains a sobering tale of how the virtual world can become the real world for kids.
Safe and Secure Online (www.safeandsecureonline.org) and ConnectSafely.org (www.connectsafely.org) are two great resources with loads of advice on how to speak to your kids about Internet use.
If you’re looking for trustworthy information about malware, two reliable sources are Virus Total (www.virustotal.com) and Bleeping Computer (www.bleepingcomputer.com).
For a complete listing of MindEdge’s course offerings on cyber security and CISSP®, click here.


Copyright © 2018 MindEdge, Inc.

Beware the Cryptojacker!

Hackers may be using your network to mine for digital gold

By Marco Martinez
Editor, MindEdge Learning
News headlines constantly remind us of the volume of cyberattacks targeting major retailers, banks, hospitals, and individuals like you and me. Some of these attacks involve a high level of complexity, but until recently most have been fairly basic—recycled from older malware and repurposed by attackers for different goals. That’s all starting to change now.
You may have heard of ransomware, a type of malware that has ensnared victims worldwide and cost them billions of dollars. You may have also noticed the hype surrounding cryptocurrencies; countless people have bought into the craze, speculating that the values of these digital currencies will rise quickly and make them rich. Well, if you combine the idea of ransomware – and related forms of malware – with the idea of cryptocurrency, you get a whole new and sophisticated type of cyberattack: cryptojacking.
graphic showing cyprojacking concept
Cryptojacking is an attack that combines the malware used for mining cryptocurrencies with malware that allows those mining activities to run undetected. This type of attack allows a hacker to hijack the processing power of a target system (or a collection of systems) in order to mine cryptocurrencies.
Wait up – just what is cryptomining? In short, it’s the process of identifying and verifying transactions involving cryptocurrencies, such as bitcoin; miners use powerful computers and software to track these transactions, and in return are paid fees in newly minted cryptocurrency. The process can be lucrative, but it requires a lot of computer power and related resources. And that’s why some unscrupulous miners have resorted to cryptojacking.
The allure of cryptomining stems from the exponential rise in value that many cryptocurrencies have experienced, making some cryptominers quite rich in a very short period of time. This digital gold rush has led to a virtual stampede—including both legitimate miners and criminal organizations—into the cryptomining arena. At the same time, the success of ransomware and the rise in cryptocurrency values has led to the rapid spread of cryptomining malware, much of it adapted from earlier forms of ransomware, across the globe.
Cryptojacking attacks can be initiated in a variety of ways; one common method is through phishing, where a victim is tricked into clicking on a link in an email. Once the link is clicked, the victim unwittingly loads the cryptomining malware code onto his or her browser. In-browser cryptojacking is growing quickly, increasing by 31 percent in 2017. In addition, many ransomware programs have been re-tooled to work in cryptomining schemes.
In addition to in-browser attacks, an attacker can inject code directly into an online ad that is shown on many websites, or into a single website. Attackers may simultaneously use the in-browser, online-ad, and website techniques to maximize mining effectiveness.
Victims of cryptojacking will often notice only a slight degradation in processing power—but organizations can wind up spending significant resources tracking down the reason for their systems’ sluggish performance. These organizations may even end up replacing parts that they think might be broken, not realizing that they are infected.
Cryptomining malware has targeted a variety of different operating systems and cryptocurrencies, using multiple infection techniques and revealing a versatility not typical for a new type of malware attack. And, unlike traditional ransomware, cryptojacking will continually bring in money to an attacker, with relatively low risk. By contrast, ransomware is usually a “one and done,” short-term transaction, where the attacker has to keep moving on to a smaller and smaller pool of new victims.
Given the rapid successes attributed to cryptojacking, and its ability to provide long-term profits for hackers, experts theorize that it will be around for a while. And cryptojackers have plenty of ways to make sure they stay in business.
An attack can be difficult to detect or trace, as the online-ad and website injection techniques do not require the infected script to be stored on a victim’s system. Cryptojackers also like to make their scripts as stealthy as possible, providing the ability to evade antimalware scans. Mining scripts can also re-infect a system and linger for long periods of time. Programs may wait to mine during off-hours, or use just a small fraction of CPU power, so that no alarms are raised. And they can maintain these activities for months, or years, leading to higher electric bills and higher costs to replace equipment that overheats or breaks down from excessive use.
Organizations can use a variety of tools to detect whether IT systems have been infected with cryptojacking malware. Coinhive is the most widely used cryptomining program, with CoinImp, deepMiner, and Crypto-Loot following close behind. Each of these programs has a distinct signature that can be detected and blocked. When in doubt, ask an expert familiar with cryptojacking to find and remove the malware; don’t try to do it yourself, as some mining software will crash a victim’s computer when it detects that the user is trying to remove it.
There are many other mining-program variants that have been appearing on a near-daily basis, so security managers need to be vigilant to protect their networks against infection. Resources such as CoinBlockerLists, maintained by ZeroDot1, contain updated lists of domains that are linked to cryptojacking programs. These domains can be added to a blacklist and denied the ability to access a network.
Network monitoring tools are also effective in detecting cryptojacking malware. Finally, dedicated anti-mining extensions can be installed on browsers and ad-blocking software can effectively block mining programs. These tools should be used in conjunction with the other methods we’ve already discussed.
For a complete listing of MindEdge’s course offerings on cyber security and CISSP®, click here.


Copyright © 2018 MindEdge, Inc.

Think Twice About Allowing Your Refrigerator Online


The Internet of Things (IoT) is a most wondrous neighborhood of cyberspace: a place where televisions, refrigerators, watches, and even children’s diapers can all connect to the Internet. (Editor’s note: If you honestly believe it’s a good idea to connect your kid’s diapers to the Internet, you may want to rethink this whole parenting thing.) The IoT is the place where high-tech chic meets consumer convenience—and hey, what could possibly go wrong? Well, for starters, the IoT is pretty much crawling with hackers and bots, and security is just a rumor, largely unconfirmed. This MindEdge video may make you wonder why you ever wanted to talk to Alexa in the first place.
For a complete listing of MindEdge’s course offerings on cyber security and CISSP®, click here.


Copyright © 2018 MindEdge, Inc.

How to Avoid a Pass(word) Fail


Most people know enough not to hand a stranger the key to their house. But a lot of folks don’t take the time or effort to protect their computer passwords—an omission that carries potentially dire consequences. This week’s MindEdge Learning video offers practical tips for constructing a sturdier password, and preventing it from falling into the wrong hands.
For a complete listing of MindEdge’s cybersecurity course offerings, click here.


Copyright © 2018 MindEdge, Inc.

Gone Phishing? Don’t Take the Bait


As phishing and other cyber-attacks grow increasingly more sophisticated, it’s important to know how to guard against online scam artists. MindEdge’s cybersecurity team has put together a video to help you identify phishing emails and avoid getting taken to the cyber-cleaners. Rule number one: "Always initiate the transaction—never respond!"
For a complete listing of MindEdge’s cybersecurity course offerings, click here.


Copyright © 2018 MindEdge, Inc.

New Data: Recent College Grads Blame Facebook for Massive Data Breach

By Frank Connolly
Director of Communications and Research, MindEdge Learning
In the wake of a data breach that exposed the personal information of up to 87 million Facebook users, public opinion appears to be turning against the social media giant. MindEdge Learning’s recent national survey of college students and recent graduates found that a clear majority (54 percent) blame Facebook—rather than Cambridge Analytica and other firms that allegedly misused the data—for the security failure.
MindEdge’s second annual State of Critical Thinking Survey probed the attitudes of 1002 young people, aged 18 to 30, on a wide range of education-related issues. It was conducted in early April, with all but 17 interviews completed before Facebook CEO Mark Zuckerberg’s highly publicized Congressional testimony.
While most of the questionnaire probed attitudes relating to critical thinking, fake news, and work preparedness, the survey included one question that addressed the data-breach issue:
There has been a lot of discussion lately about the alleged misuse of personal data from millions of online Facebook accounts. From what you’ve heard or read, which of the following do you feel is MOST to blame for this problem:

  • 54 percent say “Facebook, for not protecting the personal information in the first place.”
  • 29 percent say “the analytics firms that allegedly misused the personal information.”
  • Another 12 percent are not sure where to lay blame.
  • 4 percent volunteer some other response, including: No one; Users/consumers; Politicians; and Both Facebook and the analytics firms.

Infographic on misuse of personal data.
Respondents in the Northeast are most likely (61 percent) to blame Facebook, while those in the South are least likely (50 percent) to do so. But for the most part, responses to this question are quite consistent, with only minor variances by gender, age, and educational level.
What does all this mean for Facebook? The most popular social media network in the world is responsible for the personal data of about 1.8 billion active users. While the company has faced fierce criticism over its handling of privacy issues, it is too early to tell whether this issue will lead to a significant loss of business.
Still, there’s no question that Facebook is looking at a significant problem right now—both in terms of public opinion and the political climate in Washington. What’s not clear is whether those problems will persist in the long term. Will the #deleteFacebook movement really catch fire? Check back in a year.


Copyright © 2018 MindEdge, Inc.

The Most Common Cyberattacks – and How to Avoid Them

Hackers Take Aim at Human Weaknesses

By Marco Martinez
Editor, MindEdge Learning
Imagine you arrive at work one day to find everyone in the office standing around and chattering loudly, while row after row of computer screens flash a ransom message. Someone quickly approaches and breathlessly informs you: “We’ve been hacked!”
A graphic depicting a hacker on a laptop and other cybersecurity threats.
The in-house IT security expert explains over the din that what the company has just experienced is a denial-of-service attack—likely perpetrated by a hacker who got past the firewall using sophisticated hacking techniques. As the security expert talks, FBI agents and TV reporters start filing into the office. Over the dull roar, you can barely hear the IT guy explaining to the agents “…they stole every last bit of bytes from the company’s servers and hard drives!”
Or maybe not. While this scenario would make for a heart-pounding episode of “CyberCop,” cyberattacks are usually a lot quieter and less dramatic. Indeed, the majority of companies never even report cyberattacks, largely because of the negative publicity that would likely ensue.
All that being said, the main problem with this scenario is the nature of the attack itself. While a handful of hackers use sophisticated techniques, most do not need to. The reason is human nature: most people are easily duped, and they fall for the same tricks, again and again.
The most common, and usually most successful, cyberattacks are known as “social engineering attacks.” These attacks take advantage of human weakness to trick victims into giving out sensitive information, providing access to data, or allowing someone to enter a building without verifying his or her identity. Phishing scams and ransomware are types of social engineering attacks that can be highly successful, even when the threat of encrypting a victim’s data may actually just be a bluff.
What can a “regular person” do to thwart the most common cyber threats? For starters, it’s important to realize that hackers have basically two types of targets: easy ones, and just-slightly-harder ones. This means that the hackers who go after regular folks will most likely use techniques that are easy to deploy, unsophisticated, and inexpensive.
If the hacker has a lot of time and money— let’s say he’s a member of an organized crime syndicate or on the payroll of a foreign government— then he can resort to the more rare, time-consuming, expensive, and sophisticated attack methods. If you are not a bank or a voting machine, you probably don’t have to worry about this type of hacker.
Most of us need to worry about low-complexity cyberattacks, including ransomware, compromised credentials, extortion schemes, and exploit kits. The following list, adapted from the blog of Adam Meyer’s column in Security Week, tells how you can protect your company (and yourself) from these threats:

  1. Ransomware: This type of malware can be introduced using infected file attachments that can encrypt a target computer’s files, or even the entire hard drive. To prevent ransomware, you should scan email attachments, restrict administrator privileges, install patches and updates, and limit users’ ability to disable ”inconvenient” security features.
  2. Compromised credentials: Passwords can be stolen, or cracked easily, especially when they are reused. Using two-factor authentication, coupled with strong passphrase generation and management, will lower the risk. (Passphrases are more secure than passwords, so be sure to use them.) Automatic passphrase resets also help force users to change their passphrases regularly.
  3. Extortion: This occurs when an attacker steals information from an organization and threatens to expose it online unless he or she is paid. The attacker usually “exfiltrates” (that’s a 20-dollar word for “steals”) information by exploiting vulnerabilities in social media accounts and by using software “backdoors.” There are tools that examine data leaving a computer or server, and these tools can alert an administrator to unusual activity – but the best way to avoid extortion is to limit the amount of potentially embarrassing material stored on your system.
  4. Exploit kits: These are software programs designed to run on web servers, which then exploit vulnerabilities found on client machines. Anti-phishing software and patches that target common CVEs (common vulnerabilities and exposures) should be installed. Lists of CVEs are regularly updated, so organizations can add them to their exploit libraries in order to protect against them.

And don’t forget: Train your users in cybersecurity on a regular basis, using real-life scenarios and fresh, engaging content!
For a complete listing of MindEdge’s cybersecurity course offerings, click here.


Copyright © 2018 MindEdge, Inc.