Making internet safe for children and businesses

Digital technology has been described as the ‘hidden hero of this unprecedented global crisis’ as the world adapts to the ‘new normal’ due to the Covid-19 pandemic. Thanks to lockdown, most households became alternative remote workspaces, classes and play areas for children. But while this strengthened family bonds, it broke boundaries between work and private life, making them prone to cyber-attacks.

Data from Kaspersky, a cybersecurity firm, shows that Kenya accounted for 50 per cent of malware attacks in Africa in 2020, the highest compared to South Africa and Nigeria. This means Kenyans faced an estimated 14 million malware attacks and 41 million potentially unwanted programmes derived from pornware and adware.

Cyber criminals took advantage of adults’ and children’s anxieties and fears that affected their social, physical, emotional and intellectual well-being triggered by Covid-19. The social engineering scams or attacks may be designed to trigger a response by exploiting any naturally sensitive information such as current Covid-19.

The migration to digital space for learning, working and digital business exposed many, including children, to the underworld of social media platforms from popular applications such as Tik Tok, Netflix, Roblox, Instagram and FacebooK. Media became awash with teenage house-party gatherings, missing children, drugs and sexual abuse, connoting negative societal environment.

Cyber bullies used fake identities to lure children and adolescents to drugs and sexual abuse under the roof of their parents and caregivers. Bullying through comments and insults lifts the lid of intimidation, harassment and sexual exploitation.

Individuals and organisations also fell victim of theft of personal information, financial data and exposure of sensitive information, making them easy targets to phishing and malware attacks. Online users are tricked into revealing sensitive information. In April last year, tech giant Google reported blocking an estimated 18 million coronavirus scam emails daily to prevent malicious phishing attacks.

Promoting digital hygiene is a collaborative effort for individuals, organisations and digital companies to take into account post-Covid era. Think before clicking any suspicious advertisements, emails, attachments or unknown online users trying to reach out. “Free is a great price, and anything above free creates a lot of friction.” While a parent can install parental control products to keep tabs on and limit child’s online exposure to inappropriate content, there are also built-in controls on most computers that parents can easily employ with just a few clicks.

Similarly, updating network security through robust controls over configurations at both ends of the remote connection should be implemented to prevent potential malicious use. For example, employees should not have administration rights on firm-owned notebooks and, security hardened configurations. Up-to-date endpoint security solutions and connection security parameters should be set according to good practices by being locked, and the corporate remote access infrastructure should be tightly controlled.

Cloud technologies are increasingly being implemented and used to quickly deal with higher capacity needs using cloud-based software, such as Microsoft 365, that has been developed with security at the forefront. Enabling multifactor authentication is also vital. This may be in the form of the traditional passwords together with use of one-time passwords shared through mobile phones. Remote access services and user profiles should be only activated when required. Where no business need exists, remote access should be disabled, to reduce the attack surface.

Teleconferences should be run on vetted platforms and protected from unauthorised access to prevent ‘Zoombombing’ and other video vulnerabilities. Carrying out a vulnerability assessment before large scale deployment is crucial for proper information security. For example, use PINs and reconcile actual participants with the corresponding invite.

In addition, government, cyber experts, educators and protection authorities should collaborate in adopting innovative technologies, such as Primero X App, an online and offline application launched recently by UNICEF and Microsoft UNICEF to protect unaccompanied and separated children from gender-based violence and offer psychosocial support.

Dissemination of online safety materials through cyber-security sensitisation programmes should also be incorporated in schools’ curricula and the media to promote good practices of internet use. This will be a continuous capacity building process for the already tech-savvy children to be aware of what to click or not, especially the free pop-ups. The free tools and services online may be riddled with inappropriate advertising and user tracking, insufficient privacy controls and even malware.

The future is digital. It is, therefore, essential to educate and empower users, especially children, on the safe and responsible use of online resources and platforms in a bid to establish a culture of cyber-safety.

Mr Omolo is the Head of Technical Services at SGA Security