The Interview SeriesJul 07, 2020

Cyber-security for Families: Advice from an Ethical Hacker

When Chelsea B. was a senior in high school, some of her friends and family had already been victims of cyber-crime. She resolved to never have a computer in her home—until her business professor convinced her that technology was going to be the future of the world.

So, she changed tactics and instead learned everything she could about computer networking and security—and today, she offers penetration testing and security services to families and businesses. We sat down with the founder of Digital Mom Talk to learn more about how parents can help protect their children online.

Tell us a bit about Digital Mom Talk and your work as a security analyst and ethical hacker.

I started Digital Mom Talk as a way to educate parents on how to secure their homes. When I got started, one of the first things that I was asked was, “Can you protect my kids?” And the first company I worked with was into that, so I started several different blogs over the years and they morphed into Digital Mom Talk. I translate tech jargon.

As a security analyst, I look at things and my first thought is, “How can I break into this system?” I analyze for security vulnerabilities. For example, at a school, I look at things like whether they are checking for ID at the front desk or if they have a personal relationship with the moms that are walking in. Are they securing their file cabinets? Do they have a smart TV system? Do the students have access to it? Are the students scanning for proxy servers? How can I bypass the network? I’m analyzing almost like a spy, but mostly with digital things.

An Ethical Hacker has a contract with a company, and we’ll break into their security settings and through the scope of a project see what their vulnerabilities are. Then we report it back so the company can fix it. I do that both for businesses and homes. It looks very different every day because from start to finish, a project can take anywhere from a couple of hours to secure a family router or a month to check a company website and make sure their customer data is secure.

What’s the biggest change that you’ve seen in data management and privacy since you first started working in the industry?

People are shifting to this awareness, realizing that we have this 1984 reality going on where we’re not necessarily controlled by a government, but we are controlled by these corporations and what they do. I take a lot of cyber-stalking cases for parents because I work with a couple of organizations that help with that, and even sitting down with those parents and showing them what I can do on a Google search—and they look at me and realize anyone can do that.

People are starting to focus on their privacy and trying to understand why a data breach is a big deal. And, when you have a school district that’s breached where they’re just dumping names and email addresses, people are starting to understand why that’s actually enough to go in and steal a child’s identity. I don’t do that because it’s against the law—but I know that I can potentially do that because I have that knowledge and I know that it’s not that hard to do.

What are the biggest cyber-security concerns you think parents should be aware of today?

Parents think they need to control their children, and that’s actually a misconception. We have this myth because security tools were not designed to be parental controls. They were advanced security settings and some marketer came in and said, “We’re going to make these parental controls.”

So, for parents, I tell them you need to shift from controlling your child to focus on controlling the device. Because if you try to control your child through the device, you’re going to end up with the “tech battle,” which is where you lay down the law, set some rules, give them the device—and they’re eventually going to screw up. And when they do, your response is naturally to take away the device. That’s sometimes needed, but then after a while parents give the device back without teaching proper use. And then the cycle repeats, and you’re going to be in this constant battle.

The Tech Battle

How should parents approach tech instead?

I’ve created a Family Tech Guide to help parents declare a “tech truce.” You need to tell your kids, “These are called parental controls, but they are actually privacy settings. These are security settings to keep you safe so that when you mess up, we know how to fix it.” And then when they do mess up, we give them only certain access and then we say, “Okay, now that you screwed up, we’re going to show you how to fix it.”

The Tech Truce

So, if your child is messaging a stranger online and they don’t know the person, instead of taking the device away, what you need to do is look at how to verify a person and teach them the correct behavior. And then have them practice. That’s the part that we’re missing.

When you turn it into a training ground, your battles are less frequent, and then it’s a matter of deciding if it’s really something you want to fight your kid on. Do I really want to fight my kid on getting social media? Maybe not, but maybe I should train my child on how to use social media safely. And that’s the mind shift that parents should have when they’re approaching security, especially with their kids. When you do it that way, it doesn’t matter where you start because you can start anywhere. Then it’s about learning together with your child.

We want them to be able to have that agency and create a training ground where they can test things out, they can screw up. They can maybe post a bad word or search for something that leads to something inappropriate and learn how those things work. Then they can learn later how to do better searches so that that stuff doesn’t come up.

How do you start kids with technology? What should parents think about?

My daughter is at the age where she has started asking for technology. So, I have introduced a training program for her. Her brain is still not even halfway developed. It will be halfway developed when she’s 14. For boys, it’s 15 or 16. So, I have to look at it from a constructive point of view. That cognitive part of her brain, that one that knows right from wrong, if-then consequence, logic—all of those complex emotions, she’s not ready for that yet. So, I want her to use my phone and I’ll teach her how to text properly. That’s one of the reasons why we like Kinzoo, because I’ve taught her how to do that.

We’ve also taught her things about appropriate passwords. So, I’m laying all the groundwork for security. When she’s ready for her own device, maybe in middle school or high school, we’re going to start with a phone that doesn’t do a whole lot, and she can prove to me that she can be trusted and that she can use it safely. Not because I don’t trust her, but because I trust her to learn to use it safely.

What advice do you have for kids when they’re sharing online?

My advice for kids is to trust their feelings. Because a lot of times when they are confronted by things that they don’t understand or a stranger online, they’re trying to process that. And if they take a minute where they put the device away and they walk away from it and actually listen to what their gut is telling them, nine times out of 10 they will think this may not be so safe. And that’s where they can prevent a lot of stuff. So, instead of clicking instantly on it and trying to keep up with the most popular kids in school, take a step back and be the smartest kid in school. Everybody can be street-smart.

Never miss out on expert advice. Get the latest insights, straight to your inbox.

If you’re street-smart, especially online, that will make you a much better candidate when you’re going to look for jobs, when you’re going to look for colleges. So, even as a kid who may be slightly nerdy, or who may not get the best grades or be the biggest jock, there is a balance with technology. And if you start with security, it’s a great foundation to have.

No matter what career you choose, you’re still going to have technology in your life. And that’s the place that kids should start with. Learning their feelings, learning to protect themselves online and understanding how to navigate that scenario. Because mom and dad don’t always say no because they don’t want to have it—they say no because they don’t understand how to keep you safe. So, if you can come to mom and dad and say, “This is how I’m going to be safe,” it goes a long way.

If you’d like to learn more, visit Digital Mom Talk and follow along on Facebook, Instagram and Twitter!