How security professionals monitor their kids

Cell phones, texting, IM, email, Facebook, MySpace--kids are interconnected today in ways hardly imagined two decades ago. But these technology-based communication platforms also enable new forms of an age-old parenting strategy: monitoring your kids. Who are they talking to? What are they talking about? Are they going where they said they are going?

Most of us with children think about this stuff. But parents who work by day as security professionals live in a heightened state of risk awareness, and also have the expertise and the tools to monitor kids' behavior and communication in many ways.

Also see Social Media Risks: The Basics

Is it any easier to put the proper measures in place to ensure your child's security since you already have an expertise in this area? Or do you go overboard because of you are hyperattuned to risk? And what is the right balance of freedom and guidance to provide for kids?

Turns out it was tricky issue before social networking, and remains tricky now. Here are views and strategies collected from an array of security professionals.

'Spying' on your kids?

Martin McKeay, a CISSP and security consultant who maintains a popular network security web site and blog, recently found out how divided security professionals are on the issue of monitoring children. McKeay, the father of two boys aged 8 and 10, received an intriguing message recently from someone on a mailing list who wanted his opinion.

"It asked 'What kind of software can I use to spy on my children and read their every email?'" said McKeay, who was slightly taken aback by the wording and the person's obvious, no-bones-about-it attitude that they intended to pry into their kids' lives without warning or limit.

"I consider that going over the top. So I went on Twitter and asked other people: 'How do you think this should be handled? Is it through monitoring software, or parental relationships?'" McKeay recounted. "With rare exceptions, most people said both. But there were some strong opinions about monitoring what your kids do."

McKeay said he was surprised that his responses, mostly from other security professionals, revealed many were willing to do at least some covert monitoring with software programs without the kids' knowledge or consent. The majority felt open and frank discussion, along with some disclosed parental control with products such as Net Nanny, and other similar programs that block web sites and monitor activity, was the best approach.

But he estimates about 25 percent of those who answered his question thought monitoring all actions without telling their kids they were doing so was OK.

"I kind of expected in the security community that more people would realize some of the dangers of that kind of secret monitoring. But I guess when it comes to your kids, most people seem to be more concerned with keeping them safe online than the potential impact on the relationship."

By danger, McKeay means loss of trust when the child realizes he is being "spied on," as he puts it. He believes secret, and also open-but-excessive, monitoring of a child's activities infringes on a kid's privacy rights and will set parents up for potential damage to the relationship with their children in the future. He also thinks leaving them no room to make mistakes means they won't learn the security skills they need when navigating the dangers of the internet.

"If kids don't learn how to live on the internet when they are at home when they are safe, they are never going to learn it, or they will learn it the hard way when they go out on their own."

The connections kids make using technology that set them up for security risks will only increase, and technology is making that easier than ever. Even if they don't have a smartphone yet, most teens are using Facebook on their computer at home. But Microsoft this month is unveiling new phones aimed at younger users that have special social networking capabilities. And as social networking, where plenty of questionable and even dangerous communication can take place, becomes more mobile, the ability to supervise becomes even more difficult, according to Insite Security's Christopher Falkenberg, a former Secret Service agent.

"Mobility will restrict parents' ability to supervise as opposed to the home computer which can be reviewed by parents," he said. "Also there are not programs to help control content on mobile devices like there are for computers. As a parent you can be no less vigilant of a child's online associations and whereabouts than you can their physical location and friends. If you wouldn't let them see someone or go someplace in the physical world you should not let your kid go there through the internet."

But despite what many parents might put into place to keep an eye on their kids, children, as they often do, usually find ways around it. According to a poll conducted in 2008 by Harris Interactive and McAfee,16 percent of kids have created private e-mail addresses or social networking profiles to hide what they do online from their parents. And 63 percent of teens said they know how to hide what they do online from their parents. Additionally, 11 percent have unlocked or disabled parental filtering controls.

Instead of trying to block her kids from questionable or dangerous content and communication, Dena Haritos Tsamitis, head of the Information Networking Institute and director of outreach for Carnegie Mellon CYLAB, approached the security and safety issue by trying to change behavior. Her older kids, now 23 and 21, were her so called 'guinea pigs' when she was developing MySecureCyberspace, an online educational resource that provides families with free materials for staying safe online.

"I was able to see firsthand the kind of risk they were taking knowingly," said Tsamitis. "They knew better but were taking risks anyway. I was thinking: "This is a challenge, because I have to modify their behavior, and kids don't listen to their parents too easily."

Through the kids, Tsamitis said she explored strategies for dealing with that age group and helping them understand the real world consequences of their actions in order to shape the informational content on the MySecureCyberspace site. The site also includes free games for kids of varying ages that helps them develop the skills to spot spam and avoid saying dangerous things in front of strangers in chat rooms.

Tsamitis' youngest daughter is now 13 and just starting to use social networks. As with her older kids, Tsamitis is not blocking content, but instead trying to get her daughter to understand the consequences of her actions online through education.

"If I walk into the room and my daughter is online, I'll be peeking over her shoulder without hovering. If I see she posts something inappropriate, I'll ask her if she thought about what she was doing before she posted. I'm trying to teach her to think about things more than just react."

And in the physical world...

Of course, security risks aren't just online. Security pros still have the old-fashioned worries about kids' whereabouts and the company they keep when they are out of the house. Physical security veteran Daniel Finger, who once served as a security director at several large hospitals around the country, now heads a consultancy in Jacksonville, Florida. When his son was in school, Finger wanted to give him the space to learn things on his own, but at one point made the decision to change his own life around in order to ensure his son was safe. Finger's son, who faced a bus ride each day that required him to transfer to a second bus in order to get to school outside his district, was witnessing fights every day while he awaited the second bus.

"For a while, I thought the interaction of taking the bus would be good, but it didn't work out that way," said Finger. "After hearing about the fights he was seeing, I finally said 'You don't need that.' So for last two years of high school I rearranged my morning schedule so I could drop him off myself."

Finger's son graduates from college in a few weeks, and Finger admits he was fortunate to have had a teenager who didn't get into a lot of trouble.

"We never had a situation where we had to go to the police, or smelled alcohol or marijuana. And as a former security director I would have picked up on that stuff."

But he and his wife kept an eye on his son and his school by getting involved. Finger's wife was on the PTA. Both made a point of volunteering often at school events in order to get to know the teachers and other families. It's this kind of vigilance that he thinks gives parents an advantage: Monitoring that isn't too invasive, but is also informative.

Also see Employee Monitoring: Good for the Employee?

As for McKeay, he admits that he hasn't had to worry much yet about his sons looking for objectionable, and even dangerous, content because they are still so young. He has put some controls in place. The computers are all in the family room. Some sites are blocked, but, like a true tech security guy, McKeay has turned the roadblock into a challenge.

"I've blocked YouTube with disclaimer that if they can figure out how I did it, they can have it back until they give me reason to take it away again." In the right circumstances, this kind of tactic offers a possible way to make monitoring and blocking feel less adversarial.

Going forward, McKeay hopes he and his wife can continue their policy of allowing freedom coupled with open lines of communication with the kids.

"My wife and I have had numerous talks with them to say 'If you get on a bad site, you need to leave it. If you see anything that makes you uncomfortable, come and tell us."

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark