If you’re the parent of a tween or teen, chances are they’re not the only ones going back to school. Their smartphones are going back too.

Our recent global research showed just how many tweens and teens use a smartphone. Plenty. Depending on the age band, that figure ranges anywhere from 76% to 93%, with some noteworthy variations between countries.

One of the top reasons parents give their child a phone is to stay in touch, so it likely follows that those phones will likely make their way into the classroom. Whether or not that’s the case for your child, back-to-school time is still a great time to help your child stay safer on their phone—and keep their phones safer too in the event of loss or theft.

Seven steps for keeping your child’s phone safer

Install protection on their phone

Comprehensive online protection software can protect your phone in the same way that it protects your laptops and computers. Unfortunately, while many people use it on their laptops and computers, far fewer people use it on their phones—only about 42% of tweens and teens worldwide use it on their smartphones according to our most recent research.

Installing it can protect their privacy, keep them safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do. You can find our smartphone apps in both Google Play and the Apple App Store.

Set their apps to automatically update

Updates do all kinds of great things for gaming, streaming, and chatting apps, such as adding more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.

iPhones update apps automatically by default, yet you can learn how to turn them back on here if they’ve been set to manual updates. For Android phones, this article can help you set apps to auto-update if they aren’t set that way already.

Much the same goes for the operating system on smartphones too. Updates can bring more features and more security. iOS users can learn how to update their phones automatically in this article. Likewise, Android users can refer to this article about automatic updates for their phones.

Use a lock screen with a passcode, PIN, facial recognition, or pattern key

Another finding from our latest global research is just how few people use a lock screen on their phones. Only 56% of parents said that they protect their smartphone with a password or passcode, and only 42% said they do the same for their child’s smartphone—a further 14% drop between parents and kids.

The issue here is clear. If an unlocked phone gets lost or stolen, all the information on it is an open book to a potential hacker, scammer, or thief. Enabling a lock screen if you haven’t already. It’s a simple feature found in both iOS and Android devices.

Learn how to remotely lock or wipe a smartphone

Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.

Use a password manager

Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one, and McAfee also offers a free service with True Key.

Have your kids steer clear of third-party app stores

Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.

Teach your kids about the hazards of public Wi-Fi and how to use a VPN

One way that crooks can hack their way into your phone is via public Wi-Fi, such as at coffee shops, libraries, and other places on the go. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protect from others on that Wi-Fi hotspot. Note that our VPN can turn on automatically for public Wi-Fi, protecting account credentials, search habits, and other activities online. ​

A quick word about desktops and laptops too

The same advice applies for these devices as well—strong online protection software, password management, VPN usage, and so on. What’s good for a smartphone is good for laptops and desktops too.

For laptops in particular, you can track these devices as well, just like a smartphone. The process differs from smartphones, yet it’s still quite straightforward. Windows and Mac users can enable the following settings—and you can click the links below for complete instructions from the source:

Windows: Enable in Settings > Update & Security > Find my device
macOS: Enable via Settings > Your Name > iCloud > Find My Mac

Putting these same protections in place on your laptops and desktops will help make your child, and your whole family, safer than before.

Note that on school-issued devices, your school district will likely have technology teams who manage them. As part of that, they typically have policies and restrictions in place to help keep them running safe and sound. If you have any questions about what kind of protections are in place on these school-issued devices, contact your school district.

Protecting your child

While we’ve largely focused on protecting the phone itself, there’s also the importance of protecting the person who’s using it. In this case, your child—what they see, do, and experience on the internet. Device security is only part of the equation there.

Parents of tweens and teens know the concerns that come along with smartphone usage, ranging anywhere from cyberbullying, too much screen time, and simply wanting to know what their child is up to on their phone.

As you can imagine, each of these topics deserves its own treatment. The “Family Safety” section of our blog offers parents and their kids alike plenty of resources, and the list below can get you started on a few of the most pressing issues:

Cyberbullying on social media
Know the signs of cyberbullying
Sketchy apps and how to avoid them
Parental controls for keeping tabs on your child’s time online
A parent’s guide to TikTok

Smartphone ownership—a device full of teaching moments

Without a doubt, while a child may get their first smartphone to “keep in touch,” that ownership blossoms into something far greater. And quite quickly. As they dive into the world of apps, social media, messaging, and gaming, take an interest, take it as an opportunity to spend time talking about their day and what it was like online.

By asking if they grabbed any cool pictures, what their favorite games are, and how their friends are when your child is texting them, questions like these can open a look into a world that would otherwise remain closed. This way, talking about the phone and what they’re doing on it becomes part of normal, everyday conversation. This can reap benefits down the road when your child encounters the inevitable bumps along the way, whether they’re dealing with a technical issue or something as difficult as cyberbullying or harassment. Talking about their life online on a regular basis may make them more apt to come forward when there’s a problem than they otherwise might.

In all, think of the smartphone as a fast pass into adulthood, thanks to how it puts the entirety of the internet right in your child’s hand. Protecting the device and the kid who’s using it will help ensure they get the absolute best out of all that potential.

The post Getting Your Kids Ready for School—And Their Smartphones Too appeared first on McAfee Blog.

Read More

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it.

The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an environment with few regulations governing its sale or use.

While many of these companies stress they are using aggregated or anonymized data, the unique nature of location and movement data increases the potential for violations of user privacy.

Read More

The official Instagram account of cricketing legend and former Pakistan Prime Minister Imran Khan was hacked yesterday in order to promote a cryptocurrency scam.

Read more in my article on the Hot for Security blog.

Read More

Moscow man allegedly conducted years-long influence campaign

Read More

This is the third part of a three-blog series on startup security. Please have a look at part one and part two.

New companies often struggle with the question of when to start investing in information security. A commonly heard security mantra is that security should be involved since the very beginning and at every step along the way. While this is obviously true, it is quite detached from reality and provides little practical guidance.

Frameworks such as NIST CSF and CMMI ratings help an organization evaluate the current state of their security program, but they are heavy on policy and not worthwhile for a startup where a security program does not yet exist. So when should a company run its first vulnerability scan, perform its first risk assessment, have its first penetration test done, integrate static analysis tools into its CI/CD pipeline, deploy its first IDS, write its first security policy, hire its first CISO, stand up a security operations center, etc.?

A common flawed approach is to put off answering these questions until a future date when the company hopefully has the time and money to start thinking about security. This approach is never properly executed because new priorities and expenses will inevitably continue to displace security.

Besides, some founders need a fully functioning product with a growing userbase to raise any funding in the first place – At this point it is already too late to start addressing security. Another common practice is to reactively implement security whenever its necessity becomes apparent due to business requirements, regulatory requirements, or in the worst case, a breach.

COVID-19 caused a sudden surge in the use of remote collaboration tools, some of which gained millions of users practically overnight. Some of these products were unprepared for the influx of users and, consequently, attackers, and were caught off guard by a barrage of security issues ranging from privacy concerns to ineffective access controls.

The best way to ensure a better approach to security is to always have an evolving security plan with set milestones. The plan need not be complicated or fully developed but should contain commitments to be kept. On day one of a new company, the plan might be to reach out to a friend who works in infosec to have a conversation about developing further plans within the first month. At first, the security plan will consist largely of steps required to develop the plan itself. It will take time before the plan resembles a working roadmap or documented policy.

The following is a basic example of how a security plan might develop over time for a new software company: 

Day One:

Before the end of the month, reach out to a friend who works in infosec to discuss security planning.
Locate some resources to better educate the team about application security before completion of POC.
Identify any compliance regulations applicable to the business.

One Month in (Design and Initial Proof of Concept):

Research and implement IDE linters for security.
Research and implement static analysis tools for CI/CD pipeline.
Determine security requirements related to user data collected and handled in the application.
Determine industry standard practices for mature companies in the sector.
Create a list of security tasks that must be completed before initial release.
Create a regulatory checklist for compliance.

Leading up to Initial Release:

Establish a process for periodic code reviews.
Remediate all important findings from static code analysis.
Determine and create necessary security documentation for external consumption.
Draft a security roadmap which addresses policy creation and third-party security services/products.
Complete all required items on the regulatory checklist.

This is simply an example that might apply to a software company, but it is important for a company to understand its own risks and priorities. Other companies may be more heavily focused on device and infrastructure security, while others may be more compliance-driven at first. There are many security checklists or templates online that offer several worthwhile security controls for startups, but it is important to understand how they apply to your organization to ensure that the right controls are effectively implemented.

The tasks in these example plans can be carried out by most development teams in a day or two and can be tracked on a Kanban board along with other priorities. They also contain tasks to continuously evaluate and evolve the plan as the company moves forward. In performing these tasks, the team will undoubtedly become better educated in the security concerns that affect their startup.

As the company progresses, however, it will hit a point where the security tasks and associated risks become too much for the existing team. At this point, the company must hire security-focused leadership and staff, and the knowledge gained from the initial phase of addressing security internally will surely help in ensuring that the right team is brought onboard.

Perhaps the most important factor determining the effectiveness of a company’s security controls is its culture surrounding information security. This crucial part of company culture begins at the earliest stages with the founding team and can be very difficult to change once set. By incorporating security responsibilities into its processes early on, founders can take an active role in promoting security consciousness throughout their team and better position the company to avoid costly security issues going forward.

This article is part 3 of a 3-part series on startup security. Parts 1 and 2 focused on how startup culture affects software security and the anatomy of a software vulnerability. Part one and part two have been published.

Read More

Security oversight could enable account takeovers

Read More

Everyone knows the phrase “software is eating the world” by Marc Andreessen from over a decade ago. Software powers and touches nearly every aspect of modern society, both personally and professionally, and is critical to the modern economy and national security.

It can also be said that open-source software (OSS) has eaten the software industry. The Linux Foundation and other groups have estimated that free and open-source software (FOSS) constitutes 70% to 90% of any modern software product. Not only is modern software largely composed of OSS components, but IT leaders are more likely to work with vendors who also contribute to the OSS community.

To read this article in full, please click here

Read More

The data-reliance of digital banking means an AI-driven approach to cybersecurity and risk management is integral to success, UnionDigital Bank CISO Dominic Grunden tells CSO. For him and his team, this took on greater significance given the speed at which UnionDigital Bank was created to empower the Philippines’ digital economy. The bank enables the Filipino people, communities, businesses, problem solvers, and regulators to leverage digital banking, fintech, blockchain, and open-finance technologies. It was established in just five months, a timescale unheard of in the banking industry, Grunden says.

From the get-go, Grunden recognized the need to adopt an AI-first security policy to keep pace with both the unprecedented growth of the company and the complexities of the digital banking sphere. Key to achieving this has been a seamless relationship with the firm’s Chief Data Officer (CDO), Dr. David R. Hardoon. Working together, the two used autonomous technology to instill a “truly holistic” AI-enhanced security and risk management strategy.

To read this article in full, please click here

Read More

Leading US and Aussie unis also sub-par on email security

Read More