Children and Online Security: Protecting the Most Vulnerable

This post is more than a year old. The contents and recommendations in this blog could be outdated.

Millions of kids today already possess a digital identity, whether in an online game, social media, or various other platforms and apps. While it might bring them lots of joy to share their thoughts with the world and make friends, shared information can be misused. Although younger generations are increasingly taught about online safety, given a child's natural innocence and subsequent naiveté, they might not adequately apply this theoretical knowledge in practice; thus, making them an interesting target for ill-wishers intending to take advantage of their wide-eyed nature.

As the world is becoming increasingly digital, cybersecurity measures are constantly evolving to provide the highest possible safety to users online. Unfortunately, it is not only people with good intentions adapting to technological innovations: Given the numerous tactics of contemporary cybercriminals, such as advanced hacking methods and phishing attempts, an approach to simply limiting a child's digital information for viewing may not be the single best method. Therefore, it is crucial for parents, guardians, and caregivers to be aware of the risks of possessing a digital identity and the measures they can take to protect children's data without having to give up on the cyber world entirely.

New digital threats kids are subjected to 

To understand what measures we can take to protect our youngsters, it is essential to be able to recognize a threat coming their way. As the number of children owning smartphones and other digital devices gradually increases, it is only consequential that most have at least created one digital identity. Sadly, however, doing so inevitably places a target on their backs: According to the FBI Internet Crime Center Report, in 2020, the crime against children increased by 144% compared to the previous year. The data show that eight children per day are facing online exploitation. Similarly to the US, Europe’s cybercrime also undewent a significant increase in recent years, including a sharp spike in detection of online child sexual abuse material.

The following chapter lists some of the most prevalent online threats children face today.


The ever-evolving phishing phenomenon has established itself as one of the most notorious cybercrimes in the last 20 years. While it takes on various forms (for example, Smishing), phishing is generally characterized by an attacker masquerading as a trusted entity to trick random people into giving away valuable private information, such as login credentials or credit card information. The criminal usually aims to deceive the victim by sending a message or mail depicting a situation that is known to grab their attention, such as a package delivery notification, a purchase confirmation, or a credit card suspension notice; these are mostly tied to an URL the recipient is requested to click on, to follow up on the situation at hand. In some cases, clicking the provided link can initiate a download process of viruses or malware, which the cybercriminal can use to access all data and information stored on the victim's device.

While phishing poses a significant threat to people of all ages, due to most children's more minor experience with online scams, they are far less likely to spot a perpetrator posing as a legitimate institution or person compared to their older counterparts. Knowing this behavior, numerous cybercriminals are present on websites, apps, and games with a high percentage of young users.

Some of their most common phishing tactics targeting children include:

  • Spreading malware disguised as free games
  • Claiming to give away in-game currency of popular games for free (f.e. V-Bucks Generators)
  • Assuming the identity of a person or service the child trusts
  • Small games designed to collect personal information (f.e. Enter your full name and birth date to find out which Disney princess you are)

Identity Theft

In the digital age, it is not just material items that can be stolen but also someone's entire identity. Some scammers use the accessed data to claim the essence of their victim for various diverging causes apart from stealing money, such as filing phony health insurance claims, committing tax fraud, or even reselling data to other criminals.

The perniciousness of juvenile identity theft is heightened by the fact that kids often don't receive financial records, credit card statements, and other correspondences that can alert adults to questionable economic activity. Consequently, the crime may continue for a long time before being discovered.

Registration and Access Requests

While many people believe that users of digital platforms are only subject to cyber threats once an account is already created and in use, this assumption might not prove entirely true, it is significant to weed out as many potential risks as possible during the first stage of a person's online presence: Registration.

Should the child in your care wish to join a platform with a base of registered users, you might want to read the Terms and Conditions carefully; not only do they include what user data they will request and utilize, but also what they will be used for. If, for example, a platform entirely unrelated to activities involving your address makes it mandatory for it to be entered, it might be eye-opening to read up on the reason for this request. Furthermore, scammers and predators can exploit the information entered upon registration to target unsuspecting children. Accordingly, it is advised to be aware of the site the child is joining and what information and data it aims to gather.

How can I protect the children in my care?

With the previous chapters explaining the most common digital risks kids (and people in general) are subjected to, this chapter aims to aid guardians in minimizing the chance of their children falling victim to such cybercrimes with the help of some useful technical measures.

Enable Passwordless or MFA

As an enthusiastic six-year-old in the mid-2000s registering to an online platform for the first time, my father advised me to choose a password I could remember effortlessly. Thus I went with “marzipan”; the knowledge factor I would go on to use for each of my accounts for the following three years. However, as the years passed, password requirements have become increasingly strict, and accounts merely protected by a simple word such as “marzipan” could be hacked within less than a second. Whereas the normalization of “stronger” passwords has helped safeguard countless user profiles, their usage simultaneously contradicts the original purpose of knowledge factors being easily recallable: With this being said, how many six-year-olds would be able to flawlessly remember a password with 18 characters, including numbers, symbols, and majuscules?

To sum up, while the usage of passwords has been the industry standard for decades, the evolution of technical knowledge amongst the public also opened the door for more and more cybercriminals who take advantage of the simplicity of this authentication method. As a result, more and more platforms are turning to more secure login alternatives, such as Multi-Factor Authentication (MFA) or Passwordless. The former commonly utilizes a passwordless factor (such as Fingerprint, Face ID, or physical tokens) in addition to the regular username-password login method, while the latter provides a single-factor approach that completely substitutes passwords with a passwordless factor. Enabling either of these two methods make it significantly harder for criminals to hack into the user’s account, even if they manage to get ahold of the password. Therefore, we strongly recommend people of all ages consider switching to the usage of MFA or passwordless whenever possible.

Checking the operating system

Since such a number of phishing attacks and digital scams have the motive to install malware on the victim’s devices, it is strongly recommended to double-check the viability and security of your operating system. Optimally, the system should be updated to its newest version/patch, and the security recommendations (f.e. Windows Defender) enabled. Alterantively, independent antivirus programs serve to automatically detect malicious applications, websites, and files that could pose a threat to your device's security.

Use a VPN

To ensure a safer registration process, make sure the platform the child submits their private information to uses a verified SSL certificate: It serves as a confirmation that communication between the browser and the server is encrypted. The possession of this certificate by a website is typically indicated by a closed lock symbol and a URL prefixed with HTTPS. Since some platforms are still not equipped with this feature, a trusted VPN service can help hide some information.

Virtual Private Network (VPN) software provides privacy by encrypting all your incoming and outgoing traffic, no matter where you are located and which network you use. This protection is achieved by the VPN hiding your internet protocol (IP) address, thus making it nearly impossible for others to track your online activities (including file downloads), so that cybercriminals and other unwanted parties cannot see them.

Using a VPN is especially important when browsing via a public Internet Connection (WiFi). If the person connected to an unsafe network logs into an unencrypted site, other connected users will be able to see what they send and view. With the help of manual encryption of all data traffic, a VPN-router is an optimal way to prevent third-parties from unwantendly accessing private information shared via a public network.

Enable Adblocker and Content Blocker

Anyone who has used the internet before has most likely encountered online advertisements. Unfortunately, some of them have been designed with a purpose beyond their traditional functionality: These malicious ads can gather precious information from the individual viewing them. To prevent the creators of such advertisements from spying on your children, you have the option to add ad-blocking extensions to their browser. Doing so also dramatically reduces the risk of them seeing commercials for highly unsuitable services for minors.

In the unclearly regulated world of the internet, it is not only ads and popups that can lead to involuntary exposure of kids to malicious, unsafe, or inappropriate content. You can ensure that the child in your care is kept safe from such threats by using content blockers: expansions designed to filter out specific types of websites and platforms. However it is worth noting that this measure comes with the tradeoff of potentially “overblocking” innocent content that has been mistakenly or unnecessarily flagged as inappropriate.

More privacy best-practices measures that are also still relevant

While it is of great importance that we use programs, apps, and extensions designed to ensure the highest possible protection of our devices, we must not underestimate the power of teaching privacy and online-safety best practices either. Those practices seem traditional, as they have been around since the dawn of the digital age, but are still valid to raise awareness regarding issues that can (not yet) be solved technologically. These include, for example:

  • Advising the child to utilize a username that does not contain personal information (such as real name or birth year) to hinder attempts of identity theft. Alternatively, using “throwaway” email addresses is also an option.
  • Teaching them to cover or unplug their webcams when they are not in use
  • Show them how to keep their digital profiles limited for viewing and messaging to decrease phishing attempts
  • Tell them to share only minimal information online and never to share their phone number  or address with anyone that does not have a valid reason to obtain this information.
  • Explain to your children the value of using different passwords (if required) for each account to reduce the impact, if a certain account was breached.

Knowledge is power

While it is essential that we, as “wise” and responsible adults, do our best to keep the children safe, admittedly, we do not possess the superpower of having our eyes everywhere: Therefore, it is equally important to show the youngsters how they can look out for themselves and use the internet safely without supervision. The first step in achieving this goal is to talk to kids honestly about the risks that the possession of an online presence can contain - of course, using age-appropriate language. The intention behind this conversation is, therefore, not to scare them but instead, to teach them that they have the power to protect themselves by knowing how to recognize suspicious situations. With this skill acquired, children can continue enjoying their favorite online activities and exploring their independence while simultaneously keeping the learned safety measures in the back of their minds.

Liked it? Share it!