5 min read
Summary: The increase in internet usage and the shift toward online schooling puts children at risk of social engineering attacks because they lack the requisite social and psychological knowledge to understand such tactics. Unfortunately, studies show that Nigerian children and teenagers get little to no cybersecurity education in their schools. Cybersecurity education should be made compulsory in schools so children can have sufficient knowledge to protect themselves in this increasingly digital world.
Cybersecurity lessons for Nigerian children as part of the information technology curriculum have become an urgent requirement as cyber fraudsters increasingly rely on psychological tricks to lure their victims. Schools are. however, yet to catch up.
A recent report by Nigeria Inter-Bank Settlement System Plc (NIBSS) on the rising number of cyber frauds and attacks on banks showed that cyber fraudsters, scammers or hackers relied on social engineering to disarm and defraud their victims.
Social engineering accounted for the most technique used in perpetrating electronic frauds against financial institutions and their customers, especially individuals.
Social engineering, in the context of security, is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. For instance, instead of trying to find software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging a password. This was responsible for 11,589 fraud activities.
Social engineering happens because of the human instinct of trust. Cybercriminals have learned that a carefully worded email, voicemail, or text message can convince people to transfer money, provide confidential information, or download a file that installs malware on a company’s network.
While every Nigerian internet user is at risk of falling for social engineering, children are most vulnerable because they lack the base of social experience necessary to counter this psychological technique. This is why cybersecurity lessons in Nigerian schools, starting from an early age, are vital.
Additionally, cybercriminals have shifted their attention toward the emerging economies, and Africa is a particularly attractive market for them for various reasons. Africa’s growth in digitisation has leapfrogged with the pandemic and mobile adoption has increased without the essential cybersecurity culture.
Africa in general and Nigeria in particular have a relatively immature regulatory environment. There are low levels of cybersecurity awareness on all levels from the government to businesses and consumers. This makes the continent vulnerable to cybercrime.
A survey conducted by Cyber Heroines, an advocacy group for women in cybersecurity, in August 2020 across 445 teachers and educators from 14 African countries showed that currently, 20 percent of schools offer adequate cybersecurity awareness lessons to their learners. This means 80 percent of schools do not have such an offer. The survey also found that 25 percent of schools provide cybersecurity awareness training to their staff and teachers. Again, it implies 75 percent do not do so.
With the COVID-induced lockdowns forcing movement toward online schooling, and with cybercriminals adopting the use of social engineering tactics, there is a major gap here that needs to be addressed by the educational institutions.
In KnowBe4’s 2020 Annual Cybersecurity Culture report, the educational sector scored the lowest regarding cybersecurity culture. This is a global finding and not just limited to Africa.
On the question of whether cybersecurity is offered as a subject in schools, only a paltry 3.70 percent answered in the affirmative. This 3.70 percent indicated that it was optional, 25 percent said it was somehow included in the IT curriculum, but the overwhelming majority of respondents (67.60 percent) said cybersecurity was not taught as a subject.
An assessment of cybersecurity teaching across age groups indicated that children in primary school to 16 years received little to no cybersecurity education.
“Among the highest likelihood risks of the next 10 years are extreme weather, climate action failure and human-led environmental damage; as well as digital power concentration, digital inequality and cybersecurity failure,” World Economic Forum Global Risk Report 2021 stated.
In a recent survey conducted by VMware, 91 percent of organisations cited an increase in cyber-attacks as a result of teleworking. In their 2020 global landscape on COVID-19 cyber threats, Interpol reports an increase in data-harvesting malware, phishing, and Denial of Service (DoS) attacks and ransomware.
Data acquired by Atlas VPN revealed that data leaks surged almost 500 percent at 27 billion amidst the pandemic, and according to Verizon, confirmed data breaches in the healthcare industry increased by 58 percent in 2020.
Some elements of cybersecurity lessons for children
Increase awareness: It is important to ensure younger children know the basics of staying safe online by using techniques like online games and videos that will define computer terms such as cyberbullying, netiquette and virus protection. This will establish a basic understanding.
Promote appropriate online interactions: Use some online games to help show children how to make responsible decisions about online communication and learn about key issues of digital citizenship. Online activities can include exploration of methods of communication in chat rooms and emails, for example.
Prevent cyberbullying: Cyberbullying, that is, bullying using electronic technology, can happen anytime and anywhere. Teach the children to think through what they post on the Net about other people and the consequences those posts could have if they are unkind or mean. Also, keep communication with the child open and teach them how to speak up if they suspect someone is bullying them.
Protect children’s identity: Remind young children never to give out personal information, such as name, home address, or telephone number, to anyone they do not know through email, Twitter, Facebook, or in online chat rooms or bulletin boards. Talk with the children about the online risks of interacting with strangers through the computer and sending notes and pictures into cyberspace. Online games may help kids understand how to protect their personal information and the ramifications of stolen identity.
• Use simple videos, games, and interactive programs to explain to children the basics of online safety and cybersecurity.
• Teach them the etiquette of communication on social media, instant messengers, and online forums.
• Teach children about cyberbullying, what it is, how to report cyberbullies, and how not to become cyberbullies themselves. Teachers and parents should make children feel free to communicate with them concerning any issues they have.
• Teach children never to give out personal and sensitive information to strangers online. Let them know how to identify and report any unusual behaviors they encounter in online interactions.
• Limit their use of mobile devices and computers and keep a watchful eye on their activities on these devices; numerous applications can assist with this. Use the ‘Kids mode’ feature available on many popular apps today so kids can consume safe content.
• Let them know the benefits of real-world social interactions, exercise, sports, and other healthy activities that will improve their physical and social wellbeing.
Source: Business Day
Keywords: Cybersecurity, Children, Social engineering, Schools, Cyberbullying