Jyllian Clarke joined Amazon in 2020 and is now the global head of security training. Day-to-day, her job is to provide security training and learning opportunities to Amazon employees, worldwide, as well as provide security education opportunities to Amazon’s customers, prospective customers and the general public. Below, Clarke shares details about types of cybersecurity threats, explains how you can protect your family in today’s digital landscape, and offers tips on talking to your children about phishing and hacking.
“My passion for security goes beyond my own team, from professional development for all Amazon employees to cybersecurity education for everyone to help them stay safe and protect their data,” she said. “I’m happy to share tips, because everyone’s safer when we work together.”
What is cybersecurity?
Cybersecurity is the act of protecting your personal data and hardware from cyberattacks—i.e., unauthorized access to your data or hardware. Most cyberattacks don’t work the way they’re depicted in movies, though. There are two common types to watch out for, and by learning how breaches happen, you can be much more likely to avoid them.
Threat type 1: Phishing
Phishing is when an individual or group impersonates a reputable business or institution in order to gain access to accounts and devices. Once they have access, they aim to collect personal or financial information for their own use, as well as infect your devices with malicious software that can dig for more data and facilitate continued access. So, what do phishing attacks look like?
An email link you click on your phone can be disguised to look like it comes from a trusted source, like a banking institution. The sender designs the email to look official so you don’t question it, and may use urgent messaging like, “There’s a problem with your checking account, log in now to fix it.” Once you click the link, you are taken to a web page that also looks official, and are prompted to enter your login and password, which gives that information directly to the phisher. And just like that, you’ve been hacked, and the phisher now has control over your account(s) or device(s).
Ways to avoid phishing scams:
- Take a pause. Phishing attempts generally fall apart on careful inspection, which is why they use urgency and fear to get you to act before your intuition kicks in and your alarm bells go off.
- Note the request. On phone calls, almost all businesses and organizations have a policy of not asking for personal information over the phone, except to verify your identity when you initiate the call.
- Pay attention to links. Make sure the website domain is accurate, and check for the secure padlock icon in the web browser when sharing any secure information. When it comes to texts, don’t click shortened links, especially if you didn’t ask to be texted first.
- Check the sender’s email address. For emails, most scammers are adept at replicating the designs of the organizations they’re impersonating, but there’s one aspect they can’t copy—the sender’s email address. Emails used for spamming are unofficial email addresses and often contain gibberish text. However, big phishing operations invest in official-looking addresses, so read carefully. For example, someone impersonating Amazon might get an address like, “firstname.lastname@example.org”—easy to miss if you aren’t being careful.
Threat type 2: Hacking
The classic, movie-style hacking—where a bad actor codes to breach a system—does happen, but it is typically aimed at organizations like social networks or major retailers, not individuals and families. One way that it can happen to you is a “man-in-the-middle” attack, when you’re using a public Wi-Fi network. If you’re on a shared open network and interacting with websites using unencrypted connections, everything you send and receive, like login information, can be intercepted and read. Or, you might be rerouted from a legitimate site to a fictitious site that looks legitimate, and asked for your password or financial information there, so the hackers can collect it for themselves to then steal your identity and/or data.
Ways to avoid hacking:
- The best way to avoid hacking is to only use sites with an “https” connection, which you can see in your browser’s address bar.
- Modern web browsers use an icon like a padlock to let you know you’re secure, and often warn you when your connection isn’t secure.
- Choose secure passwords (a combination of numbers, capital and lowercase letters, and special characters) and change your passwords regularly, especially on sites where sensitive information is stored.
- Use multifactor authentication (MFA), which is more than just a password (e.g., an SMS text message with a code)
How can you start the cybersecurity conversation with kids?
Cybersecurity can be a complicated topic for kids, but it’s important to discuss it with them often. Try to weave it into everyday conversations and have fun with the discussions. Rather than sitting down for a big, serious talk, bring it up during natural moments throughout the day: When providing login information on their tablet, reading an email with a link they need to click, connecting to a public Wi-Fi network, or chatting with an online friend from a game they love.
Highlighting these moments can help kids be more mindful about technology and the people with whom they interact. If you find yourself dealing with suspicious activity on your own device, engage your kids and walk them through how you handle it so they won’t feel so intimidated if it happens to them. Plus, they’ll see it can happen to anyone, even mom or dad.
“I remind my kids all the time about the possibility that they might be on a legitimate website that has been hacked into, or that somebody might send them an email in an attempt to steal their information,” said Clarke. “I provide relatable examples—just because it came from a friend doesn't mean that you should be clicking on the link without questioning it. I encourage them to do their due diligence, reach out to their friends and ask, ‘Did you actually send this to me?’”
Top cybersecurity tips for parents and their children
Do your research. Stay on top of cyberthreats and the ways that criminals are targeting vulnerable people. A quick internet search on the name of the app or game with the words such as “scam” or “vulnerability” can take you to news articles with suggestions on how to patch the app or more secure application options. You can also find helpful tips via the National Cybersecurity Alliance.
Be your own internet bodyguard. Keep the software for any online device updated, use strong and unique passwords, and turn on MFA whenever possible. For more information, check out Protect & Connect.
Establish guidelines for kids. Be very clear about what links they can click and which sites they can visit. Create an open line of communication for times when they want to access something beyond those, so that you can always be a filter and keep them safe.
Use your email and phone number to enable MFA for kids’ devices. By setting this up, your kids will have to turn to you for permission to log into sites and apps, making it a great way to stay on top of what’s happening with their online activities. More and more sites are making it standard anyway, so it’s easy to incorporate into your everyday conversations as they connect online.
Listen for cues from your kids about potential breaches. If you hear something like, “This website keeps kicking me off,” or, “It keeps taking me to another site,” jump in and see what’s happening. Then help them get back to the real sites they’re trying to use before potentially giving away important information.
Understand the platforms your kids are using. Do the social networks, apps, and games your kids spend time with have well-known red flags from a personal safety or cybersecurity standpoint?
Keep the dialog open to learning about new risks. As parents, we often think of teaching as a one-way street, but with technology evolving quickly, often our kids will introduce something to us first. For example, they might say, “All my friends are playing this cool new game where we meet in-game and walk around to find hidden treasures.” You can make sure your child remembers to ask all the basic questions and make educated decisions about whether a new game, feature, or capability is safe for your family.
It might seem intimidating at first, but just like with physical safety, cybersecurity can become muscle memory. And the good news is that like most things, the younger your kids are when they start learning, the more natural it will become for them to spot potential cyberthreats and keep their information safe.