An acceptable use policy for your kids

14 Feb 2012
Kids with parents on laptop

Davey Winder says children should be treated like employees, with guidelines on acceptable internet use

Regular readers of PC Pro may already know that I’m something of a collector of children – not in a creepy way I hasten to add, but rather as proud father and stepfather. My current tally is eight, aged from 23 down to ten-year-old twins, three grandchildren all under three, and another on the way.

So, as you might imagine, given my day job, I’m rather well versed in the art of online parental responsibility. Indeed, my eldest started taking an interest in what daddy was doing back in the days when daddy was doing what he shouldn’t – namely, exploring networks that he had no permission to...

Turning on the parental control filter isn’t a silver bullet against porn, paedophiles and assorted other – often imaginary – internet evils

The internet arrived and grew alongside my ever-expanding family, and it quickly became apparent that the kind of advice I was giving to businesses about protecting themselves from the likes of me – or much worse, from those scumbags who would actually steal their data – could be transferred quite effectively into domestic settings too. I’m still shocked at the number of folk I bump heads with in the course of my job, whom I discover to be quite capable of applying the most basic of common sense IT security rules to their workplace and workforce, but who still find they need to call on me when their teenage daughter is being harassed on Facebook, or young Jimmy has been exploring the online red-light district. If there was one bit of advice I could offer to any parent who has an understanding of business security principles, it would be this: eat your own dog food!

Let me try to explain by way of an example: you wouldn’t allow your staff access to the internet and everything upon it via your company’s network – with all your data held within it – without first getting them to read and agree to an acceptable use policy (AUP). Or at least I hope you wouldn’t, because otherwise you really are setting your company up for an almighty fall the first time someone is caught watching hard-core porn at their desk by a fellow employee, who takes offence and takes you to an employment tribunal for harassment (not to mention the matters of wasted bandwidth or the risk of virus infection).

Which brings me nicely to a related point. You might believe an AUP isn’t required in your firm because you can install software or use cloud-based services that will monitor traffic and protect the network perimeter from danger, maybe even blocking access to sites in the first place, based upon content type. This is a mistake, as a layered approach to security strategy is always better than putting all your delicate data protection eggs into one basket.

Looking at these same scenarios in a domestic setting, applied to the subject of protecting both your children from online dangers, and your network and personal data from the risk those dangers could bring, the exact same issues arise – I’d never let any of my children access the online world, whether it be from a gaming console, smartphone or computer, without having a “how I expect you to behave” talk with them first, which is in effect the application of a domestic acceptable use policy.

The responsible parent ensures that their kids are aware of what’s expected of them online, what sites and content they shouldn’t be visiting, what behaviour is safe, what behaviour is forbidden and, most importantly, that parent shares responsibility with them to apply the agreed rules. I’m not suggesting that you get them to sign a formal AUP document, although I do know of parents who have drawn up a “family internet contract” with their kids, and got them to sign it as a way of making the whole process inclusive and somehow more relevant. The important thing is that your kids know what you don’t expect them to do while they’re online, and what the consequences of ignoring those expectations will be.

I find the withdrawal of gaming console, smartphone or computer privileges for a certain period – which varies depending upon the seriousness of the breach – works pretty well. If, on the other hand, you only install what used to be called parental control software, but should more accurately be described as child control software, without giving “the talk”, then don’t be too surprised if one day you discover your kids have been circumventing said software by using a Tor proxy, or accessing the internet via their smartphone or at a mate’s house.

Such software does have a place as one layer of the domestic security onion (especially when we’re talking about younger kids, of primary school age, let’s say), but it should never be considered as your only option, nor as a watertight solution to all that scares you.

Certainly, your domestic network needs the same basic internet security defence systems in place in terms of antivirus, malware protection and firewalling as any small business, but turning on the “parental control” filter isn’t a silver bullet against porn, paedophiles and assorted other – often imaginary – internet evils.