VTech’s recent reaction to their large-scale hack, targeting adults and children, last year was to pass the buck onto consumers. This might help them when it comes to complaints and court cases, but the reputation damage they will suffer as a result will cost them more – as the recent VTech boycott has shown.
On first thought, a child wouldn’t seem like an obvious target for cyber criminals. Yet they’ve become the latest target for hackers, as shown by two large-scale cyber attacks that caught the media’s attention last year. The potential dangers of internet-connected toys were also shown when researchers announced Mattel’s latest Wi-Fi enabled Barbie doll could easily be hacked and transformed into a surveillance device.
No doubt about it, this is scary stuff and hopefully jolts toy manufacturers into action making them realise they’re not immune from hacks. Unlike adults, kids are unlikely to know that they’ve been a victim of a hacking and had their ID stolen until they are much older. And that’s exactly why they are such prized targets.
The Dark Web, home to a variety of ‘goods’ and ‘services’ – such as stolen data, illegal pornography and drugs – is where hackers sell stolen identities. Someone with a good credit rating would be appealing, but at the same time, they’re likely to notice unusual activity on their bank statements pretty quickly. A cyber criminal might have 48 hours, a week or maybe two before they need to ditch that ID and acquire a new one. Whereas a hacker has potentially up to ten years with a child’s ID until they’re unmasked – it’s this longevity that makes a child’s ID worth much more than an adult’s.
Having their child’s data stolen is another thing to add to parents’ ‘internet watch list’. Anne Collier, Founder and President of NetFamilyNews.org highlighted how parents are often naive to the online accessibility children have. For instance, many music players provide children with access to the internet, and many games consoles have a ‘live’ option allowing children to connect and speak to strangers and potentially reveal personal information.
So what can manufacturers do?
Makers of internet-connected toys need to work closely with parents in order keep children safe online. This will require a tailoring of the usual scare tactics. Kids need to be engaged and see cybersecurity as something fun and not just a thing ‘mum or dad keeps telling me to do’. Rather than passwords, perhaps we need to think about puzzles. And this is where comms can come into play, by raising awareness and education people around these dangers in compelling and engaging ways.
We don’t need to expose children to the realities of the Dark Web at such an early stage. But there needs to be a collaboration between the toy industry, children’s charities and the government to help parents ensure that their kids are cyber smart and most importantly, safe.