Recently, I had the distinct pleasure of spending nearly two full weeks with my Mom. While spending time with her- and working remotely at the same time- I was reminded that many of the lessons that we’re taught as children can be incorporated into cybersecurity best practices.

So, this won’t be one of my traditional application security best practices blogs. Rather, the purpose of this blog is to link the sage advice we all received in childhood with ways to improve your family’s modern-day cybersecurity.

“Don’t take candy from strangers”

I always found this advice to be paradoxical. We were told never to take candy from strangers, then on Halloween we graciously accepted candy from lots of different strangers, just by saying, “Trick or Treat!”

How does this situation relate to cybersecurity? A phishing e-mail can be viewed as proverbial candy from a stranger on the Web. However, the stranger in the phishing e-mail example is masquerading as someone you know- a business colleague, your financial institution or even a community organization that you support.

How this childhood advice applies to modern cybersecurity:

  • You should be cautious about receiving unexpected messages from others, even if they appear to be coming from trusted sources.
  • Carefully review the sender’s e-mail address and all of the links in the message, without clicking on any of the links. And, If the message appears to originate from a legitimate retailer that you do business with, don’t hesitate to reach out to the retailer to confirm the message’s authenticity, via traditional customer service channels.
  • Be especially wary if there is unnecessary time-sensitivity to the message, with verbiage demanding “Immediate Action Required,” threatening “Act Now to Avoid Account Closure,” etc.
  • If a “friend” has sent you an e-mail about an activity that you’re collaborating with him/her on but it doesn’t appear legitimate, use a different communication method (such as a phone call or social media interaction) to confirm authenticity of the friend’s message.
  • Remember that legitimate companies don’t request sensitive information or send you file attachments via e-mail.
  • Consult trusted resources such as this US Federal Trade Commission site to learn more about threats like phishing.

“Never share your personal information”  

Fortunately, I grew up in a neighborhood where most of the local parents knew my parents well, and they all kept an eye on us when we were playing outside. My how times have changed!

So, admittedly this advice is a tough sell in the modern era. I recently read that this is the first era in world history in which we become “friends” with most of our contacts- through social media, dating apps and gaming technology- without ever meeting those same contacts in person.

How this childhood advice applies to modern cybersecurity:

  • There’s a time and place for the information that you share online. Remind your family members that they should be careful not to share their complete name, age, detailed contact information or physical location on the Web. A 2018 episode of “Web of Lies” on ID Discovery titled “Dangerous Games” documents a real-life situation in which a teenage gamer revealed his physical location to a fellow gamer, resulting in extremely unfortunate consequences for both.
  • Heed my classic advice that if something or someone online appears too good to true, it probably is. Listen to your instinct and disengage if you need to.
  • Remember that simple questions such as, “Your dog is so cute! What’s his name?” might represent social engineering attempts to obtain information that could be used later to access your online accounts.
  • Never utilize passwords that contain your personal contact information, such as your date of birth, Social Security Number, mother’s maiden name, etc.
  • Review trusted resources such as this My Sudo blog, to protect your online information more effectively.

“Don’t be afraid to speak up.”

Society has made a lot of progress on this element over the years. Electronic communication has helped to document undesired communications from others and viral smartphone video has literally transformed the world.

However, the volume of electronic communications and the power of Internet search engines mean that it’s much easier for others to find you and contact you anytime. To give a direct comparison, bullying essentially occurred during school hours when I attended school, but now cyber-bullying can occur 24/7/365.

How this childhood advice applies to modern cybersecurity:

  • Recognize classic cyber-bullying warning signs, including uncharacteristically emotional reactions after family members are online or utilize their phones, withdrawal from social activities that previously brought them pleasure or unusual fear associated with school attendance or a particular class at school.
  • Maintain an open environment within the family, where online activities can be discussed openly, even activities like social media postings that may have resulted in a sense of regret after they are made.
  • Remind all family members that, “if you see something, say something.” They should be encouraged to take action right away when they experience unusual online behavior, because it’s much easier to address problems immediately without allowing them to snowball.

To Learn More

I’ve been a major proponent of’s Blue Shirt Day for many years now. You can find a lot of beneficial cyber-bullying resources on the site’s “Get Help Now!” tab. And, if your organization develops applications for users of any age, you can sign up for a 30-day free trial of HCL AppScan to protect your business apps from potential security vulnerabilities that can be leveraged by cyber-criminals.

Comment wrap
Secure DevOps | June 24, 2022
Automatic Issue Correlation Now Part of HCL AppScan
There is no silver bullet that can solve the application security challenge. Each of the core technologies (IAST, DAST, and SAST) has strengths and weaknesses.Auto Issue Correlation allows us to leverage the strengths of each technology, while overcoming weaknesses with the advantages of the others. Furthermore, Auto Issue Correlation enhances your AST capabilities, improves your prioritization process and reduces remediation time and effort.
Secure DevOps | June 6, 2022
Guide To Reliable Application Security Testing Software
Looking for a secure solution for fast, accurate, and agile application security testing? You can come across reliable market-leading web application security testing facilities that quickly detect system vulnerabilities. Read the blog to know more.
Secure DevOps | May 20, 2022
New Vulnerability in Spring Framework Detected
A new vulnerability, dubbed SpringShell in Spring Framework, was recently discovered by the HCL AppScan team.SpringShell was given a CVE ID of CVE-2022-22965, and results in Remote Code Execution (RCE) upon successful exploitation, compromising the web server and putting it under the attacker's control. It affects Spring Framework versions 5.3.17/5.2.19 and lower (it was patched in versions 5.3.18/5.2.20).
Filters result by