Rochester Public Schools continues to deal with the aftereffects of a cyberattack this month that came just weeks after Minneapolis Public Schools experienced a similar data breach.
Cyberattacks in schools are becoming more and more common. Yet most cybersecurity tips are geared toward adults. So how can adults talk to kids about staying safe online?
We called Zinet Kemal, a cybersecurity professional and children’s book author living in Blaine. Zinet, an Ethiopian immigrant, is the author of the books Proud in Her Hijab and Oh No…Hacked Again! Her next book, See Yourself in Cybersecurity, focuses on cybersecurity career exploration for older kids. She plans to release it in June.
Adults have been quick to provide kids with technology, Zinet said, but often don’t educate them on how to use it safely. Stories can help kids understand how a complicated issue relates to their lives, she said.
In Oh No! Hacked Again, eight-year-old Elham realizes she has been hacked after sharing a password with a friend in an online game. The book shows three siblings learning to protect themselves from real-life hacking scenarios, with help from their mom, a cybersecurity engineer. The kids in the book are based on Zinet’s own children.
We asked Zinet about talking to kids about cybersecurity and the importance of diversifying the field. This conversation has been edited for length and clarity.
Why did you decide to write Oh No…Hacked Again!?
During the pandemic, my kids came back home for distance learning in three different classes—and there was the baby, because I was just out of maternity leave for the fourth one. They got hacked while they were doing their online gaming, because that was their main socializing space. On more than one occasion, two of my kids got hacked. Then I kept hearing also in these Facebook mom groups, the same things happening. And I said, what’s going on? I work in cybersecurity. I try to warn them, but it still happens. And at that point, I published my first children’s book, Proud in Her Hijab. I thought, this is an immediate problem. I don’t think parents know. So I thought, why not share our story?
In your experience, are kids running into trouble mostly in gaming or in online learning? Where have you seen kids encounter cybersecurity issues?
I think it’s everywhere. This specific story, the hacking that happened, was gaming, because that’s where the kids like to spend their time. While they’re gaming, they talk to other people. And then on the other end, it may not actually be kids. They say that they’re a 12-year-old girl, but it might be a grown person looking to harm them. They try to find that social network trying to play online. That’s where I feel like they’re most vulnerable—as kids, they trust whoever is talking to them. Everyone is a stranger, but they consider them as friends. For my kids, it was mostly the chats, because they use different chatting platforms outside of the game to network. They use that chat, audio, and text communication while gaming online live.
What do you think are the biggest cybersecurity risks for kids, and what are the lessons you want to share with them?
For kids, the biggest risks are the trusting piece and just not knowing. I think that’s where the education piece comes in.
When I do author visits, I ask [the kids]: What is personal information? What are you not supposed to share? Not sharing things on social media—their address, their school name, all of those things could expose them to online predators. Password sharing. They think everyone is their friend just because they talk to them, but not really.
When it comes to tips for parents: Whatever the kids are putting online, it’s going to stay there forever. You can’t go back and delete it. We teach them how to be kind in person, but maybe they don’t think that it’s going to affect other people if they’re typing something mean. I always say kindness also applies online, because cyberbullying is a big issue too.
Phishing links: They get a lot of links. So avoid clicking those things. They get bombarded sometimes; enter your username and password to a website so that you can get free stuff. It’s always good to remind them to ask a parent or an adult in school before entering your sensitive information.
How do you recommend adults talk with kids about cybersecurity?
Get on their level. You have to have some sort of way to relate to what they’re doing. Telling a story is always helpful, because they listen to you, and they’re receptive to what you’re saying. In author visits, usually when I ask who plays games, everybody raises their hand. They would always have stories of who’d been hacked. They ask very critical questions. Talking to them about something they love, like gaming, is good. Also telling them real-life stories about the impact it would have.
And having open and regular communication with their parents. Show interest in what they’re doing. Online predators like to isolate the kid from the parent—don’t talk to a parent, don’t tell this. So always make them feel like they can come to you, instead of admonishing them.
Have that regular communication always, and make them comfortable so that whenever anything happens, they come and ask questions and resolve it with the grown-up, instead of trying to deal with something on their own.
Depending on the age group, some level of parental control is also necessary. And being a good role model on how we use our tech, because they model a lot of the things that they see from their parents and grown-ups in their life.
The kids in your book—and your actual kids—have a mom who’s a cybersecurity engineer. But not all kids have that. Some parents feel like they know much less about technology than their kids do. So what would you recommend for those kids and for those parents?
I always say that it should be part of school teaching. We can’t teach them everything at home. I am a big proponent in having some sort of curriculum at least introduced about online safety. When I do local school author visits, the teacher is like, “We need this.” They have technology classes at some of the schools, but not really anything about teaching security. If not the parents, the school should be educating and fostering that kind of conversation. It could be through stories and books.
I think it’s important to build that security mindset. The biggest concern in cybersecurity is the humans’ weaknesses that always affect the system. No matter what kind of control is in place in bigger organizations, if one human clicks a link, it could expose the whole organization.
Tell me about your next book, about cybersecurity careers. Why did you want to write that book?
I just announced the pre-order yesterday. It’s titled See Yourself in Cybersecurity.
The field has a lot of gaps. A lot of it is misconceptions about what it is. People always associate being in cybersecurity with hacking. Hollywood is to be blamed: Whenever somebody is in cybersecurity or hacking, they’re always showing a male in a basement typing fast on screen. But the field is really broad, and it has different specialties and areas. That’s not always clear for people, let alone for children. You see career books—you can be a doctor, you can be this and that, but we don’t really hear about cybersecurity.
I think if we’re starting to teach kids with different characters that look like them pursuing this field, it would inspire them, give them that motivation to say, I could be a cybersecurity professional.
Find Zinet’s books
Zinet Kemal’s books Oh No…Hacked Again! and Proud in Her Hijab are available on her website and on Amazon. Oh No…Hacked Again! is for ages 6-14. It is also available in Spanish and as a coloring book. Zinet’s forthcoming book, See Yourself in Cybersecurity, for seventh graders and up, will be released in June. You can preorder it on her website.