Questions? Call 877-752-7170 or

Security Awareness for Fourth Graders

By Tony Flick | January 24, 2010

Back in November, I had the opportunity to take part in the Great American Teach In. This event takes place at schools around the Tampa, FL area and invites local volunteers to come into the classrooms to teach kids about their job. The objective is to familiarize kids with differing careers and hopefully get them excited so that they do well in school. For my experience, I spoke to a group of 4th graders regarding online safety and security. I figured a lesson in online safety would be more beneficial than teaching them the latest social engineering techniques or how to execute a cross-site scripting attack that pops up an alert box with their friend’s name in it. I can only imagine what would happen with the kids going home and telling their parents that Mr. Flick taught me the best way to break into data centers. For full-disclosure purposes, my hidden agenda in this blog entry is to convince you to volunteer next year and potentially provide some tips if you do volunteer. While this event was in the Tampa, FL area, most schools have a similar type of event.

I tried to keep the powerpoint slides to a minimum and cover only relevant topics for fourth graders like cyber-bullying, acceptable/appropriate use, adult supervision, not believing everything that you read online, protecting their sensitive information, not meeting people that you met online,…and of course answer tons of questions from the kids. Considering most adults consider presentations to be a Death-by-PowerPoint event, fourth graders probably won’t be too excited to look at slides either.

I was completely surprised at how much the class was a microcosm of a company/organization. While there were too many examples to list, I would like to go over a few. First, how many of you have used food to bribe people in attending your meetings or security awareness classes? This is usually a pretty common technique and I took full advantage of it. Now, I of course didn’t have to worry about attendance, since it was school, but it came in handy for other reasons. Before I dove into the extensive 7-slide PowerPoint presentation, I asked the class if they had any questions. No one raised their hand, so I informed them that anyone who asks a question would get a piece of candy. In a strange coincidence, every single student immediately raised their hand to ask questions.

The potential to get candy got most of them to pay attention, but shockingly not every student gave me their complete attention. Apparently, gossip and trying to get me to tell them how to hack their friend’s computers were more important to fourth graders. Just like water-cooler gossip at a company, some of the kids were more interested in whether I was dating the teacher than my comments on cyber-bullying. If any of the students who were whispering about it do happen by this blog post, yes I did hear you and no I am still not confirming or denying it.

While some of the questions I received were fairly predictable (ex: is it safe to put pictures of my dog online?), some took me by surprise. I don’t have any kids, so I wasn’t exactly sure how to answer questions like “how do you use Club Penguin safely”, since I had no clue what Club Penguin was. Thankfully, one of the teachers informed me it was basically a kid’s chat room, so I was able to answer it. The kids did ask several serious questions though, including:

  • If someone is cyber-bullying me, I should tell an adult, but what do I do if a family member is cyber-bullying me?
  • If someone I don’t know tries to talk to me in Club Penguin, what should I do? At what point should I call the police?
  • If I go to an inappropriate Web site on my parent’s work laptop, will they get in trouble?
  • Will a firewall protect me from the bad Web sites?

The last question is particularly interesting considering it is very similar to a question I get asked all the time “does a firewall mitigate web application attacks?” So in my effort to convince you to volunteer your time, here is a list of some of the benefits of volunteering your time:

  • Good way to get rid of your excess Halloween candy
  • The hand-drawn thank you cards from the students will be very entertaining
  • Great reminder that your job makes a huge impact

All in all, I had a lot of fun talking to the class. Most importantly though, I was able to help the kids understand how to deal with the dangerous situations they face when they go online. While it would obviously be preferable that they never have to face those dangerous situations, it is most likely inevitable. Which is why I highly encourage you to get involved and volunteer your time as a security expert.