Ask your kids before posting their pictures online

Would you write down the personal identification number (PIN) to your bank's cash card and post it online? Or the password to your e-mail or other sensitive personal accounts?

The temptation of parents to post pictures of their children’s milestones on social media can be frighteningly like writing down their PINs and posting them online. 

The posts proud parents put up could contain valuable personal information about their children, potentially exposing them to hackers seeking to digitally compromise the kids' online accounts in the future.

According to Wikipedia, the fusion word "sharenting" - a term coined in a 2010 article by The Wall Street Journal - is a combination of "oversharing" and "parenting".

To quantify how prevalent sharenting is, British cyber-security firm Nominet has found that, on average, parents will post about 1,500 photos of their children online by the time they are five years old.

British bank Barclays has forecast that parental oversharing will account for two-thirds of identity fraud facing young people by 2030.

It cautions parents against revealing personal information such as names, ages, dates of birth, schools attended, and sports teams supported in the photos shared online. Such details could be used for fraudulent loans, credit card transactions or online shopping scams in the future when the children are older.

The seeds of children's identity fraud tomorrow are planted by the online actions of parents today.

The scale of the identity fraud possibly arising from sharenting makes the recent OCBC bank fraud, where $8.5 million was stolen from more than 100 victims in a SMS phishing scam, seems like child's play.

Our family learnt this lesson almost a decade ago when one of our sons was impersonated online.

We had agreed early in our parenting journey to keep the kids off social media until they could decide for themselves how to manage their accounts.

Despite our best efforts, we suspect that someone in our son's primary school took a photo of him and started a Facebook account impersonating him.

This came to my attention when our son asked about an active Facebook account in his name, with a profile photo of him, which he had been unaware of. Apparently, his friends who were on Facebook had started befriending the account and were starting to chat with him there.

Upon discovering the rogue account, I contacted Facebook, which took down the offending account before it could be used for cyber bullying or other malicious purposes.

At the time, as parents, we felt powerless to protect our kids from identity theft. Despite our best efforts, someone had still been able to impersonate our child online. We did not think it would happen to us until it did.

Given how prevalent sharenting has become, I imagine that some parents will point to our experience and say: "You took precautions, yet your child was still impersonated online. Why bother?"

According to a survey of more than 16,000 pupils by British non-profit group VotesforSchools in 2018, 60 per cent of primary-school pupils said that if they were parents, they would not share images of their own children online.

A 2019 study by the London School of Economics (LSE), which reviewed more than 9,000 data sources and conducted detailed focus group research on 150 secondary-school children, found that "children care about their privacy online, and they want to be able to decide what information is shared and with whom".

A 16-year-old boy in the LSE study put it poignantly: "Your information is specifically yours. Like your full name, mental health, that's to do with you. So, you should be able to choose who knows and who doesn't."

Ms Sandra Davis, head of British law firm Mishcon de Reya's family department, told The Guardian: "Children are the experts on the real and immediate impact of sharenting - the full extent of which we cannot know yet. We must ensure we listen to children and take their views into consideration."

For our family, the one good thing that came out of the cyber impersonation episode was that it gave us an opportunity to talk to our kids about their digital footprint online and to discuss when they felt they would be ready for social media. Both were well into their teens before they had their own social media accounts.

The incident also helped to acutely sensitise them to what should and should not be posted online. It made them realise how their personal information can fall into the wrong hands and be used against them.

There are no right answers on what should and should not be done in terms of parental sharing. Each family will have to come up with a threshold and comfort level, hopefully in consultation between parents and kids.

As parents, we want to give the best to our kids while protecting them until they are ready to fly solo. Increasingly, doing that in the digital realm will be as important as doing so in the physical world.

How much we share about our children could have huge bearing on their digital futures, long after we have forgotten what we have posted online.

Tips for protecting children from future identity fraud:

1. Ask for permission

Consider asking your child for permission before you share anything about him or her online. The act of having to ask for permission will likely significantly reduce the volume of posts and give parents more time to consider before posting.

2. Think of possible risks

Think through the short- and long-term consequences of your post. Ask yourself: How might what you share online affect your child's self-perception and career in the future? How could the information you are posting be used against your child?

3. Review friend lists on social media

Review the privacy policies of the social media platforms you are on. Allow only close friends to view posts of your child. Also, review your list of friends regularly and remove those you do not know well. Someone you barely know, who may be a "friend" on social media, might take a screenshot of your child's photo and post it elsewhere.

4. Keep children's personal data off social media 

One's full name, schools attended, date of birth and current location are examples of information which should never be posted online for public viewing. That is like writing down a bank card's PIN and posting it online. It makes it easy for hackers to take advantage of such information.

5. Be mindful of "digital tattoos"

Like a physical tattoo, whatever is posted - even if the contents have been set to "private" - will likely be available forever. Once information has become available for searching, it is very difficult to remove from the Internet.

The writer is chief executive of a medical technology company and an adjunct associate professor at Nanyang Business School.

Source: The Straits Times