Modern Life

How to keep your college-bound young adult safe and cybersecure

Parents are packing off their kids to dorm rooms and first apartments, but do they know how to keep them safe from digital threats?

By Heidi Mitchell — August 31, 2023

In the past few weeks, as parents prepared to drop their kids off at college or move them into their first apartments, the right-size linens, required books, and choosing a meal plan are top of mind. Laptops, tablets, cell phones, routers, printers, gaming consoles, and other digital paraphernalia are also in tow — but how to keep those devices safeguarded from would-be cybercriminals often remains an afterthought. 

Hacks against university technology infrastructure are on the rise, with the educational services sector experiencing 1,241 incidents in 2021 alone, 282 of which involved sensitive data disclosures of students, according to Verizon’s 2022 Data Breach Investigations Report. Howard University was recently forced to cancel all classes and shut down its Wi-Fi due to a ransomware attack. UCLA’s hackers used stolen personal data to blackmail students, leading America’s top public university to call in the FBI for help.

“When you think about higher ed, there is no other industry that has 25% of their user base turn over year after year,” says Steve Inch, principal print security strategy & product management, Print Hardware Systems, at HP. “Students are bringing smart TVs, gaming consoles, laptops, Alexas, you name it, and along with them, bringing exploits onto the school network without knowing it. The university campus can be the Wild West.”


RELATED: 7 ways to shop sustainably for back-to-school


The knowledge gap

Parents often assume that their tech-savvy kids — or their institutions of higher ed in loco parentis — have it covered. 

A non-scientific email survey we conducted among a network of moms of newly minted adults affirms that most parents barely consider cybersecurity issues that their offspring might encounter as they venture out of the nest. One said she assumed her son’s school would ensure his online safety. Another began discussing her child’s digital footprint when she bought him his first phone, but since he’s fairly computer literate and doesn’t use social media, she figured he’d be safe once he settled into his Georgia dorm. A third admitted that she didn’t pay attention to cyber safety, really, at all. “He just connected to the Wi-Fi at his dorm and that was it!” she says.

And awareness among college students themselves wasn’t much better, according to a recent report. Despite them understanding that nothing is private on the internet and that their data might not be secure on university systems, they remain unsure of how to best protect themselves. Worse, writes the author, San Jose State University professor Abbas Moallem, “it appears that educational institutions do not have an active approach to improve awareness among college students to increase their knowledge on these issues.” 

This should leave parents concerned — and spring them into action. Teaching young people the basics of cyber hygiene can help them as they move from being kids under watchful parental eyes to full-fledged adults who will have to manage credit scores, critical documents, private exchanges, and so much more. “As parents sending our kids off into the world, there is a lot we can do,” says Rob Rashotte, VP of global training at Fortinet, a leading global cybersecurity company based in Sunnyvale, California. 

“As parents sending our kids off into the world, there is a lot we can do.”

— Rob Rashotte, VP of global training, Fortinet

Start with a conversation 

Your child’s cybersecurity journey should begin with a  conversation about what you do and don’t put on the internet (especially on social media). “Kids often put out information that they shouldn’t online,” says Rashotte. “That may impact them in a job interview, but they probably don’t think much about it because they don’t face any consequences today.”

It can also help bad actors to steal their identity. A chat about the permanence of the internet is foundational, as is one about trust. “Growing up online, kids have a certain level of trust that they really shouldn’t have,” Rashotte adds. “They should have a mindset to trust no one and nothing in the digital world.” 

Have a plan in case devices are compromised

When it comes to devices, experts recommend starting with the things we use the most. “You have to have a plan,” says Inch. “My middle daughter left her smartphone at a bar in Venice and it was gone. But since we had a plan of action in case it was stolen, it was fine.” She followed sage advice and had backed up her phone (and laptop) regularly, Inch says, so every file was able to be retrieved off the cloud.

Mind your passwords

Of course, backups aren’t entirely failsafe, cautions Rashotte. “Information is still vulnerable in the cloud, so we have to be sure everything is locked down with strong passwords,” he says. A password manager is a great way to solve so many problems, experts agree. Many are free, use two-factor authentication to access, and require users to only memorize one strong password. “Our phone or laptop can be that dual-factor authentication device, so a bad actor would have to have both in order to break into our password manager and steal the passwords for everything from cloud storage services to banking websites,” notes Rashotte. 

Inch adds that, whether or not you use a password manager, you should enable two-factor authentication for important services like school logins and banking, even food delivery like Uber Eats and Door Dash, and both on and off-campus healthcare.

“You want to strike a balance between security and productivity and today’s multi-factor authentication services are improving their usability,” he says.  

Secure your browser

Though universities are trying hard to keep up with the cybersecurity threats that are exponentially expanding, students can beef up their own personal privacy by downloading a virtual private network (VPN). These can also often be free and encrypt the tunnel that connects a device to the internet, a network, or another device. The one caveat is that they sometimes block “safe” websites, so they may need to be switched off to access, say, a school server. Tethering to your smartphone can also work in a pinch, using your cellular data rather than public Wi-Fi.

Whether your child is using a VPN or not, remind them never to click on links in texts or emails from unknown sources; these are very often phishing expeditions — a huge risk factor for young adults. And tell them not to click through to sites that don’t have an “s” after the “http.” “No ‘s’ means not secure,” says Inch. “You can also show them how to hover the cursor over any link in an email to reveal the web address. If it looks oddly unfamiliar or weird in its construct, never click on it."

A colorful illustration of college students unpacking and setting up their dorm rooms.

Jiaqi Wang

Tap your ISP for help

For parents moving kids into apartments, as a paying customer, you can always contact the wireless and cable service provider and ask about enabling parental controls. “The providers are starting to become concerned about security because of liability issues, and if you’re paying the bill, you have the ability to put some blocks around specific categories of sites, like gambling or e-commerce websites,” says Rashotte, whose company sells these technologies to providers. “You’d be surprised at the fine-grain control that you’d be able to turn on and turn off. You can also just set it to allow a warning to show up so your child is aware that they are going to a website that has been flagged as unsecured.” 

Use a newer generation Wi-Fi router

When setting up their routers and Wi-Fi in their dorms or apartments, never use the factory default passwords, urges Inch, who adds that those credentials live on a list somewhere that can be stolen. Be sure to to set your Wi-Fi encryption to WPA2 or WPA3, if available, keep your firmware updated and secure the admin login with a hard-to-guess password immediately upon installation. “Many routers have a guest network,” Inch says. “Use it for friends and family, but still change the password three to four times a year.”

School ties

HP’s Inch also reminds parents to set up an appointment with their child’s school’s IT department, either during drop off or for when they’re settled. “No one does this, but you should,” he says. “Tell them, ‘Here are the devices I am bringing to the school. What security do you have in place to ensure that I’m protected?’” They’ll know what you do and don’t need and can troubleshoot any issues. “You’re paying tuition, use this service!” he says. Also ask how and where students will be printing documents outside of their dorm. “Freshmen entering college are very digital-savvy and much less document-savvy as they transition to professors who request printed documents,” says Inch. They could fall prey to inadvertently clicking on a phishing email attack from a remote university printer if they log in at the printer control panel to access their email and print a document. If there are HP office multifunction printers on the school’s network, they have highly effective defense-in-depth features that automatically trigger a self-healing reboot of the printer if the printer has been compromised, all without university IT staff intervention. For sensitive documents, enable HP’s Smart App’s Private Pickup feature that recognizes they're physically at their printer, so a roommate or other dorm resident doesn't see them first.

Purchase products with baked-in security

For additional security, look for devices that “self-heal” — that is, which have software built in that detects unusual activity, isolates it, then reboots to reset itself. HP’s Wolf Security suite, for example, protects against novel attacks, automatically restores a system to its previously safe state if attacked or corrupted, and automatically updates software. HP+ printers with Smart Security provide enhanced security right out of the box including automatic firmware updates and features that keep documents secure and fend off dangerous malware in the background.

Tell your kids to sign up for alerts or set device settings to automatically alert them to any available updates so they can always keep their PC/laptop software updated with the latest from its manufacturer; those updates are usually patching potential attack vulnerabilities. And definitely educate them not to do anything private on a public network, where any savvy hacker can see all their credentials. 

A little bit of awareness goes a long way

Our kids’ digital footprint is massive, which means there are infinite opportunities to get scammed or breached. The key, says HP’s Inch, is learning situational awareness. “You’ve taught your kids what to do when there is a threat in the physical world, and it’s the same in cyberspace,” the father of three says. “Teach them to understand their environment, look around, recognize what avenues they have to use against an attacker, and protect themselves.” 

The rest, as they say, is up to them.


Learn 7 cybersecurity terms every hybrid employee should know