Interview with Dr. Samuel McQuade, PhD on Cyber Safety

About Dr. Samuel McQuade, PhD: Dr. McQuade is the author of numerous seminal texts on the issue of cyber safety and cybercrime, including Understanding and Managing CybercrimeThe Encyclopedia of Cybercrime and Cyber Bullying: Protecting Kids and Adults from Online BulliesLiving with the Internet, Cyber Stalking and Cyber Bullying, and Internet Addiction and Online Gaming. He worked as a National Institute of Justice Program Manager for the U.S Department of Justice, and as a Study Director for the Committee on Law and Justice at the National Research Council of the National Academies of Sciences. Dr. McQuade has also worked as an Air National Guard security officer, school resource officer, county deputy sheriff, detective, city police officer, and organizational consultant for police forces.

Dr. McQuade is a professor at Rochester Institute of Technology, where he teaches on cyber safety and cybercrime, and also engages in in-depth research on these topics. He earned his bachelor’s degree in Human Services Management from Western Washington University. He received his Master’s Degree in Public Administration from the University of Washington, and his PhD in Public Policy from George Mason University. Dr. Samuel McQuade was compensated to participate in this interview.

[] What are the essential elements of cyber safety (i.e. central best practices, key measures to protect children from cyber hazards, etc.)? What should parents, school social workers, teachers, and other school personnel do at the individual and community levels to help ensure children’s safety online?

[Dr. McQuade] You can get the list of best practices off of 100 different websites, but the essential elements that I think for cyber safety have to do fundamentally with knowing your device and how it’s connected and what it’s connected to. An analogy that I sometimes use is–when I grew up it was really important for all drivers to have a very fundamental knowledge of their car that was beyond just kicking the tires. You had to check the air in the tires. You had to check the oil. You had to check the fluids. You had to listen to the car and know when it was running.

You can do the same thing with your computer, or with any device you’re using. What are its safety features? What are the things that you can do while using your device to protect yourself? So just as you need to keep a car up, you need to keep a computer tuned up. You need to continually update your virus protections against malicious software. So you have to have those protections activated and you have to make sure that they’re updated on a regular basis. I think you need to be really careful in how you process messages received. A classic example is you never, ever click on an attachment that is embedded in a message from someone that you don’t know. Don’t do that because once you click on it you can launch the malware right from there. Same is even true of email now. I think that’s why people are really transitioning to instant messaging and texting so much rather than email. You don’t have quite the ability to embed things. You need to be on your guard against not just the scammers and the spoofers but also the people who would manipulate you.

The whole concept of social engineering is very prevalent. Social engineering is where bad guys and bad girls manipulate you to give up information that they can then use against you. So the thing that’s most sought after is passwords. Now social engineering, and everything else in this business, can occur online as well as face-to-face. And oftentimes it happens as a combination of the two. So people can present themselves as a business and engage in social conversation, while in effect scoping out the kind of systems that you have, where the servers are located, where the passwords are located, and maybe divert your attention and get the password and other relevant login information. It’s a horrible practice. Or you can engage in social networking and find yourself in communication with someone whom you think you know, and of course how do you really know that you know that you’re talking to someone that you know? People can masquerade online and they can entice you to give up information of all kinds.

So how do parents teach their kids about this and help them abide by good cyber safety practices, since children will probably encounter people that claim to be someone but are not actually the person they claim to be? Just as you and I grew up with stranger danger concepts, children today need to be instructed that strangers can be online as well. What’s really baffling and dangerous about online strangers is that the really good ones can pretend to be someone that the child knows–Uncle John or Aunt Sally. And they can do this because they’ve done their background research. If all these kids are posting this information up on social media websites, it’s open to the public and can be data mined. Pertinent information that can then be used to ingratiate oneself to the unsuspecting child, a vulnerable child.

Sexual predators do this all the time. They befriend an unsuspecting, unwary child, making certain promises. Initially they’re very limited in scope and over time they get the trust of the child and then this relationship develops into a very exploitable kind of relationship where the child is increasingly preyed upon for more and more favors.

I think there are some very specific and practical things that parents can do, and it is an age dependent experience, meaning that what goes for a K through 6th grade child is different than for a middle school child and further different from a high school child. But the parent still has responsibility to help that child user to be well and safe online.

To be specific–first, I think that parents need to become good users themselves of IT devices. So it’s kind of cool today that people are using IT devices on a huge scale in their businesses, for personal use, recreational uses and so on. We all pack around our phones, which increasingly the Galaxy note class or the iPhone 5 or 6 class with the enlarged screens and they accommodate a talk text interaction capabilities and so on, and so these devices are becoming part of who we are and how we’re able to do what we do for personal and professional reasons. When that happens, then those adult users become that much more capable of monitoring the use of the IT devices among the children for whom they are responsible. So it’s not just mom and dad, but in this day and age its relatives, family friends, church workers, social workers, human service workers, teachers, coaches.

All these people are using these devices, and as they use these devices they need to consciously extrapolate from their own experiences to share with children about how to be safe.

When you monitor a young child, you should actually sit down with them side-by-side and take an interest in the activities that they’re engaged in online. See what they’re doing. Ask whom they’re socializing with. See how savvy they are in their navigation of various commands or device safety and security. And to the extent that the child doesn’t know what to do then the parents have a responsibility to teach them what to do through resources available in the community. The key is for parents to become truly proficient in using their devices so that they can properly parent their children and supervise their children in the digital age in which we live.

What adults can then do is continue to engage their children in conversations: “So what are you doing with the device?” “Oh, social media,” they might reply. But don’t stop there. Ask them questions like, “Whom are you friending? Do you know who your friends are or do you just friend anybody? How do you keep track of who your friends are? How do you focus and pay attention in your daily learning? How do you stay on top of this so that you don’t get sidetracked with all the information that you can be bombarded with through social networking or just Internet exploration?” These are topics that are relevant to adults as much as children, so really in asking these questions you are setting the stage for your kids to become competent adults in the digital age. Now that goes for the primary school-aged children, not just for the middle school children; start teaching your kids before it’ll be corny for them and they’re really starting to earn their independence.

A responsible adult needs to take an active interest to continue to monitor and teach, and they do it on the basis of their own knowledge and use of the devices. If you got an adult who in this day and age doesn’t use this device then they can’t very well hope to understand much less teach a child how to use it.

So it’s a simple analogy, but it’s really true. When I was growing up in the 1950’s, my sisters and I, we needed to be taught how to use the telephone. Some of it we picked up on by just watching adults use the telephone. But we also needed to be taught how to answer the phone, how to properly take a message, so on and so forth. Telephone etiquette, right? You don’t call other people during the dinner or supper hour because that’s family time. Remember I’m talking the 1950’s. Well the same kinds of principles are true for today, but the parents first need to become responsible users in their own right so they can impart the lessons to their children. The parents do it at home, the teachers do it in school, and everybody else does it in their ancillary roles whether it’s in church or community centers around the athletic field.

Now when kids get to high school, today it’s still largely true that the kids know more about the darn devices than the adults do, but that’s changing, and in another ten years when today’s high schoolers are having their kids, I don’t think technology is going to change that much more, I really don’t. I mean it will in technical ways. We’ll have flying drones and all kinds of medical wizardry and so on, but the basic communication devices that we use as students and residents, I kind of think we’ve reached a plateau, not in technical capability necessarily but in the basic devices that we pack around and how we use them. I think it’s going be a long time before that becomes truly revolutionary once again, which is to say that we have an opportunity to get caught up now.

[] What are some effective measures that parents and school personnel can implement both at home and in school settings to protect children from cyber safety threats? Should parents, school administrators, teachers, and school social workers try and keep up with advances in communication technologies–will that help them manage cyber safety threats affecting their kids and students? Or is the more effective route to teach children cyber safety best practices at a young age? Or is it a combination of both along with other strategies?

[Dr. McQuade] Here’s what I think is needed in education at the national level, and then across our some 38,000 school districts in the country. I think in this day and age our society needs educational standards that apply to cyber safety. So you probably heard of the Common Core, which is a new federal set of educational standards that school districts are wrestling to meet in order to assure their future federal funding and so on. States are wrestling with it, school districts are wrestling with it, and it’s in the process of being implemented.

But there are educational standards and they have been in existence for many, many years at the federal level through the Department of Education and in every state. Every state has educational standards. And what’s important to know is that historically we have not had educational standards that explicitly address the cyber safety needs of children, nor do they require teachers to teach the subjects. So what I have said for a long, long time is that we need to figure out in our country how to move the public and private education sectors towards delivery of cyber safety instruction.

How do you do that? The first thing you need to do is you need to either add onto or incorporate into existing standards something for cyber safety. Integrate into what we already do lessons that have to do with cyber safety. So for example, at the federal level and in all states across the country among the standards that already exist is a standard for teaching technology. What that means is teaching information technology systems and devices to our students. So whether it’s computers or laptops or tablets or phones, we should be teaching them how to integrate that into their lives, but in a safe way. The emphasis has never been on doing it safely with regard to security practices in the past, and that needs to change.

We can do the same thing with existing health standards. All students across the country are taught health standards. You had health education, I had health education, everybody gets health education. Cyber safety is an aspect of health. If you want to be healthy in society, you shouldn’t be addicted to various aspects of the Internet. Health has to do with well-being, and so a person who is cyber bullied is not well. And for that matter, and not to go psychological on you, but neither is a cyber bully or the groups of cyber bullies that target victims. So there’s two examples of standards that already exist, technology and health, that we could integrate cyber safety into so that we have a target for teachers and school districts to go after.

[] For school personnel who are interested in supporting cyber safety measures in their school community, how can they gain the knowledge and training necessary to help students, parents, and school staff? What resources do you recommend school social workers and other school personnel refer to when planning and implementing cyber safety initiatives on campus?

[Dr. McQuade] The immediate resources that come to mind for teachers, parents, human service workers, you name it, in no particular order, would be the National Center for Missing and Exploited Children, NCMEC . They have lots of resources, tutorials, lesson plans that can be incorporated into existing classrooms or that parents can sit down and watch with their children that have to do with Internet safety, preventing cyber bullying and so on. So that’s one resource. Another terrific resource will be the Department of Commerce. The Department of Commerce is engaged in making sure that businesses can thrive across our country and businesses need to be safe. They want customers to safely engage in online commerce.

There’s a whole history to this too–it turns out that the Department of Commerce has become a huge player in the promotion of Internet safety for consumers of all ages. So that would be another resource. And what’s nice about NCMEC and the Department of Commerce is their official sites. NCMEC is a nonprofit, partially subsidized government organization with a long, long history and they’re all about child well-being. The Department of Commerce of course is our government and what it does has to be carefully scrutinized and they’re looking out for the people. That’s what they do.

Other excellent resources are IKeepSafe ( Marsali Hancock runs it. I’ve known Marsali for years and that organization. IKeepSafe is a tremendous resource, even better than the National Center for Missing and Exploited Children. They have video lessons that have already been developed. They’re working with school districts all over the country, have been for over ten years, and so the teacher who wants to design lesson plans and implement these lesson plans, they don’t have to start from scratch. They can go to IKeepSafe, they can go to NCMEC, and they can look at what’s already been developed, and then they can customize that information because it’s not copyrighted. It isn’t protected. It’s available to the public. That’s what these organizations do. Same is true for the Department of Commerce, and all of that information is available and then can be synthesized and incorporated into lesson plans.

In addition to seeking reputable resources online, I think that what professionals in school settings should do is confer with their information technology officer at school because that person is going to know what devices are in the school building, how they’re connected to the Internet, and what the safety standards are. The IT officer can provide a sort of infrastructure overview for the school social worker, teacher, or other professional, so at least he or she has that starting point. That professional then can tell the teacher further, all right, so the kids pack their devices and bring them to school, and now they’re going to connect to our network. The professional who wants to teach kids about internet safety needs to know the safety standards that the school already has set up for our online connectivity and how it is monitored. The teacher who wishes to design and offer cyber safety education has to have that fundamental knowledge of the infrastructure of their school building and their school district. How is it that kids connect when they’re sitting at a computer workstation? How is it that kids connect when they’re packing around their mobile device throughout the school building and on school grounds?

[] Since nationwide educational standards concerning cyber safety don’t currently exist, what can school staff, teachers, and parents currently do in the here and now to teach kids to be competent users of information technology?

[Dr. McQuade] So all adults–parents, teachers, school personnel–need to become competent users in their own right and then share what it is they’re doing, and when it comes to kids then we all have a responsibility to monitor in appropriate ways what it is they’re doing, how it is that they’re doing it, and caution them about potential risks, unnecessary risks that they may be taking. It’s a matter of lifestyle choices. I don’t mean in terms of what we consume, although kids are always competing to have a better phone, but we adopt certain lifestyles, and we need to practice what we preach. And I think that’s the trick to this stuff. We integrate it into our very lives just as teachers begin to integrate it into their teaching lives and what it is they do in the classrooms.

Teachers can combine their knowledge about technology from their own experiences with the materials they obtain from the resources I mentioned and their own expertise in their academic subject. People love to talk about things they know and they tend to be good at talking about things they know. So the English teachers can incorporate lessons about cyber safety into helping students learn how to read, write, and express themselves with literature. And you come up with clever lesson plans that students look forward to learning about and engaging in, you see?

And the history teacher could do the same thing. You know there’s a whole history to this stuff. Take a guess as to when cyber crime began. It began, and this is well documented in literature, it began back in the 1800’s. Because back in the 1800’s we created the telegraph and fraud was taking place using telegraph systems and the telegraph eventually became the telephone system, and all kinds of fraud and crime was occurring using the telephone. And eventually the telephone switches were computerized and that led to computerization, right? So today what we call cyber crime has been labeled all kinds of things throughout history. Never has it come into our consciousness this phenomenon. We haven’t sort of labeled it as such. Anyway, just for your own personal edification when you get a chance, read a book called The Victorian Internet. It was written by Thomas Standage. It’s a fun little book. It’ll take you less than a day to read, but once you start reading it you won’t put it down, and what he’s talking about is the sociocultural things that society was experiencing by virtue of the telegraph system. I’ve written about it in various places as well. So my point to you is a history teacher would have a ball teaching about that, so could a health teacher, so could obviously a technology teacher.

So in summary, it’s about using what we know and integrating it into existing classrooms. It’s about integrating rather than heaping onto, and then we need reward systems so that teachers that can deliver this innovative content that has to do with cyber safety. They can be rewarded in their evaluations, in their pay, through praise of their administrators, and praised by parents. Any teacher could teach something that they know about, and if they know how to be a user in a school building connecting through the school network they can share that information with the students.

Another thing that follows with this, and it’s portrayed prominently with the IKeepSafe materials, is that some of the best teachers of kids are kids, but supervised and coordinated by adults. So kids are always sharing information with each other about how to use their device better. “Oh, I can do this.” “Hey, I discovered this.” Back and forth, back and forth. They have this chat, face-to-face chat as well as online chat, and they’re curious. They’re explorers.

Instead of conducting a lecture that might not engage students, you can approach the kids and say, “Hey guys, let’s spend a few minutes chatting about how we’re using our phones. Oh, so you did this, you did that. That’s interesting. What did you do?” And you start to ask them about what they’ve done with their devices, and then as the lesson experience–I would characterize it as a lesson experience–begins to unfold, then the teacher can insert, “Well when you did that, did you ever think about the possible risk?” You get the kids to say in their minds, “Risk? What are you talking about?” Ah. There’s a teachable moment. Do you see what I mean? It can become a very dynamic, give-and-take learning experience rather than a stale lesson plan.

[] That is a great point. It is the difference between just reading stuff off of a website and then teaching it versus actually living the technology so that you can then talk to students about your experiences from a really informed perspective.

[Dr. McQuade] Yes. Exactly, and then you can relate to the kids. Because then the teacher is in a position to say, “You know what? I was engaging in some social media the other day and this is the experience I had. I was chatting with one of my friends, updated my profile. But I did it in such a way that it wouldn’t reveal too much about myself.” That’s what you can do. You can walk the walk, you can talk the talk, you can do it with credibility.

And it’s so empowering when it’s done that way as opposed to teaching something relatively stale out of a book. The other really cool thing that teachers increasingly can do is they can do what I’ve just been talking about, but they can do it while using the technology that’s available to them in the classrooms, on their own phones. One of the tricks that I used to do when I’d go into schools and talk to kids about this stuff is I’d say, “What do you got? Break ’em out.”

And all the kids would dive into their purses and their pockets and backpacks and they’d pull out their devices. Back in the old days there were often one to three kids that didn’t have any devices because they couldn’t afford them, and I would compensate for that and make them feel welcome, but then I’d pull out my own phone, and what we’d have is we’d have a dynamic learning session. So I could still maintain my posture as the adult and the teacher in control, but I could also let them know that I was just a person too using the same kind of device that they were, and they’d relate to that then.

How do you talk about this stuff to fourth graders? Well you have to do it in age appropriate ways. Now in our country, generally in primary and secondary school there are five age cohorts. The first one is kindergarten through first grade, K-1. The second age developmental category is 2-3, second and third grade. Then the third one is four, five, and six, and the fourth one is seven, eight, nine, and the last one, the fifth one, is 10-12. So curricula can be designed to reflect age appropriate developmental capabilities. So this is not dumbing down, this is better targeting of. You hit the kid on the bull’s eye with what they need to know, when they need to know it, and how they can use it in ways that they’ll be receptive to learning it.

So teaching the lesson is the first thing, and then the second thing you try to do as the educator is understand how much did the child retain. So what did they learn, what did they retain and for how long?

We do this systematically at the school district level by giving tests, how much did the students learn, right? And if we retest them the next year, well then we have an indicator of how much did they retain and over what period of time. And then trying to measure how much they applied things is even more indirect, but it’s evidenced by watching people grow up. You learned math along the way and so did I and we can use math now almost automatically. We incorporate it into our lives.

But over the last 60 years we’ve made a lot of progress. I mean we’ve got standards now, standards for what goes into hardware and software and infrastructure systems. Companies are building devices to standards and organizations such as NCMEC and IKeepSafe, they’re in general agreement on what people can do to be safe. Teachers don’t need to recreate the wheel. They can pick up from the mistakes that everyone else has made and get up to speed pretty quickly.

[] What are the effects that different cyber safety threats have on an individual? Specifically, what mental, emotional, and social trauma does an individual experience when they encounter such threats as sextortion, cyberstalking, cyberbullying, and online fraud?

[Dr. McQuade] Mental, emotional, social trauma–I would just say all of the above. It’s crime and abuse. So the effects of crime and abuse can be monetary or physical–damaged property, or physical harm to one’s person. What I have found through my research was that cyber bullying occurs in person as well as online, and it happens in school as well as out of school on school grounds but also then out in the neighborhoods, physically and in cyber space. And the prominence, the pervasiveness of the abuse and, when taken to an extreme, the crime that occurs is incredibly damaging because there’s no escape. There’s no place for the victim to go and escape.

They have to live in the real world and they have to walk to school and/or ride the bus and they have to occupy classroom spaces, the gym, and the playground. But then there’s no escape when they go home because they’re married to their devices and they can’t stay offline because it’s part of who they are, and so they’re online and then their profile gets trashed or some evidence is used on their profile to be gossiped about against them. And this is why tragically we have so many suicides in our country of kids that have been cyber bullied. When I say “kids,” I mean all the way through college, college kids committing suicide because they’re cyber bullied.

[] Are some groups of children and adolescents more vulnerable to cyber safety issues? How do factors such as a child’s age, social environment, and own self esteem play into being either a victim or a perpetrator? How do threats to a person’s cyber safety change as he or she gets older, and how can parents and school personnel address these changing threats?

[Dr. McQuade] Kids are vulnerable because they stand out. You can have the smartest kid in the class picked on because they’re the brain. You can have the weakest looking kid picked on because they’re the weakest looking kid, or the kid with glasses. Technically un-savvy people are also very vulnerable to being victimized. They can be duped. They can be manipulated in ways that they don’t understand and don’t recognize. It was a consistent theme in my research that any time a person presents him or herself as weak in some way, shape, or form he or she will be subject to being victimized because someone else can take advantage of it.

So part of this whole cyber safety education, lifestyle, practicing what you preach issue involves addressing self-esteem, helping kids to become not merely curious and tech savvy but become serious, competent users who are capable of navigating risk online. That’s powerful.

Thank you Dr. Samuel McQuade for your time and insight into cyber safety.

Last updated: April 2020