Cybersecurity Basics: Protecting Yourself Online
A lesson teaching secondary students practical cybersecurity skills including password management, phishing recognition, and account security.
Overview
This lesson gives students practical cybersecurity skills they can use immediately. Rather than abstract theory, it focuses on real-world scenarios: recognising phishing messages, creating strong passwords, understanding two-factor authentication, and knowing what to do if an account is compromised. Students leave with actionable steps to improve their own digital security.
Learning Objectives
- •Create strong, unique passwords and understand why password reuse is dangerous
- •Recognise phishing attempts across email, messaging, and social media
- •Understand and enable two-factor authentication on their accounts
- •Know what to do if they suspect their account has been compromised
Activities
Password cracking challenge
10 minutesShow students how quickly common passwords can be cracked using publicly available tools (demonstrated safely). Compare weak passwords like '123456' with strong three-word passphrases. Students create their own strong passphrase using a provided method.
Spot the phish
15 minutesStudents examine a collection of real and fake messages (emails, texts, DMs) and identify which are phishing attempts. Discuss the telltale signs: urgency, suspicious links, impersonation, and requests for personal information.
Two-factor authentication walkthrough
15 minutesDemonstrate how two-factor authentication works and why it matters. Students identify which of their own accounts support 2FA and create a checklist of accounts to secure. Discuss the difference between SMS and app-based 2FA.
Account compromised: what to do
15 minutesStudents work through a scenario where their social media account has been hacked. They identify the correct steps: change passwords, enable 2FA, check connected apps, notify the platform, and alert friends about potential fake messages from their account.
Discussion Points
- •Why do people reuse passwords even though they know it is risky?
- •How can you tell if a message from a friend's account is actually from them?
- •What would you do if you accidentally clicked a suspicious link?
- •Is it worth the inconvenience of two-factor authentication?
Key Takeaways
- •Use strong, unique passwords for every account — a three-word passphrase is both strong and memorable
- •If a message creates urgency and asks for personal information, it is likely a scam
- •Two-factor authentication is the single most effective step you can take to protect your accounts
This content is designed to support professionals in their safeguarding role. It does not replace your organisation's safeguarding policies or training requirements.
Related Resources
Was this page helpful?
Last reviewed: 2026-03-29