Cymraeg
Hwb

An education practitioner’s guide to cybersecurity

Be cyber smart to avoid cybercrime

As an educational practitioner, you are responsible for safeguarding and protecting your learners, both online and offline. One key aspect of online safety is understanding good security practice in order to protect personal data and devices. Developing positive habits around privacy and security can help learners protect themselves from becoming victims of cybercrime, and from being drawn into criminal activities online.

This guide will explore ways you can promote and develop effective cybersecurity practice in your learners, as well as ways for you as a professional to adopt and put into practice good cybersecurity habits in school.

What is cybercrime?

The term ‘cybercrime’ is often used as an umbrella term to describe 2 types of criminal activity that involve technology:

  • cyber-enabled crime – traditional crimes whose scale or effectiveness can be enhanced by technology (for example child sexual exploitation, blackmail, fraud, extortion and drug smuggling)
  • cyber-dependent crime – crimes that can only occur using computers, networks, and information and communication technology (ICT) (for example hacking, cyber espionage, data theft, creating and distributing malware, and distributed denial of service (DDoS) attacks)

This guide focuses mainly on the latter – specifically on criminal activity that involves the theft of personal data or money.

What risks exist around cybercrime?

Cybercriminal activity poses risks to all online users. A 2021 academic study by the University of Birmingham and Avast revealed that 72% of adults in Wales have been affected by cybercrime.

Many apps and services rely on user data to drive their growth and development, which makes them attractive targets for cybercriminals. In particular, social media platforms encourage users to share information through posts, images and videos. With this information, a cybercriminal can commit fraud or identity theft, resulting in a loss of money or property for the victim.

Criminals also employ several strategies to extract data from victims, from scams such as ‘phishing’ through to the use of malware to steal data from devices and accounts or to encrypt data and hold it to ransom against users. Some cybercriminal activity also results in the destruction or deletion of data.

For young people with advanced digital skills, there is also a risk that their expertise leads them unwittingly into criminal activity through acts such as hacking websites, or the creation or distribution of malware.

How can I support learners to understand the risks of cybercrime and practice good cybersecurity?

Education

Providing regular learning opportunities on exploring issues around cybersecurity is key to helping learners develop their understanding. From an early age, it is important for children to understand the importance of secure passwords to protect their devices and online accounts. As they grow older, young people need to adopt more sophisticated strategies to protect their personal data (such as the use of privacy settings on social media platforms), and develop positive habits related to the maintenance of technology (such as keeping devices and apps fully updated and using antivirus software).

Remember, in any discussions around online safety and security, learners may share experiences that constitute a safeguarding disclosure. In these cases you should always follow your school’s safeguarding procedures and inform the designated safeguarding person (DSP).

Understand your role

Your school has responsibilities under the Data Protection Act to keep learner and staff data safe. It is likely that your school has acceptable use policies (AUPs) for staff, learners and visitors using school devices and networks. There are also procedures to ensure that sensitive data is protected. Familiarise yourself with your school’s expectations around cybersecurity.

Be a role model

An effective way to help your learners practise good cybersecurity is to demonstrate good security habits yourself. Remind your learners regularly about the importance of strong passwords; the use of trusted online services and how to get help if they are worried about data theft or cybercrime. Acting as a role model can also encourage your colleagues to adopt more secure working practices when using technology in school.

Promote the positive

Depending on the age of your learners, there may be young people in your school with advanced digital and technical skills that might enable them to commit cybercrime if used inappropriately. It is important to encourage those learners to use their skills responsibly and lawfully. The National Cyber Security Centre’s (NCSC) CyberFirst scheme provides information and resources on how to nurture talented young people into a cybersecurity background.

Refer where required

Should you discover that a child or young person in your care may be behaving in a way that could be in breach of the Computer Misuse Act, such as by engaging in hacking, computer intrusion or a DDoS attack, then as part of a safeguarding response you may need to refer them to a police Cyber Choices team. Regional organised crime units in south and north Wales are there to support you and the learner, diverting them away from criminal activity and towards positive use of their skills.

Where can I get help and support?

Concerns about a learner’s safety or wellbeing online should always be reported in line with your school’s safeguarding procedures. The designated safeguarding person (DSP) will then seek external support when required.

Educational practitioners requiring support with any online safety issues about learners, themselves or their organisation, can contact the Professionals Online Safety Helpline for more advice and suggested courses of action for managing online incidents involving members of your school community.

The following resources provide further information and support for understanding cybersecurity and educating learners.