Primary (ages 7 to 11)


60 minutes

Learning outcomes

Learners will be able to:

  • identify the risks to themselves and others of cybercrime
  • explore strategies to protect personal data and devices
  • consider important strategies that build good habits around cybersecurity

Key vocabulary

Cybercrime, cybersecurity, data, protection, password, risks, scam, phishing, recovery, firewall, backup, account management, updates, operating system, malware, virus


PowerPoint slides, scissors, glue sticks.


  • Read through ‘An educational practitioner’s guide to cybersecurity’ that’s on ‘Be cyber smart to avoid cybercrime’ to ensure you have a clear understanding of the area.
  • Familiarise yourself with your school’s safeguarding policy and procedures, as well as the Wales Safeguarding Procedures, in the event of a disclosure or concerns about a learner’s safety or wellbeing. For more information, see the statutory safeguarding guidance ‘Keeping learners safe.
  • Print copies of the 4 carousel activities (slides 7 to 17) – one copy per pair/small group. You may wish to print slide 9 (die template) onto card.
  • Print ‘My top tips’ (slide 18) – one copy per learner.

Curriculum links

This resource can support activities delivered as part of the Health and Well-being Area of Learning and Experience or the Science and Technology Area of Learning and Experience and has links to the Digital Competence Framework.

Key questions (to use as discussion starters or prompts)

  • What is cybercrime? What are the risks of cybercrime?
  • What is cybersecurity? How do you protect your personal information online?
  • What makes a good password?
  • What is an online scam? How could you spot one? What are phishing and smishing?
  • How can you protect your devices from cybercriminals?
  • What would you do if your password was stolen or your account was hacked?
  • What are your top tips for being cyber secure online?

Using the accompanying PowerPoint slides for this lesson plan, start by asking learners:

  • what is cybercrime? (slides 3 and 4)
  • what are the risks of cybercrime?

Using slide 4, can the learners tell you what type of cybercrime the 4 images represent?

  1. Hacking – illegally collecting digital information with the consent of the owner
  2. Phishing – falsely tricking someone into giving you information that is sensitive to them
  3. Distributed denial of service (DDoS) attack – using a collection of devices (sometimes from across the world) to repeatedly ‘ping’ a server, thereby preventing legitimate users from accessing the server
  4. Malicious software (malware) – includes software that may ‘hijack’ files and hold to ransom (ransomware) or infect a device that causes it to behave in an unexpected manner (virus)

More confident learners may be able to explain these.

Then reveal the different effects of cybercrime on slide 5.

Using slide 6, ask learners to suggest ways they already know about how to be cyber secure online. Responses may include:

  • using passwords for online accounts or devices
  • advice on when and where (and with whom) to share personal information online
  • using software or other solutions to protect accounts and devices

Explain to learners that they will be completing different quick activities to learn how to protect their information and devices online. Each activity will take around 10 minutes to complete.

You may wish to run all 4 available activities, or select the activities that would be most beneficial to your learners.

If running all 4 activities divide the class into 4 groups and set up 4 areas in the classroom, one for each activity. Each group will start at one activity, then after 10 minutes move to the next, until all groups have completed all available activities. Instructions are provided with each activity on the slides, and all printed materials are provided on the slides.

Below is a summary of each activity.

  1. Roll a password (slides 8 to 9) – learners will create a custom die that can be rolled to generate random words to create a strong password.
    (Note: you may wish to save time by cutting out the die templates (slide 9) prior to the lesson.)
  2. Scam spotter (slides 10 to 12) – learners will use a guide sheet (slide 11) to spot the different ways that scammers attempt to trick online users into giving over personal data such as usernames and passwords.
  3. Device doctor (slides 13 to 15) – learners will use a guide sheet (slide 14) to help identify ways to improve device security.
  4. Emergency action plan (slides 16 to 17) – learners will consider steps they can take to manage passwords and who can help them if an account is compromised or stolen. They will also consider what steps to take next.

Bring learners back together and provide them with a copy of ‘My top tips’ (slide 18). Ask them to consider everything they have learned from the carousel of activities, and then to write a list of 3 top tips that they think would help other children or family members to be cyber secure.

Ask learners to share their top tips and discuss them further if necessary.

Discuss with learners who they can turn to for help if they have any worries or concerns about cybersecurity. This can include adults in school, family members and the Cyber Aware section of the National Cyber Security Centre’s (NCSC) website.

The final slide (20) outlines some behaviours that are potentially criminal. Help learners to recognise that just because they can do something, it doesn’t mean that it’s allowed. If they take, access or block access to something online there’s a good chance that it may be an illegal act. Be careful to address this in the right way for your learners, taking into account their own needs and experiences.

Advanced account protection

Explore with learners more sophisticated methods to protect online accounts and devices. These could include the use of password managers to securely store account details, multi-factor authentication, or anonymous access services such as virtual private networks (VPNs) that prevent other online users from tracking or collecting data about an individual.

Keeping things private

Depending on the online experiences of your learners, it may be useful to discuss and explore the available account settings on the apps and services used by learners to manage their privacy. This could include settings on restricting who can contact them, who can see personal information on their account profile and other tools that may allow them to block or report suspicious users.

A selection of checklists are available on Hwb and Internet Matters (language translation available on site).

Keeping safe online

This lesson can be used as a springboard into additional learning about how to keep yourself and others safe online, particularly around the sharing of personal information online. Resources to support this learning can be found on the ‘Keeping safe online’ area on Hwb.