Secondary (ages 11 to 16)


60 minutes

Learning outcomes

Learners will be able to:

  • evaluate their existing knowledge of cybersecurity
  • consider risks to themselves and others of cybercrime
  • explore strategies to protect personal data and devices
  • consider important strategies that build good habits around cybersecurity

Key vocabulary

Cybercrime, cybersecurity, data, protection, password, risks, scam, phishing, recovery, firewall, backup, account management, updates, operating system, malware, virus


PowerPoint slides, scissors, dice.


  • Read through ‘An educational practitioner’s guide to cybersecurity’ on ‘Be cyber smart to avoid cybercrime’ to ensure you have a clear understanding of the area.
  • Familiarise yourself with your school’s safeguarding policy and procedures, as well as the Wales Safeguarding Procedures, in the event of a disclosure or concerns about a learner’s safety or wellbeing. For more information, see the statutory safeguarding guidance ‘Keeping learners safe’.
  • Print copies of the 4 carousel activities (slides 8 to 16) – one copy per pair/small group.
  • ‘Activity 3: Malware matcher’ (slides 12 to 14) – requires cards to be cut out ready for a sorting activity.
  • Print ‘My top tips’ (slide 17) – one copy per learner.

Curriculum links

This resource can support activities delivered as part of the Health and Well-being Area of Learning and Experience or the Science and Technology Area of Learning and Experience and has links to the Digital Competence Framework.

Key questions (to use as discussion starters or prompts)

  • What is cybercrime? What are the risks of cybercrime?
  • What is cybersecurity? How do you protect your personal information online?
  • What makes a good password?
  • What is an online scam? How could you spot one? What are phishing and smishing?
  • What is malware? What types are you aware of, and what do they do?
  • How can you protect your devices from cybercriminals?
  • What would you do if your password was stolen or your account was hacked?
  • What are your top tips for being cyber secure online?

Using the accompanying PowerPoint slides for this lesson plan, start by asking learners:

  • what is cybercrime?

Collect some ideas from learners then share the 2 types of cybercrime on slide 3.

Explain that this lesson will focus on cyber-dependent crimes such as identity theft, data theft, hacking and malware.

Using slide 4, ask learners to consider the effects of cybercrime on individual users, such as themselves, and on businesses or organisations. Discuss and share ideas. Click on the slide to reveal some suggestions.

On slides 5 and 6, ask the short multiple-choice questions about cybersecurity and ask learners to put their hands up for each correct answer.

Display the correct answers on the slides and discuss these with learners. Their responses may prompt you to direct them to specific activities in the carousel first.

Explain to learners that they will be completing different quick activities to learn how to protect their information and devices online. Each activity will take around 10 minutes to complete.

You may wish to run all 4 available activities or select the activities that would be most beneficial to your learners.

If running all 4 activities divide the class into 4 groups and set up 4 areas in the classroom, one for each activity. Each group will start at one activity, then after 10 minutes move to the next activity, until all groups have completed all available activities. Instructions are provided with each activity on the slides, and all printed materials are provided on the slides.

Below is a brief summary of each activity.

  1. Roll a password (slide 8) – learners will use the concept of Diceware to roll dice to generate random words to create a strong password. You need to provide at least 4 dice per pair/small group. Direct learners to visit the EFF’s Dice page for wider understanding about why random passphrases are so secure.
  2. Scam spotter (slides 9 to 11) – learners will use a guide sheet (slide 10) to spot the different ways that scammers attempt to trick online users into giving over personal data such as usernames and passwords.
  3. Malware matcher (slides 12 to 14) – learners will match different types of malware to their definitions.
  4. Emergency action plan (slides 15 to 16) – learners will consider steps they can take to manage passwords and who can help them if an account is compromised or stolen. They will also consider what steps to take next.

Bring learners back together and provide them with a copy of ‘My top tips’ (slide 17). Ask them to consider everything they have learned from the carousel of activities to write a list of 3 tips that they think would help other young people or family members to be cyber secure.

Ask learners to share their top tips and discuss them further if necessary.

Share slide 18 with some additional tips that learners may find helpful.

Slide 19 provides some examples of behaviours that would be in breach of the Malicious Communications Act that highlight how easy it is to cross the line into criminal activity. There is an active cyber diversion tactic in police forces. For more information visit ‘Keeping safe online.

Finally, on slides 20 to 22, discuss with learners who they can turn to for help if they have any worries or concerns about cybersecurity. This can include adults in school, family members and the Cyber Aware section of the NCSC’s website.

Slide 20 contains details of the National Cyber Security Centre (NCSC) CyberFirst scheme that encourages talented young people to use their advanced technical skills to help fight cybercrime rather than commit it.

Also share the ActionFraud link and remind learners that they can also report account issues to the app/game service providers.

Advanced account protection

Explore with learners more sophisticated methods to protect online accounts and devices. These could include the use of password managers to securely store account details, multi-factor authentication, or anonymous access services such as virtual private networks (VPNs) that prevent other online users from tracking or collecting data about an individual.

Keeping things private

Depending on the online experiences of your learners, it may be useful to discuss and explore the available account settings on the apps and services used by learners to manage their privacy. This could include settings on restricting who can contact them, who can see personal information on their account profile and other tools that may allow them to block or report suspicious users.

A selection of checklists are available on Hwb and Internet Matters (language translation available on site).

Keeping safe online

This lesson can be used as a springboard into additional learning about how to keep yourself and others safe online. Further resources to support this learning can be found on the ‘Keeping safe online’ area on Hwb.

Don’t Cross the Line to Cyber Crime

A free lesson resource developed by SchoolBeat and TARIAN Regional Cyber Crime Unit that highlights the risks involved in cybercrime.