Professional Documents
Culture Documents
suspicious codes and visiting risky webpages to download free applications, and (e) re-using
passwords on multiple accounts and websites. Considering that the clips are provided to students
as materials for their situational-analysis activities in class, teachers are not required to make
highly technical or finely edited videos, as long as their brief visual products can somehow
recreate and present each of the above unsafe circumstances that may lead to cyber incidents.
Activities
Note that for convenient illustration purposes, this section is based on the assumption that
the lesson is delivered via Zoom. This single instructional unit contains two in-class activities:
Given that phishing emails trigger the vast majority of security incidents (SonicWall,
n.d.-a), and that students often deal with many emails on a daily basis, differentiating between
phishing emails and legitimate ones thus becomes an important asset of self-protecting skill sets.
Aimed at assessing students’ prior cybersecurity knowledge and directing their reflections on
their existing exposure and connections to the topic, this activity includes the phishing IQ test
and peer discussions, and therefore should take around 20 minutes. The activity will be carried
1. Tell the class the significance of detecting phishing scams, as phishing has become a
common security threat in today’s online environment. Inform students that the phishing
IQ test will give them a chance to reflect on their current knowledge and experiences of
the topic; however, it does not serve as an assessment scheme for the lesson, and they can
have access to the quiz. Randomly assign students into groups using Zoom’s breakout
room feature. The total number of rooms will depend on the class size, and each room
3. Ask students to do the phishing IQ test and have peer-to-peer discussions within their
breakout rooms about questions that they find challenging. Visit each breakout room
shortly to ensure that everyone engages in doing the quiz and discussing it. Since the quiz
displays the solutions and explanations for all problems once the participant finishes and
submits, instruct students to read the answer keys carefully when they complete, note the
questions that they got wrong, and then discuss their observations of phishing-email
traits. Given that the test has a small number of questions, which may not address all
types of email phishing, encourage students to mention other kinds of risky email
communications that they know of but are not covered in the quiz.
4. Send a message to all breakout rooms using the Zoom broadcast feature, announcing that
when everyone returns to the main room, each group should have a volunteer
representative ready to summarize and present their discussion findings to the class.
When students are reporting, the instructor should take notes in the virtual sharing space
of the class (as described earlier in the resource section), and share them via the
screen-share function, either through direct entry or by creating and then uploading the
document. Students are expected to summarize at least some of the following typical
characteristics addressed by the test’s answer key: a mismatch between the embedded
URL link and the sender’s email address; an inconsistency between the sender’s email
address and name; constant grammatical errors; alarming or informal tone (SonicWall,
n.d.-b). Drawing from their observations or experiences, students may also come up with
other signs of phishing, such as emails containing information that does not comply with
common sense, for instance, offering a summer job with hardly any entry requirements
5. Tell students to check their school email inbox as well as the junk email or spam folder.
Inform the class that most email services nowadays have settings to automatically filter
risky emails to these folders. Ask students to look at the most recent junk or spam email
that they received (if applicable), and think about the following questions: Based on your
Can you justify your answer? Can you spot what makes it highly suspicious? Does it look
similar to any of the phishing email examples that you encountered earlier in the quiz?
Ask if anyone would like to share their findings and feel comfortable showing the email
item to the class. For those students willing to present, remind them that for security and
privacy reasons, they can simply share a screenshot of the particular email. Make sure
that the ‘participants sharing screen’ feature is enabled before students are ready to
6. Emphasize that although the majority of email services can block or filter out most
remains an important self-defensive skill. Point out to students that mastering the ability
Through these steps, the instructor will introduce and demonstrate the Phishing IQ Test as a
helpful resource for evaluating students’ awareness of security threats. Students will complete
the hands-on activities of this process with a new appreciation of how they can closely scrutinize
Situational Analysis
Using pre-recorded videos covering topics ranging from public-device usage to password
management, this activity showcases to the class some common risky behaviours that could lead
to serious privacy and security concerns. For the purpose of helping students stay alert when
using technology and thus further build security awareness, this exercise provides students an
opportunity to practice key self-protective skills such as critical thinking and problem solving,
using analyzing and storytelling techniques. Considering that the activity includes video
watching and group case studies, the teacher should expect it to last for 30 minutes. The exercise
1. Tell students that given people’s extensive usage of technology and devices nowadays,
many network-related threats are embedded in our daily lives that we constantly ignore.
However, these ‘invisible’ risks that people are often unconscious of could lead to serious
security consequences. Inform students that after watching five scenarios of risky
engagement with technology, they will then return to the same breakout rooms as in the
previous activity, and each group will be assigned sequentially with one case. Breakout
room 1 will later examine scenario (a); breakout room 2 will investigate scenario (b), and
so on. If the class has more than 5 rooms, then simply have more than one group
2. After announcing the case assignment, play the video clips in the main room and
encourage students to take necessary notes while watching, in case they forget details
when going into breakout rooms. Tell students that they will be performing the following
tasks within their groups: name the persona in this scenario and retell the person's story in
your room; discuss the unsafe behaviour(s) that you observe in this story; extend the story
suggestions or strategies for the person. Then send students back to their previous
breakout rooms.
3. Briefly visit each group and give some prompts to help students come up with
authentication” (2FA), “access rights,” “authorization,” “public and private network,” and
“trust”/ “do not trust” notifications. Encourage groups to further search and explore these
prompts to propose safety suggestions applicable to the persona in the specific scenario,
4. Close all breakout rooms to have all students back in the main room together. Ask each
group to retell to the class the complete story, which includes the scenario, the security
consequences that they imagined, and the preventative measures that they wanted to
propose. After each group finishes reporting, ask other students in class what they would
do differently to protect their credentials or account information if they were the person,
applicable strategies. To keep students engaged and give them an ongoing view of the
work in progress, remember to share your screen and type notes into the virtual common
default, these options can cause online security incidents, including data breaches and
account hacking. Inform students that in today’s data-driven economy, leaking of
sensitive personal information and credentials can further incur financial loss as well as
other serious consequences. Emphasize the key takeaways of the analysis activity: the
strong passwords, managing unique passwords (e.g., avoiding using the same one for
multiple accounts), staying alert to the surroundings when using public devices, paying
attention to “trust”/ “do not trust” notifications, and denying unnecessary requests to
Throughout this procedure, by reflecting upon how people are exposed to online safety concerns
and how we can prevent them within our reach, students will learn to think more critically about
Differentiated Instructions
Although undergraduate students in the same cohort should presumably be around the
same age, they come into class with different exposure to and knowledge of cybersecurity topics.
Thus, the variety of cybersecurity IQ levels among students highlights the importance of
For students who lacked familiarity with the online security theme or had never even
heard of it, the teacher should ensure that they are supported during the proposed activities,
enabling their participation and engagement throughout the class. Creating an inclusive learning
environment that cares for all students will highlight the importance of the teacher being
accessible and responsive to students while moving between breakout rooms. In the first
classroom activity, when observing that some students seem to struggle with the test, the
instructor should tell the group(s) that an alternative would be to skim the problems by randomly
choosing answers, in order to access solutions at the end and spend more time studying them. For
those who finish the test faster than their peers and report that they answered most of the
questions correctly, encourage them to search and try other open-access phishing tests for
themselves. Ask them to share other problem sets that they find helpful to train
phishing-detecting skills, by uploading the links to the common space on the course webpage.
The more advanced students can also choose to mentor their group members who have
difficulties in doing the SonicWall phishing IQ test, as mentorship and peer support deepen the
understanding of the topic for both the mentor and the mentee.
In the scenario-analysis exercise, for the group(s) that appear to experience difficulties
with problem-solving processes, the teacher may ask more prompt questions starting with “what
if” to help them proceed with the brainstorming process. Some sample questions might be as
follows: What if someone snoops on the person’s screen since he or she is in a public space?
What if the next user resumes what the previous person just visited and accesses his or her
account information, simply because they forgot to turn off the public computer after using it?
What if hackers breach the person’s social media accounts to commit identity theft? (Be sure to
explain this concept in plain words.) Groups that are ahead in analyzing the assigned scenarios
are encouraged to further examine other situations following the same problem-solving process.
These breakout rooms can additionally generate technology-safety guidelines aimed at people
using computers and other open-access devices in public spaces, for instance, in the city library.
The groups can also share their documents with the class by uploading them to the lesson folder.
Apart from different levels of cybersecurity knowledge and experience in the class,
accessibility to the lesson also varies among students. Relying on remote teaching and learning at
an unprecedented level, education in the pandemic era has greatly enriched the scope of
accessibility by putting technical accessibility into intense focus (and perhaps it will continue to
such as low-speed or unstable Internet access may affect student engagement and thus
compromise learning, the teacher should also include low-tech approaches to ensure that students
with accessibility issues are supported throughout the class. Given that image processing could
be challenging under slow or weak networks, the instructor can notify the class at the beginning
that turning on their cameras is not mandatory for this lesson. If students have trouble using their
Zoom microphones, encourage them to make full use of the chat feature to participate in class
discussions. Notice that in the situational-analysis activity, playing videos in the main room
entails higher bandwidth requirements for the students’ network access; otherwise, they may
experience lagging while watching the clips. Thus, the teacher should also send the video files to
the chat box so that students with technical difficulties can download and watch them ‘locally.’
By implementing the above low-tech options and accommodating alternative learning methods,
the instructor helps address the technical challenges that may arise for some students, thereby
Means of Assessment
behaviours in increasingly complex online environments, the lesson is designed to use formative
knowledge and skill demands become more complex” (p. 32). Necessitating pro-safety mindsets
and skill sets, security awareness does not stand on its own as an independent knowledge or skill.
Thus, the lesson and its assessment should serve the ongoing, lifelong learning goals of security
awareness building. Compared to summative assessment, which requires deliverables and other
measurable results to present students’ learning outcomes (Hagstrom, 2006), using formative
evaluation in this particular class better encourages students to reflect on their cybersecurity
status quo and monitor their learning processes (both individual and collaborative), which further
motivates them to continue developing online caution. Additionally, as stated earlier in the
practicalities, this instructional unit should be updated annually to adapt to evolving digital
realities and network-safety challenges, and therefore formative evaluations not only reflect the
effectiveness of this lesson in students’ security awareness building, but also serve as an
information source to advise necessary adjustments and revisions for future versions of the class.
Inform the class that they will be conducting self-assessments while working as
discussion groups. Either directly enter the following questions into the Zoom chat or send a
1. As a brief check-in, what did you want to take away from today’s lesson before coming
to the class?
2. After doing the phishing IQ test and discussing it with your peers, what are some of the
clues that you find helpful to detect phishing emails in daily life?
3. Based on your group exercise of situational analysis and the class discussion afterwards,
can you describe some unsafe behaviours that may arise in using public technology
devices?
4. Thinking a step further, what are some security-related consequences that these
5. After the scenario-analysis activity, what do you think about convenience versus
7. Would you like to share any safety suggestions with your former self (i.e., before
attending the class), as well as with other people who have no access to today’s lesson?
8. What knowledge/skills/tools of online security would you like to learn that are not
9. Access the sharing space on the course webpage and skim through the posted notes,
summaries, and web-based sources. How will you use them to conduct security-related,
10. As a check-out, what are your key takeaways from this lesson?
Ask students to answer the above questions with descriptive responses, be as specific as they can
by providing examples and using bullet points for illustration purposes if applicable. Tell
students to discuss the questions within their groups as they conduct self-reflective processes,
and then send them back to their original breakout rooms. Move between the breakout rooms to
If students have difficulties understanding the questions due to their wordings, explain or
rephrase them in plain words to make sure that students fully comprehend them and thus provide
clear, informative, and relevant answers. If there are no further difficulties, tell the students to
submit their answers by uploading the documents (in either Word or PDF versions) to the course
webpage when finished. The instructor should then carefully review the responses, and reply
individually with comments on student’s takeaways from the lesson and suggestions for their
future security-awareness building, which should be accessible via the course webpage.