surfing unfamiliar websites through automatic login via social-media accounts, (d) scanning

suspicious codes and visiting risky webpages to download free applications, and (e) re-using

passwords on multiple accounts and websites. Considering that the clips are provided to students

as materials for their situational-analysis activities in class, teachers are not required to make

highly technical or finely edited videos, as long as their brief visual products can somehow

recreate and present each of the above unsafe circumstances that may lead to cyber incidents.

Activities

Note that for convenient illustration purposes, this section is based on the assumption that

the lesson is delivered via Zoom. This single instructional unit contains two in-class activities:

phishing IQ pop quiz and situational analysis.

Phishing IQ Pop Quiz

Given that phishing emails trigger the vast majority of security incidents (SonicWall,

n.d.-a), and that students often deal with many emails on a daily basis, differentiating between

phishing emails and legitimate ones thus becomes an important asset of self-protecting skill sets.

Aimed at assessing students’ prior cybersecurity knowledge and directing their reflections on

their existing exposure and connections to the topic, this activity includes the phishing IQ test

and peer discussions, and therefore should take around 20 minutes. The activity will be carried

out in the following 6-step procedure:

1. Tell the class the significance of detecting phishing scams, as phishing has become a

common security threat in today’s online environment. Inform students that the phishing

IQ test will give them a chance to reflect on their current knowledge and experiences of

the topic; however, it does not serve as an assessment scheme for the lesson, and they can

feel free to discuss any test question with their peers.

2. Send the link of the SonicWall phishing IQ test to the chat box in Zoom so that students

have access to the quiz. Randomly assign students into groups using Zoom’s breakout

room feature. The total number of rooms will depend on the class size, and each room

should contain an approximately equal number of students, preferably three or four.

3. Ask students to do the phishing IQ test and have peer-to-peer discussions within their

breakout rooms about questions that they find challenging. Visit each breakout room

shortly to ensure that everyone engages in doing the quiz and discussing it. Since the quiz

displays the solutions and explanations for all problems once the participant finishes and

submits, instruct students to read the answer keys carefully when they complete, note the

questions that they got wrong, and then discuss their observations of phishing-email

traits. Given that the test has a small number of questions, which may not address all

types of email phishing, encourage students to mention other kinds of risky email

communications that they know of but are not covered in the quiz.

4. Send a message to all breakout rooms using the Zoom broadcast feature, announcing that

when everyone returns to the main room, each group should have a volunteer

representative ready to summarize and present their discussion findings to the class.

When students are reporting, the instructor should take notes in the virtual sharing space

of the class (as described earlier in the resource section), and share them via the

screen-share function, either through direct entry or by creating and then uploading the

document. Students are expected to summarize at least some of the following typical

characteristics addressed by the test’s answer key: a mismatch between the embedded

URL link and the sender’s email address; an inconsistency between the sender’s email

address and name; constant grammatical errors; alarming or informal tone (SonicWall,
 n.d.-b). Drawing from their observations or experiences, students may also come up with

other signs of phishing, such as emails containing information that does not comply with

common sense, for instance, offering a summer job with hardly any entry requirements

and/or overly high pay.

5. Tell students to check their school email inbox as well as the junk email or spam folder.

Inform the class that most email services nowadays have settings to automatically filter

risky emails to these folders. Ask students to look at the most recent junk or spam email

that they received (if applicable), and think about the following questions: Based on your

observation and post-test understanding, is it a ‘false alarm’ or a real distrustful email?

Can you justify your answer? Can you spot what makes it highly suspicious? Does it look

similar to any of the phishing email examples that you encountered earlier in the quiz?

Ask if anyone would like to share their findings and feel comfortable showing the email

item to the class. For those students willing to present, remind them that for security and

privacy reasons, they can simply share a screenshot of the particular email. Make sure

that the ‘participants sharing screen’ feature is enabled before students are ready to

present to the class.

6. Emphasize that although the majority of email services can block or filter out most

phishing emails, distinguishing suspicious digital communications from legitimate ones

remains an important self-defensive skill. Point out to students that mastering the ability

to evaluate the credibility and trustworthiness of electronic communications is essential

for maintaining their cybersecurity.

Through these steps, the instructor will introduce and demonstrate the Phishing IQ Test as a

helpful resource for evaluating students’ awareness of security threats. Students will complete
the hands-on activities of this process with a new appreciation of how they can closely scrutinize

the details of emails.

Situational Analysis

Using pre-recorded videos covering topics ranging from public-device usage to password

management, this activity showcases to the class some common risky behaviours that could lead

to serious privacy and security concerns. For the purpose of helping students stay alert when

using technology and thus further build security awareness, this exercise provides students an

opportunity to practice key self-protective skills such as critical thinking and problem solving,

using analyzing and storytelling techniques. Considering that the activity includes video

watching and group case studies, the teacher should expect it to last for 30 minutes. The exercise

will be implemented in the following five steps:

1. Tell students that given people’s extensive usage of technology and devices nowadays,

many network-related threats are embedded in our daily lives that we constantly ignore.

However, these ‘invisible’ risks that people are often unconscious of could lead to serious

security consequences. Inform students that after watching five scenarios of risky

engagement with technology, they will then return to the same breakout rooms as in the

previous activity, and each group will be assigned sequentially with one case. Breakout

room 1 will later examine scenario (a); breakout room 2 will investigate scenario (b), and

so on. If the class has more than 5 rooms, then simply have more than one group

analyzing the same scenarios.

2. After announcing the case assignment, play the video clips in the main room and

encourage students to take necessary notes while watching, in case they forget details

when going into breakout rooms. Tell students that they will be performing the following
 tasks within their groups: name the persona in this scenario and retell the person's story in

your room; discuss the unsafe behaviour(s) that you observe in this story; extend the story

by imagining security consequences caused by his or her actions; propose security-related

suggestions or strategies for the person. Then send students back to their previous

breakout rooms.

3. Briefly visit each group and give some prompts to help students come up with

cybersecurity techniques. Applicable keywords include “strong password,” “two-factor

authentication” (2FA), “access rights,” “authorization,” “public and private network,” and

“trust”/ “do not trust” notifications. Encourage groups to further search and explore these

prompts to propose safety suggestions applicable to the persona in the specific scenario,

especially if some students seem to be unfamiliar with certain terminologies.

4. Close all breakout rooms to have all students back in the main room together. Ask each

group to retell to the class the complete story, which includes the scenario, the security

consequences that they imagined, and the preventative measures that they wanted to

propose. After each group finishes reporting, ask other students in class what they would

do differently to protect their credentials or account information if they were the person,

so that other classmates can brainstorm additional consequences and supplement

applicable strategies. To keep students engaged and give them an ongoing view of the

work in progress, remember to share your screen and type notes into the virtual common

space as students share their responses.

5. Conclude that although technological developments enable various convenient,

user-friendly account-operating options such as automatic login and save credentials by

default, these options can cause online security incidents, including data breaches and
 account hacking. Inform students that in today’s data-driven economy, leaking of

sensitive personal information and credentials can further incur financial loss as well as

other serious consequences. Emphasize the key takeaways of the analysis activity: the

significance of knowing and practicing certain preventative measures such as creating

strong passwords, managing unique passwords (e.g., avoiding using the same one for

multiple accounts), staying alert to the surroundings when using public devices, paying

attention to “trust”/ “do not trust” notifications, and denying unnecessary requests to

access personal information.

Throughout this procedure, by reflecting upon how people are exposed to online safety concerns

and how we can prevent them within our reach, students will learn to think more critically about

the tradeoff between convenience and security.

Differentiated Instructions

Although undergraduate students in the same cohort should presumably be around the

same age, they come into class with different exposure to and knowledge of cybersecurity topics.

Thus, the variety of cybersecurity IQ levels among students highlights the importance of

developing differentiated instructions in student-centered classrooms.

For students who lacked familiarity with the online security theme or had never even

heard of it, the teacher should ensure that they are supported during the proposed activities,

enabling their participation and engagement throughout the class. Creating an inclusive learning

environment that cares for all students will highlight the importance of the teacher being

accessible and responsive to students while moving between breakout rooms. In the first

classroom activity, when observing that some students seem to struggle with the test, the

instructor should tell the group(s) that an alternative would be to skim the problems by randomly
choosing answers, in order to access solutions at the end and spend more time studying them. For

those who finish the test faster than their peers and report that they answered most of the

questions correctly, encourage them to search and try other open-access phishing tests for

themselves. Ask them to share other problem sets that they find helpful to train

phishing-detecting skills, by uploading the links to the common space on the course webpage.

The more advanced students can also choose to mentor their group members who have

difficulties in doing the SonicWall phishing IQ test, as mentorship and peer support deepen the

understanding of the topic for both the mentor and the mentee.

In the scenario-analysis exercise, for the group(s) that appear to experience difficulties

with problem-solving processes, the teacher may ask more prompt questions starting with “what

if” to help them proceed with the brainstorming process. Some sample questions might be as

follows: What if someone snoops on the person’s screen since he or she is in a public space?

What if the next user resumes what the previous person just visited and accesses his or her

account information, simply because they forgot to turn off the public computer after using it?

What if hackers breach the person’s social media accounts to commit identity theft? (Be sure to

explain this concept in plain words.) Groups that are ahead in analyzing the assigned scenarios

are encouraged to further examine other situations following the same problem-solving process.

These breakout rooms can additionally generate technology-safety guidelines aimed at people

using computers and other open-access devices in public spaces, for instance, in the city library.

The groups can also share their documents with the class by uploading them to the lesson folder.

Apart from different levels of cybersecurity knowledge and experience in the class,

accessibility to the lesson also varies among students. Relying on remote teaching and learning at

an unprecedented level, education in the pandemic era has greatly enriched the scope of
accessibility by putting technical accessibility into intense focus (and perhaps it will continue to

do so in the post-pandemic era as well). Considering that technical-accessibility deficiencies

such as low-speed or unstable Internet access may affect student engagement and thus

compromise learning, the teacher should also include low-tech approaches to ensure that students

with accessibility issues are supported throughout the class. Given that image processing could

be challenging under slow or weak networks, the instructor can notify the class at the beginning

that turning on their cameras is not mandatory for this lesson. If students have trouble using their

Zoom microphones, encourage them to make full use of the chat feature to participate in class

discussions. Notice that in the situational-analysis activity, playing videos in the main room

entails higher bandwidth requirements for the students’ network access; otherwise, they may

experience lagging while watching the clips. Thus, the teacher should also send the video files to

the chat box so that students with technical difficulties can download and watch them ‘locally.’

By implementing the above low-tech options and accommodating alternative learning methods,

the instructor helps address the technical challenges that may arise for some students, thereby

ensuring a more inclusive virtual learning environment.

Means of Assessment

Considering its intentions of developing cybersecurity awareness and promoting cautious

behaviours in increasingly complex online environments, the lesson is designed to use formative

assessment, as Hagstrom (2006) depicts this type of evaluation as “maintain[ing] learning as

knowledge and skill demands become more complex” (p. 32). Necessitating pro-safety mindsets

and skill sets, security awareness does not stand on its own as an independent knowledge or skill.

Thus, the lesson and its assessment should serve the ongoing, lifelong learning goals of security

awareness building. Compared to summative assessment, which requires deliverables and other
measurable results to present students’ learning outcomes (Hagstrom, 2006), using formative

evaluation in this particular class better encourages students to reflect on their cybersecurity

status quo and monitor their learning processes (both individual and collaborative), which further

motivates them to continue developing online caution. Additionally, as stated earlier in the

practicalities, this instructional unit should be updated annually to adapt to evolving digital

realities and network-safety challenges, and therefore formative evaluations not only reflect the

effectiveness of this lesson in students’ security awareness building, but also serve as an

information source to advise necessary adjustments and revisions for future versions of the class.

Inform the class that they will be conducting self-assessments while working as

discussion groups. Either directly enter the following questions into the Zoom chat or send a

document that contains them:

1. As a brief check-in, what did you want to take away from today’s lesson before coming

to the class?

2. After doing the phishing IQ test and discussing it with your peers, what are some of the

clues that you find helpful to detect phishing emails in daily life?

3. Based on your group exercise of situational analysis and the class discussion afterwards,

can you describe some unsafe behaviours that may arise in using public technology

devices?

4. Thinking a step further, what are some security-related consequences that these

behaviours may lead toward?

5. After the scenario-analysis activity, what do you think about convenience versus

technology, and how is it different from your pre-lesson understanding?

 6. In today’s class, what are some new terminologies that you learned under the topic of

cybersecurity? Explain them in your own words.

7. Would you like to share any safety suggestions with your former self (i.e., before

attending the class), as well as with other people who have no access to today’s lesson?

8. What knowledge/skills/tools of online security would you like to learn that are not

covered in this class?

9. Access the sharing space on the course webpage and skim through the posted notes,

summaries, and web-based sources. How will you use them to conduct security-related,

self-directed learning? What would you add to the compilation?

10. As a check-out, what are your key takeaways from this lesson?

Ask students to answer the above questions with descriptive responses, be as specific as they can

by providing examples and using bullet points for illustration purposes if applicable. Tell

students to discuss the questions within their groups as they conduct self-reflective processes,

and then send them back to their original breakout rooms. Move between the breakout rooms to

navigate group chats.

If students have difficulties understanding the questions due to their wordings, explain or

rephrase them in plain words to make sure that students fully comprehend them and thus provide

clear, informative, and relevant answers. If there are no further difficulties, tell the students to

submit their answers by uploading the documents (in either Word or PDF versions) to the course

webpage when finished. The instructor should then carefully review the responses, and reply

individually with comments on student’s takeaways from the lesson and suggestions for their

future security-awareness building, which should be accessible via the course webpage.