Cybersecurity - Lesson 6: Security Risks Part 1
Overview
Students investigate three different common security risks (phishing, keylogging, malware) in a jigsaw activity. In groups, students create Public Service Announcement slides warning of the dangers of their assigned security risk. Then students are grouped with students who investigated other security risks and are instructed to share their slide and give a voice over. The activity ends with the class coming together to discuss the security risks as a whole.
Purpose
In this lesson students are exposed to common security risks. The purpose of this lesson is to dive into the facts and learn how people are targeted. In a future lesson students will explore how they can protect themselves from these security risks.
Goals
Students will be able to:
- Identify commons security risks: phishing, keylogging, rogue access points.
- Explain how these common security risks target people
- Discuss the warning signals for these common security risks
Preparation
- Read through the levels on Code Studio to familiarize yourself with the topics
- Think through the logistics of running the jigsaw activity.
Getting Started (5 minutes)
Prompt: Have you ever received an email or a text message that looked suspicious? Have you ever been unsure if you should open the message or click on a link? What are the things that made you suspicious?
Discussion Goal
Goal: In this discussion, we are previewing malicious links and common phishing attempts. If students do not have any of their own examples to offer up, try to be prepared with one of your own where you received an email that was clearly not wise to open.
Things that might make you suspicious:
- Mispellings of the person's name, email, or company.
- Something that seems to good to be true ("Free Vacations for a year!")
- Asking for personal information
- A flashy link they want you to click on
Activity (35 mins)
Security Risks Jigsaw
There are many different ways that data can be stolen. Let's examine a few.
Group: Divide students into groups of two. Evenly divide the three topics among the groups:
- Keylogging
- Phishing
- Malware
Do This
Students navigate to their assigned levels on Code Studio and examine their topic. After they have a good understanding of the content, students make a PSA (Public Service Announcement) slide covering the following things:
- What is the security risk?
- How are people targeted?
- What are the warnings?
Group (10 mins) After students finish their slides, rearrange the class so there is a representative covering each topic in each group. Students share their slides with each other and give a voice over of the security risks.
Discuss (5 mins) Bring the class back together and ask for a volunteer from each of the topics to share their slide with the class and give a one minute overview.
Remarks
Another security risk that you may have heard about is a Rogue Access Point. How this works can get pretty complicated, but it's enough to know that a rogue access point is a wireless access point that gives unauthorized access to secure networks. This can be a physical device that is attached to a router - sometimes hidden from site! It can be detected in various ways, including looking for strange wireless signals.
Teaching Tip
It's ok if the student who presents information has some innacuracies in their reporting. Use this opportunity to correct misunderstandings and get everyone on the same page.
One thing that can come out of the discussion is the realization that Keylogging is a form of Malware. Malware is as broad category of malicious software that can collect information or exploit a system in many different ways.
Wrap up (5 Minutes)
Remarks
There are many different ways that you may be targeted to reveal sensitive information. We generally think of emails as being a safe way to communicated, but unsolicted emails, attachments, links and forms can all be used to compromise the safety and security of a computing system. These could come from people you don't know, or from your friends and family who's security has been compromised.
It can be alarming to realize that there are many ways you are being targeted to reveal sensitive information. However, knowledge of the facts can help us be wiser consumers of technology. Later on in this unit we will explore further how to protect ourselves from these security risks.
Journal
Students add the following vocaublary words: Phishing, Keylogging, Malware, Rogue Access Point.
- Phishing: a technique that attempts to trick a user into providing personal information. That personal information can then be used to access sensitive online resources, such as bank accounts and emails.
- Keylogging: the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information.
- Maleware: software intended to damage a computing system or to take partial control over its operation.
- Rogue Access Point: a wireless access point that gives unauthorized access to secure networks.
Assessment: Check for Understanding
For Teachers
Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.
For Students
Open a word doc or google doc and copy/paste the following question.
Question
How would you explain these three security risks (phishing, keylogging, malware) to a family member? What would you say to help them understand the dangers?
Standards Alignment
- CSTA K-12 Computer Science Standards (2017): 3A-NI-05
- CSP2021: IOC-2.B, IOC-2.C
Next Tutorial
In the next tutorial, we will discuss Code.Org Unit 10 Lesson 7, which describes Security risks and their impact on society..