Topic 8: Safety and Security (ICT 0417)
Learning objectives
- Identify physical hazards in the classroom/lab and apply safe working practices.
- Understand e‑safety concepts: personal data, the seven data‑protection principles and safe online behaviour.
- Recognise common threats to data security and apply appropriate technical and organisational counter‑measures, including password policies and backup testing.
- Use social‑media responsibly: block/report unwanted users, assess risks of meeting contacts offline, avoid sharing inappropriate material, use respectful language and protect others’ personal data.
- Appreciate audience needs, apply copyright rules (fair dealing vs. commercial use) and use Creative Commons licences correctly.
- Communicate safely and courteously via email, web browsing and other internet services, recognising spam and applying netiquette.
8.1 Physical safety
Physical safety covers risks that arise from the environment, equipment and materials used in ICT work.
| Hazard | Potential harm | Preventive actions |
|---|
| Electrical equipment (computers, chargers, power strips) – include safety symbols (⚡ / △ ground) | Electric shock, burns, fire | Use correctly rated plugs, never overload sockets, keep liquids away, unplug faulty devices, report damaged cords to the ICT manager in line with school policy. |
| Heavy or unstable equipment (monitors, printers, servers) | Tripping, crushing injuries | Secure on stable surfaces, use two‑person lifts for heavy items, keep walkways clear. |
| Fire hazards (over‑heated hardware, faulty wiring) | Burns, smoke inhalation, property damage | Maintain clear fire exits, keep fire extinguishers accessible, never leave running equipment unattended, follow the school fire‑evacuation plan. |
| Ergonomic problems (poor posture, repetitive strain) | Back/neck pain, carpal tunnel | Adjust chair and monitor height, keep keyboard and mouse at elbow level, take short breaks every 30 min, use wrist rests. |
Emergency procedure checklist
- Raise the alarm (pull fire alarm or shout “Fire!”).
- Evacuate via the nearest safe exit; do not use lifts.
- Assist anyone with a disability.
- Report the incident to a teacher or the ICT manager – written record required by school policy.
- Complete an incident‑report form once safe.
8.2 e‑Safety – Personal data & data protection
Key definitions
- Personal data: any information that can identify an individual (name, address, DOB, school, photos, voice recordings).
- Sensitive data: data revealing race, health, religion, sexual orientation, etc.; requires higher protection.
- Data‑protection principles (GDPR‑style, 7 core principles):
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity & confidentiality (security)
- Accountability
Safe handling of personal data
- Obtain explicit, informed consent before collecting, storing or sharing data.
- Use strong, unique passwords (≥12 characters, mix of upper‑/lower‑case, numbers, symbols). Change passwords at least every 6 months.
- Enable two‑factor authentication (2FA) wherever possible.
- Store data in password‑protected folders or encrypted cloud services (e.g., OneDrive, Google Drive with 2FA).
- Back‑up important files regularly (external drive + cloud) and test restoration at least quarterly.
- Delete data that is no longer required and securely erase it from devices (e.g., using “shred” utilities).
- Never share passwords, PINs or security‑question answers with anyone.
Specific online contexts
- Email: do not open attachments from unknown senders; verify links before clicking; use spam filters and report suspicious mail.
- Cloud storage: set sharing permissions to “only people you invite”; avoid public links for personal files.
- Online gaming & forums: use a nickname, never disclose real name or location, enable privacy settings, report abusive users.
- Social media: apply the same consent and privacy rules when posting photos or personal details (see Section 4).
8.3 Security of data – Threats & protection
Common threats
| Threat | Typical delivery method | Potential impact |
|---|
| Malware (viruses, worms, trojans) | Infected downloads, malicious email attachments | Data loss, system slowdown, unauthorised access. |
| Ransomware | Phishing email, compromised website | Files encrypted until a ransom is paid. |
| Phishing / Smishing / Vishing | Email, SMS, phone call pretending to be a trusted organisation | Credentials stolen, financial fraud. |
| Man‑in‑the‑middle (MITM) attacks | Unencrypted Wi‑Fi, compromised routers | Data intercepted or altered during transmission. |
| Social engineering | Impersonation, pretexting, baiting | Unauthorised access to accounts or facilities. |
| Card‑fraud / Identity theft | Data breach, phishing, insecure websites | Unauthorised purchases, damage to credit rating. |
Technical counter‑measures
- Install reputable anti‑malware/antivirus software; keep it updated.
- Enable firewalls on computers and routers.
- Use encrypted connections (HTTPS, VPN) when transmitting sensitive data.
- Apply regular software updates and security patches.
- Adopt strong password policies (minimum 12 characters, no reuse, change every 6 months).
- Enable 2FA for all school‑provided accounts.
- Encrypt sensitive files (e.g., BitLocker, VeraCrypt).
- Back‑up data regularly, store a copy off‑site, and test restoration each term.
Organisational counter‑measures
- Develop and follow a school ICT security policy (covers incident reporting, user privileges, acceptable use).
- Provide regular e‑safety training for students and staff.
- Restrict user privileges – give only the access required for a task (principle of least privilege).
- Maintain an incident‑response plan (who to contact, steps to isolate affected devices, evidence preservation).
4. Social‑media safety (e‑safety focus)
Blocking and reporting unwanted users
- Open the user’s profile or the offending post.
- Select the platform‑specific option – Block, Restrict or Hide – to stop further interaction.
- Choose Report (or Flag) and follow the prompts; select the correct category (harassment, spam, hate speech, explicit content, etc.).
- Record the reference number or take a screenshot for future reference.
Tip: “Blocking” prevents the user from seeing your content; “Reporting” alerts the platform’s moderation team.
Meeting an online contact face‑to‑face
- Verify identity through a video call and, if possible, a second independent source (e.g., a mutual friend).
- Tell a trusted adult (parent, teacher, guardian) the date, time, location and who you are meeting.
- Choose a busy public place (café, library, school hall) and avoid isolated areas.
- Never share your home address, school details, passwords or financial information.
- If anything feels unsafe, cancel the meeting, block the contact and report the incident to the platform and a trusted adult.
Avoiding distribution of inappropriate images
Inappropriate images include any material that is:
- Sexually explicit or suggestive.
- Violent, graphic or disturbing.
- Harassing, hateful, discriminatory or threatening.
- Copyrighted without the owner’s permission.
Consequences of sharing such material
- Legal action under national/international law (e.g., child protection statutes, copyright infringement).
- Permanent damage to personal reputation and future employment prospects.
- School disciplinary measures, including exclusion.
Using appropriate language online
- Write as you would speak to a teacher or colleague – polite, clear and respectful.
- Avoid profanity, slurs, hate speech, threats or bullying language.
- Do not spread unverified rumours or defamatory statements.
- Apply netiquette:
- All caps = shouting – use sparingly.
- Keep messages concise.
- Respect privacy – don’t post personal details about others without consent.
Respecting confidentiality of others’ personal data
- Obtain consent before sharing another person’s name, photo, contact details or any identifying information.
- Store shared data securely – password‑protected files, encrypted USB drives, or secure cloud folders.
- Delete data that is no longer required and securely wipe it from devices.
- Follow the school’s data‑protection policy and relevant legislation (e.g., GDPR).
9. Audience & Copyright
Understanding your audience (AO 3)
- Identify the intended readers or viewers (peers, teachers, public, potential employers).
- Adjust tone, language level and visual style accordingly.
- Provide appropriate citations and references for any external material.
Classroom activity: Give students a short article and ask them to rewrite the introduction for three different audiences (classmate, teacher, general public). Discuss how tone and vocabulary change.
Copyright basics
10. Communication – Email, Internet & Netiquette
Email etiquette and technical basics (AO 10.3)
- Use a clear, concise subject line (e.g., “Request for group‑project feedback – Week 3”).
- Begin with a polite greeting (“Dear Mr Smith,”) and end with a courteous sign‑off (“Kind regards, [Your Name]”).
- Proof‑read for spelling, grammar and tone before sending.
- Attachments:
- Only attach when necessary; compress large files or use a cloud link.
- Label files clearly (e.g., “Project‑Report‑V2.pdf”).
- Check that the attachment opens before sending.
- CC / BCC:
- CC – keep others informed (visible to all recipients).
- BCC – hide addresses for privacy or large mailing lists.
- Forwarding: add a brief note explaining why you are forwarding and remove any irrelevant content.
- Spam identification:
| Indicator | What to do |
|---|
| Unexpected sender address or misspelled domain (e.g., “info@g00gle.com”) | Do not open; mark as spam and report. |
| Mismatched URLs – link text says “www.bank.com” but URL points elsewhere | Hover to view real URL; avoid clicking. |
| Urgent or threatening language demanding immediate action | Verify through a known contact channel before responding. |
| Attachments with executable extensions (.exe, .scr, .bat) | Do not open; delete or report. |
Safe web browsing (AO 10.2)
- Check the URL – look for “https://” and a padlock icon for secure sites.
- Key internet protocols:
| Protocol | Purpose |
|---|
| HTTP | Unencrypted web traffic. |
| HTTPS | Encrypted web traffic (TLS/SSL). |
| FTP | File transfer (often unencrypted). |
| FTPS / SFTP | Secure file transfer. |
| SMTP | Sending email (plain). |
| SMTPS | Encrypted email transmission. |
- Evaluate reliability:
- Author’s credentials and affiliation.
- Publication date – ensure information is up‑to‑date.
- Purpose – informational, commercial, persuasive?
- Bias – does the source have a particular agenda?
- Do not download software or files from untrusted sites.
- Use the school’s web‑filter or safe‑search settings; understand parental‑control and age‑restriction tools (e.g., YouTube Restricted Mode).
- Clear browser history and cookies regularly, especially on shared computers.
7. Quick‑reference checklist (all safety areas)
| Area | Do | Don’t |
|---|
| Physical safety | Keep cords tidy, unplug faulty equipment, use ergonomics, follow fire‑evacuation plan, report incidents. | Leave liquids near computers, overload sockets, ignore damaged hardware. |
| e‑Safety (personal data) | Obtain consent, use strong passwords, enable 2FA, store data encrypted, back‑up and test restores. | Share passwords, post personal details publicly, keep unprotected backups. |
| Data security (threats) | Install updates, run anti‑malware scans, use firewalls, apply password policy, encrypt files, back‑up & test. | Click unknown links, ignore software updates, disable security software. |
| Social‑media | Block/report unwanted users, verify offline meetings, check image permissions, use respectful language, protect others’ data. | Engage with harassers, meet strangers alone, share explicit or copyrighted material. |
| Audience & copyright | Identify audience, adapt tone, cite sources, use CC‑licensed or public‑domain material, understand fair‑dealing limits. | Assume any online material is free to use, ignore attribution, copy for commercial gain without permission. |
| Communication | Clear subject lines, polite greeting/sign‑off, proof‑read, use CC/BCC appropriately, verify sender, recognise spam, use secure URLs. | Send all‑caps or angry messages, forward unverified rumours, click suspicious links, attach unnecessary files. |
Suggested diagrams (for classroom presentation)
- Flowchart – Blocking & Reporting an Unwanted User: Profile → Choose “Block/Restrict” → Confirm → Choose “Report” → Select reason → Submit → Record reference.
- Threat‑matrix: Grid showing likelihood (low‑high) vs. impact (minor‑severe) for each threat listed in Section 8.3.
- Data‑protection lifecycle: Collect → Store → Use → Share → Retain → Delete (with arrows indicating the GDPR principles).
- Internet‑protocol cheat‑sheet: Table of HTTP, HTTPS, FTP, FTPS/SFTP, SMTP, SMTPS with icons.
Summary
Effective safety and security in ICT combines:
- Physical precautions in the classroom and lab, including emergency reporting.
- Responsible handling of personal and sensitive data, following the seven data‑protection principles.
- Awareness of cyber‑threats and implementation of technical safeguards (strong passwords, 2FA, backups) and organisational policies.
- Safe social‑media habits: block/report, verify offline meetings, avoid sharing inappropriate or copyrighted material, and communicate respectfully.
- Consideration of audience expectations and correct use of copyright licences (fair dealing, Creative Commons).
- Professional email and web‑browsing practices, including spam identification and netiquette.
Mastering these practices prepares students for the IGCSE ICT examination and equips them with lifelong digital‑citizenship skills.