Topic 8 – Safety and Security
What this topic covers in the exam (Cambridge IGCSE ICT 0417 – Section 8)
- 8.1 Physical safety – electrical, fire, ergonomics, heavy equipment, tripping hazards.
- 8.2 e‑Safety – data‑protection legislation – principles of the UK Data Protection Act & GDPR.
- 8.3 e‑Safety – common threats to data – phishing, pharming, smishing, vishing, malware/viruses, ransomware, card‑fraud, online scams, cyber‑bullying, inappropriate content, gaming addiction.
- 8.4 Safe use of specific digital services – Internet, email, social media, online gaming.
- 8.5 Responsible digital behaviour (netiquette).
- 8.6 General e‑Safety principles – think before you share, backup, log‑out, verify sources, educate others.
- 8.7 Audience appreciation & copyright – tailoring safety measures to the intended users and respecting intellectual property.
Link to assessment objectives
- AO1 – recall knowledge of physical hazards, legislation, and threat types.
- AO2 – apply safe‑use procedures for devices, services and online interactions.
- AO3 – evaluate risks, choose appropriate mitigation measures and justify safety choices for a given audience.
1. Physical safety in the ICT workplace
- Electrical safety
- Use only mains‑rated power strips; never overload sockets.
- Keep cords away from walkways and water sources.
- Unplug equipment before cleaning or maintenance.
- Fire safety
- Keep fire‑extinguishers and fire‑blankets accessible.
- Never block fire exits or store flammable material near computers.
- Ergonomics & workstation set‑up
- Chair: feet flat, knees at 90°, back supported.
- Monitor: top at eye level, ~50‑70 cm away.
- Keyboard & mouse: wrists straight; use a wrist‑rest if needed.
- Follow the 20‑20‑20 rule – every 20 minutes look at something 20 feet away for at least 20 seconds.
- Heavy equipment
- Lift monitors, printers or servers with two people or a trolley.
- Never pull a device by its power cable.
- Tripping hazards
- Route cables along walls or under carpet; use cable covers.
- Keep the floor clear of loose items and equipment.
2. e‑Safety – Data‑protection legislation
UK Data Protection Act & GDPR set seven core principles that organisations must follow when handling personal data.
| Principle | What it means for you |
|---|
| Lawfulness, fairness & transparency | Data must be processed legally and the person concerned must be informed. |
| Purpose limitation | Collect data only for a specific, legitimate reason. |
| Data minimisation | Keep only the data that is necessary. |
| Accuracy | Ensure personal data is correct and up‑to‑date. |
| Storage limitation | Delete or anonymise data when it is no longer needed. |
| Integrity & confidentiality | Protect data against unauthorised access, loss or damage. |
| Accountability | Be able to demonstrate compliance with all the above. |
3. e‑Safety – Common threats to data
| Threat | Description |
|---|
| Phishing | Deceptive emails or messages that request login details or personal data. |
| Pharming | Manipulation of DNS to redirect users to fake websites. |
| Smishing | Phishing via SMS (text) messages. |
| Vishing | Voice‑phishing – fraudulent phone calls asking for confidential information. |
| Malware / Viruses | Software designed to damage, disrupt or gain unauthorised access. |
| Ransomware | Encrypts files and demands payment for the decryption key. |
| Card‑fraud techniques | Shoulder‑surfing, card‑cloning, key‑logging, skimming. |
| Online scams & fraudulent offers | Fake promotions, lottery wins or “too‑good‑to‑be‑true” deals. |
| Cyber‑bullying & harassment | Repeated hostile or humiliating digital messages. |
| Inappropriate content & contact with strangers | Exposure to harmful material or unsolicited communication. |
| Gaming addiction | Excessive play that harms health, academic work or social life. |
4. Safe use of specific digital services
4.1 Internet
- Use strong, unique passwords (≥12 characters, mix of upper‑/lower‑case letters, numbers, symbols).
- Enable two‑factor authentication (2FA) wherever possible.
- Keep operating systems, browsers and plug‑ins up to date; enable automatic updates where allowed by your school’s IT policy.
- Check URLs: look for
https://, a green padlock, and verify the certificate (click the padlock). - Avoid clicking unknown links or downloading files from untrusted sources.
- Install reputable antivirus/anti‑malware software and run regular scans.
- Use a firewall; a VPN can be useful on public Wi‑Fi as an optional/advanced measure.
4.2 Email
- Inspect the sender’s address before opening attachments or clicking links – watch for misspellings or unexpected domains.
- Never share passwords, bank details or other personal identifiers via email.
- Mark suspicious messages as spam and report phishing attempts to your provider or school IT staff.
- Use email encryption (e.g., PGP or S/MIME) for sensitive information.
- Enable 2FA for your email account.
4.3 Social media
- Set profiles to “private” or limit visibility to trusted friends only.
- Think before you post – once online, content can be shared indefinitely.
- Do not accept friend/follow requests from people you do not know.
- Review privacy settings regularly; disable location tagging unless required.
- Report abusive or harassing behaviour using the platform’s tools.
- Follow netiquette: use respectful language, avoid hate speech and do not spread rumours.
4.4 Online gaming
- Choose a gamer tag that does not reveal your real name, address or school.
- Enable parental controls or age‑appropriate settings where available.
- Be cautious in chat rooms – never share phone numbers, home address or other personal details.
- Report cheating, harassment or inappropriate content to game moderators.
- Set daily/weekly time limits and take regular breaks (e.g., 10 minutes every hour).
5. Responsible digital behaviour (Netiquette)
- Use appropriate language; avoid profanity, insults or discriminatory remarks.
- Respect others’ opinions and cultural differences.
- Do not forward unverified rumours or “fake news”. Verify information before sharing.
- When in doubt, ask a teacher, parent or trusted adult for advice.
- Block or mute users who behave inappropriately; keep evidence of serious incidents.
6. General e‑Safety principles
- Think before you share – consider who can see the information and for how long.
- Back up important data regularly (cloud service or external drive).
- Log out of accounts on shared or public computers.
- Use reputable sources; verify facts before believing or forwarding them.
- Educate friends and family about safe online practices.
7. Audience appreciation & copyright
- Identify the intended users of an ICT solution (e.g., primary‑school pupils, teenagers, adults) and tailor safety measures accordingly – younger users may need stricter parental controls and more supervision.
- When creating or sharing digital content, respect copyright:
- Use only material you have created, that is in the public domain, or that is licensed for your intended use (e.g., Creative Commons).
- Give proper attribution where required.
- Do not download or distribute pirated software, music, videos or images.
8. Summary of risks and mitigation strategies
| Risk | Potential impact | Mitigation measures |
|---|
| Phishing / Smishing / Vishing | Loss of personal data, financial loss | Verify sender, avoid unknown links, use spam filters, enable 2FA. |
| Pharming | Redirected to fraudulent sites, credential theft | Check HTTPS padlock, use reputable DNS services, keep browsers updated. |
| Malware / Ransomware / Viruses | System damage, data loss, ransom payment | Antivirus, regular updates, download only from trusted sites, backup data. |
| Card‑fraud (shoulder‑surfing, cloning, key‑logging) | Unauthorised use of payment details | Cover keypad, use virtual cards, enable transaction alerts, keep software patched. |
| Cyber‑bullying | Emotional distress, reputation damage | Block/report harassers, keep evidence, seek support from adults, follow netiquette. |
| Identity theft | Unauthorised use of personal information | Strong passwords, 2FA, limit personal data sharing, monitor credit reports. |
| Inappropriate content | Exposure to harmful material | Enable content filters, supervise younger users, report offending material. |
| Gaming addiction | Reduced academic performance, health issues | Set time limits, use parental controls, encourage offline activities. |
Key takeaway
Safety in ICT combines physical precautions with robust e‑Safety practices. By applying strong passwords, keeping software up to date, understanding data‑protection legislation, managing privacy settings, respecting copyright, practising good netiquette and tailoring safety measures to the intended audience, learners can protect themselves, their data and enjoy digital technology responsibly.