This subtopic covers the essential knowledge required to identify and mitigate online risks, including malware, phishing, and social engineering. Learners
Topic Synopsis
This subtopic covers the essential knowledge required to identify and mitigate online risks, including malware, phishing, and social engineering. Learners will explore practical strategies for safeguarding personal information and respecting legal frameworks such as data protection and copyright laws, ensuring responsible digital citizenship.
Key Concepts & Core Principles
- Personal data protection: Understanding what constitutes personal information (e.g., name, address, bank details) and how to keep it private, including using strong passwords and two-factor authentication.
- Recognising online threats: Identifying common cyber threats such as phishing emails, malware, ransomware, and social engineering tactics, and knowing how to respond safely (e.g., not clicking suspicious links).
- Digital footprint: Awareness that every online action leaves a trace, including posts, searches, and downloads, and understanding how this can be used by others (e.g., employers, hackers).
- Safe social media use: Applying privacy settings, thinking before posting, avoiding oversharing, and understanding the risks of location tagging and friend requests from strangers.
- Legal and ethical responsibilities: Knowing the basics of UK laws like the Computer Misuse Act and Data Protection Act, and understanding the consequences of cyberbullying, copyright infringement, and illegal downloads.
Exam Tips & Revision Strategies
- For practical tasks, always demonstrate both the identification of a risk and the specific step to mitigate it.
- Use real-world examples to illustrate legal constraints, such as citing the consequences of copyright infringement.
- When describing data security, prioritize the principle of 'least privilege' and encryption basics.
- Revise the key terminology of the Data Protection Act (or GDPR) to accurately reference legal principles.
Common Misconceptions & Mistakes to Avoid
- Confusing malware types (e.g., thinking a worm is the same as a trojan).
- Assuming that using public Wi-Fi is always safe if a password is required.
- Believing that once software is installed, it is permanently safe without updates.
- Underestimating the importance of reading privacy policies and terms of service.
Examiner Marking Points
- Award credit for demonstrating an understanding of common internet threats (e.g., viruses, identity theft) and their potential impact.
- Award credit for outlining effective personal safety measures, such as using strong passwords, enabling two-factor authentication, and adjusting privacy settings.
- Award credit for explaining the importance of data backup, secure connections (e.g., HTTPS), and cautious handling of personal data.
- Award credit for identifying relevant legal considerations like the Data Protection Act, copyright, and acceptable use policies.