Computer Science · Grade 10

Active learning ideas

Cybersecurity Best Practices

Cybersecurity is a skill best learned by doing, not just listening. Students need to practice identifying threats, applying defenses, and making quick decisions in realistic scenarios. Active learning lets them experience consequences firsthand, which builds lasting habits for digital safety.

Ontario Curriculum ExpectationsCS.HS.S.1CS.HS.S.4
20–50 minPairs → Whole Class4 activities

Activity 01

Stations Rotation50 min · Small Groups

Stations Rotation: Security Measures Stations

Set up stations for password creation (using dice for randomness), phishing identification (analyze sample emails), MFA simulation (app-based demo), and update checks (scan devices). Groups rotate every 10 minutes, documenting strengths and weaknesses at each. Conclude with a class share-out.

Design a set of cybersecurity best practices for personal online safety.

Facilitation TipDuring Security Measures Stations, float between groups to listen for students discussing trade-offs between convenience and security, not just checking boxes.

What to look forPresent students with three different password examples. Ask them to identify which password is the strongest and explain why, referencing at least two criteria for strong password creation.

RememberUnderstandApplyAnalyzeSelf-ManagementRelationship Skills
Generate Complete Lesson

Activity 02

Role Play30 min · Pairs

Pairs: Phishing Role-Play

Pairs alternate as sender and receiver; one crafts a phishing email, the other identifies red flags like urgent language or bad links. Switch roles, then discuss defenses like verifying sources. Compile class tips into a shared poster.

Evaluate the effectiveness of different security measures (e.g., strong passwords, multi-factor authentication).

Facilitation TipIn Phishing Role-Play, provide sample emails with clear and subtle red flags so students practice discernment, not just pattern matching.

What to look forProvide students with a scenario: 'You receive an email asking you to click a link to verify your bank account details due to a security alert.' Ask them to write two specific actions they would take before clicking any link and explain the reasoning behind each action.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 03

Role Play40 min · Whole Class

Whole Class: Security Checklist Design

Project a template; students brainstorm and vote on essential practices via digital poll. Refine into a school-wide checklist, then test it against recent news breaches. Print and distribute for ongoing use.

Justify the importance of continuous vigilance in maintaining cybersecurity.

Facilitation TipFor Security Checklist Design, give students a partially completed example to model the expected level of detail and specificity.

What to look forFacilitate a class discussion using the prompt: 'Imagine you are advising a friend who is new to online banking. What are the top three cybersecurity practices you would emphasize, and why are they crucial for their personal safety?'

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 04

Role Play20 min · Individual

Individual: Personal Audit

Students assess their own devices and accounts using a rubric for passwords, updates, and MFA. Note gaps, implement one change, and reflect in a journal entry shared anonymously. Follow up next class.

Design a set of cybersecurity best practices for personal online safety.

Facilitation TipDuring the Personal Audit, ask students to explain their rating choices to uncover gaps in their own understanding.

What to look forPresent students with three different password examples. Ask them to identify which password is the strongest and explain why, referencing at least two criteria for strong password creation.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

A few notes on teaching this unit

Teach this topic by making the invisible visible. Use real-world data breaches and student-friendly examples to show how small oversights create big problems. Avoid scare tactics; instead, focus on building competence through repetition and reflection. Research shows that students retain cybersecurity habits better when they teach others, so design activities that require explanation and peer feedback.

By the end of these activities, students will confidently apply layered defenses, recognize phishing attempts, and explain why simple solutions often fail. Look for students to cite specific practices rather than vague advice when discussing threats and protections.

Watch Out for These Misconceptions

  • During Security Measures Stations, watch for students assuming antivirus software alone keeps them safe.

    Use the station about software updates to demonstrate how unpatched systems create vulnerabilities that antivirus cannot prevent. Have students simulate a breach by exploiting an outdated program in a controlled activity.

  • During Security Measures Stations, watch for students believing strong passwords need to be long but not necessarily complex.

    Use the station with password cracking challenges to let pairs test simple patterns versus complex combinations. Provide a tool like a password strength meter so students see the impact of mixed case, numbers, and symbols in real time.

  • During the Personal Audit, watch for students assuming they are not targets for hackers because they have nothing valuable online.

    Use the Personal Audit to have students calculate the value of their data by estimating what an attacker could do with their account information. Include a case study from the Phishing Role-Play activity to show how attackers exploit everyday accounts for broader access.

Methods used in this brief

More in Networks and the Internet

Introduction to Computer Networks

Understand the basic components of a computer network and different network topologies.

2 methodologies

Network Hardware and Devices

Identify and explain the function of common network hardware components like routers, switches, and modems.

2 methodologies

The Internet: A Network of Networks

Explore the structure and function of the internet as a global network, including its history and key organizations.

2 methodologies

IP Addresses and DNS

Understand how devices are identified on a network using IP addresses and how the Domain Name System (DNS) translates human-readable names.

2 methodologies

TCP/IP and Packet Switching

Analyze the rules that govern how data packets travel across complex networks without getting lost, focusing on TCP/IP.

2 methodologies