ICM CBQ Award in Digital Safety and Security

LO1 Understand the physical and emotional risk of technology usage

Potential physical stresses of using technology devices: eye strain and fatigue, neck and shoulder pain, repetitive stain injuries (RSI), hand and wrist discomfort, back pain, postural issues, headaches and migraines, thermal discomfort, sleep disruption.

Potential psychological stresses associated with technology usage: information overload, digital distractions, fear of missing out (FOMO), social isolation and loneliness, cyberbullying and harassment, digital addiction and dependence, sleep disturbance, reduced face-to-face interactions, digital exhaustion, burnout, privacy concerns and anxiety.

‍The importance of respectful interactions online: promote civility and respectful behaviour, foster positive relationships, encourage constructive dialogue, protect emotional well-being, uphold digital etiquette, mitigates conflict and misunderstanding, builds trust and reputation, encourages responsible digital citizenship, inclusion and diversity, positive online culture.

Benefits of limiting time spent on screens: promotes balanced lifestyles, prevents excessive screen time, reduces risk of digital addiction, enhances productivity and focus, encourages healthy screen habits, improves sleep quality, strengthens family bonds, supports emotional and mental well-being, encourages physical activity and outdoor play, promotes responsible digital citizenship.

LO2 Be able to use technology safely and responsibly

Correct computer use posture: a supportive and comfortable chair, neutral spine position, chair height and position, position monitor at eye level, ergonomic keyboards and mice, relaxed shoulders, elbows close to the body, regular breaks, reduced glare and eye strain.

Respectful communication online: respect others, be clear and concise, professionality, consider tone and intent, respect privacy and confidentiality, active listening, give and receive feedback constructively, resolve conflict respectfully, use digital etiquette, and avoid misinformation and disinformation.

Identifying how to respond to and report cyberbullying: report content, report users, report pages, report individuals.

Identifying employers' policy on technology and internet usage: contractual policy, privacy rules, work time internet usage, social media usage, online communication policies, and company social media pages.

LO3 Understand digital threats to data and devices

Nature and threats posed by worms, trojans, ransomware and identity theft

• Worms: self-replicating malware
  
  • Network disruption, data loss or security, exploits vulnerabilities
• Trojans: appear as legitimate software or program
  
  • Backdoor access, data theft, botnet recruitment
• Ransomware: encrypts files or locks software
  
  • Extortion, business disruption
• Identity theft: financial fraud, fraudulent activities
  
  • Reputational damage, financial impact

How the security of a device could be compromised: malware, software vulnerabilities, phishing attacks, weak passwords, physical access, unsecured networks, social engineering, insider threats, supply chain attacks, and lack of security awareness.

Safety concerns associated with public computers: malware and security risks, data theft, privacy risks, keylogging, keystroke logging, account hacking, unauthorised access, social engineering attacks, phishing, physical security risks, unsecured network connections, unsanitary conditions, limited user control.

Benefits of backing data up locally and to the cloud

• Locally: quick access, quick recovery, control, security, cost-efÏciency, ofline access, data sovereignty and compliance.
• Cloud: disaster recovery, automatic and scheduled backups, remote access and collaboration, high availability and reliability.

‍Safety concerns of public Wi-Fi: man-in-the-middle attacks, packet snifÏng, rogue access points, spoofing attacks, unencrypted connections, malware distribution, session hacking, evil twin attacks, lack of network isolation, untrustworthy hotspots.

LO4 Be able to protect data and devices

Identifying a phishing or harmful email: check sender's email address, check content, avoid links and attachments, requests for personal information, unsolicited requests or offers, spoofed or impersonated brands, emotional manipulation, check for HTTPS, verify with the sender, use security software.

Creating a secure password: length and complexity, avoiding common words and phrases, unique and randomised, passphrases, avoiding personal information, avoiding sequences or patterns, updating regularly, misspelling words, password managers, two-factor authentication, etc.

Utilising a Virtual Private Network (VPN): choose a service, instal service sign up for the service, launch the VPN, connect to the VPN, verify the VPN connection, disconnect from the VPN, when to use (public Wi-Fi, remote working, telecommuting, online banking, financial transactions, accessing Geo-restricted content, anonymity, online gaming, travelling abroad.

Effectively using anti-virus and firewalls: scan regularly, update regularly, check the version, automated scans, check functionality, check functioning.

Using private browsing to protect personal data: access mode on a variety of web browsers, avoid logging into accounts, be cautious of downloads, privacy-focused browsers and extensions. Using setÝngs on mobile devices to restrict or grant GPS location: application permissions, access setÝngs, reasons to restrict, reasons to grant permission, and reasons programs use location.

‍Requesting personal data held by an organisation: understand data protection rights, legal requirements, contacting correct individuals or organisations.