Cybersecurity and Online Safety — Year 6 Lesson Plan
National Curriculum: Computing KS2 — use technology safely, respectfully and responsibly; recognise acceptable/unacceptable behaviour; identify a range of ways to report concerns
Overview
Pupils develop a sophisticated understanding of online safety and cybersecurity, moving beyond basic rules to understand how threats work and how to defend against them. They explore phishing, malware, strong passwords, two-factor authentication, and digital footprints, developing the critical thinking skills needed to stay safe in an increasingly digital world.
Learning Objectives
- Explain common cybersecurity threats including phishing and malware.
- Understand what makes a password strong and why two-factor authentication adds security.
- Describe what a digital footprint is and how to manage it responsibly.
- Evaluate online information critically and identify potential risks.
Key Vocabulary
Suggested Lesson Structure
Show a realistic-looking phishing email (fictional example). Ask: is this genuine? What clues tell you it might not be? Pupils identify red flags: sender address mismatch, urgency ('Act now!'), suspicious link, request for personal information. Establish: cybercriminals are sophisticated — being careful is a skill, not just a rule.
Cover five themes. Phishing: how it works — urgency and fear make people act without thinking; how to spot it — check the sender address carefully, hover over links before clicking, verify via a different channel. Malware: types — viruses (spread between files), trojans (disguised as legitimate software), ransomware (locks your files until you pay). Strong passwords: length matters more than complexity; a passphrase (4 random words) is stronger than a short complex password; never reuse passwords. Two-factor authentication: something you know (password) + something you have (phone) — even if a password is stolen, the account is still protected. Digital footprint: everything you post, like, search, or buy creates a permanent record; employers, universities, and anyone you share data with can see it; manage your privacy settings.
Password strength activity: pupils evaluate five passwords (e.g. 'password', 'P@55word!', 'correct-horse-battery-staple', '12345', 'MyDog$Tim2019') and rank them from weakest to strongest, justifying their reasoning. Discuss: which criteria matter most — length, complexity, or predictability?
Pupils create a 'Cybersecurity Guide for New Year 7 Students' — a one-page summary covering: how to spot phishing, how to create a strong password, what two-factor authentication is, and one tip for managing their digital footprint. Written for a peer audience — must be clear and practical.
Discuss: is it possible to be completely safe online? What is a realistic level of risk, and how do we manage it? Introduce the idea of 'security vs convenience' trade-offs: two-factor authentication is slightly inconvenient but much more secure. Is that trade-off worth it? Connect to careers: cybersecurity is one of the fastest-growing job sectors in the world.
Common Misconceptions
- Long passwords with lots of symbols are the most secure — password length is more important than complexity; a long passphrase is harder to crack than a short but complex password.
- Once you delete something online it's gone — digital data can be cached, backed up, screenshotted, or stored by third parties; deletion is not always permanent.
Prior Knowledge
Pupils should already be able to:
- KS1/KS2 online safety: basic rules around personal information and trusted adults.
- Year 4 Computing: understanding of networks and how email works.
- Year 5 Computing: how the internet works — data packets and servers.
Want a personalised version of this lesson?
Use Staffroom to generate a complete lesson plan tailored to your class — add context about ability, recent learning, or specific pupils and get a plan ready to teach. Free trial, no card required.