ICTC Logo Colour new logo 2
2li FrEn Wordmark C

In trusted partnership with the KnowledgeFlow Cybersafety Foundation

National CyberDay 2025 Operation Lockdown banner 1

Rappel : modifiez les paramètres linguistiques de votre page pour afficher ce contenu en français. Accédez au coin supérieur droit de la page pour modifier la langue (capture d’écran ci-dessous).

image 1

Welcome to mission lockdown: Technology defence briefing!

As a Cybersafeguard Specialist, your mission is to protect your digital world by mastering the essentials of cybersafety. You will learn how to maintain a secure device by using strong access passwords, checking privacy and activity settings, and keeping apps and systems updated. You will be trained to recognize and respond to signs of compromise, remaining vigilant for unusual activity or unauthorized changes. Your mission also involves uncovering and understanding different types of scams, including fear-based tactics, technology scams, fraudulent transactions, and romance schemes. Finally, you will develop strong password practices, creating unique and complex codes that guard your information and keep intruders out.

Listed below are some key cybersafety information all teachers should know. Once you’ve built your own confidence and expertise, you’ll find resources further down to use directly with your students. These include age-appropriate activities, ready-to-go slides, and take-home materials you can share with families to help extend cybersafety learning beyond the classroom.

Return to CyberDay Main Page

mission support

Maintaining a secure device

Recognizing and naming scams

Password Best Practice

Mission support

Maintaining a secure device

cybersafety

Having an Access password

Setting a password on your device is one of the simplest and most important ways to keep it secure. As a teacher, your laptop, tablet and/or phone might hold student records, lesson plans, or personal files. Using a strong access password ensures that only you can open your device, which is especially important if you step away or use shared or school-issued devices. This can prevent any unauthorized access, including from curious students. Always remember to sign out and close any sessions when you’re done, especially on shared or public devices.

Configure Inactivity Settings

As a busy teacher, you’re often moving from one task to the next. Whether you’re stepping out of the room for a moment, helping a student, or getting called into a meeting, it’s easy to leave your laptop unattended. Setting your device to lock after one to three minutes of inactivity automatically helps keep it secure. This way, the screen shuts off and can’t be turned back on without your pre-set access password. It’s an easy step that helps protect things like your gradebook, lesson plans, or email from being accessed by others, especially in shared spaces. Just as you would never leave physical copies of sensitive student records on your desk during class time, you should also never leave unlocked devices unattended.

Keeping apps and systems updated

Keeping your devices and apps up to date is one of the simplest ways to protect your information and ensure technology runs reliably in the classroom. School board devices are usually updated automatically, but personal devices like phones, tablets, and laptops rely on you to install updates. Regular updates fix glitches, improve performance, and close security gaps that could put your information at risk. If possible, turn on automatic updates so nothing gets missed, and encourage students and families to do the same at home to help keep their devices secure.

Recognizing Indicators of Compromise

Sometimes your devices or apps may start to act strange. They might slow down, freeze, or behave in ways that don’t seem normal, all of which could be signs that something is wrong. It’s essential not to ignore these warning signs, as doing so could put both your data and your students’ information at risk. If you notice anything unusual, take it seriously. Some school board policies do not allow staff to manually run virus scans on board-managed devices, so in those cases, you must always contact your IT department and follow their guidance. On personal devices, you can run checks yourself using built-in tools like Windows Defender on Windows or XProtect on Mac. If anything concerning is detected, follow the recommended steps to remove the risk, which may include having your device serviced by a trusted professional. Regardless of whether a scan finds anything or not, always report unusual behaviour to IT. Leaving issues unreported or unresolved could put you, coworkers, students, or the school at risk. By seeking help early, you can prevent minor problems from escalating and protect everyone’s safety and information.

Mission Lockdown indicators scaled
Mission support

Recognizing and naming scams

Mission Lockdown Scam

Warning: Scam!

As scam incidents continue to rise each year, everyone, including educators, faces growing risks to their digital security. These attacks seek to obtain money, personal information, or access to devices and accounts, and may occur through both school-related and personal communication channels. Understanding how scams operate is essential to safeguarding yourself, your students, and your institution

Visualizing the extent of the issue: The Canadian Anti-Fraud Centre (CAFC) reported that in 2024, Canadians lost nearly $647 million to scams, and the number is expected to continue to climb.

Types of scams

Fear-based scams are designed to exploit individuals’ fears, anxieties, or concerns, deceiving them into taking specific actions, such as providing personal information or sending money. These scams typically rely on creating a sense of urgency or an impending threat to manipulate victims into making decisions without careful consideration. Scammers attempt to establish a sense of authority and legitimacy, socially engineering people into believing their request comes from a legitimate source. Examples of fear-based scams include:

  • Emergency scams: Calls from fake lawyers, hospitals, or bail agents claiming a loved one is in trouble.
  • CRA or tax scams: Threats of arrest or legal action for unpaid taxes.
  • Police/RCMP scams: Callers impersonate law enforcement to coerce personal or financial info with the threat of fines or arrest.
  • Bank or credit card scams: A Bank Impersonator contacts you and makes urgent claims of unusual account activity, blocked/hacked accounts, or unpaid balances to try to steal financial information.
  • Extortion scams: Threats to release personal information or images unless a ransom is paid.

A transaction scam refers to fraudulent schemes where scammers deceive individuals during the process of conducting a financial transaction. These scams typically involve tricking victims into providing money, goods, or services based on false pretences or through manipulative tactics. The aim is to exploit the victim’s trust and extract financial gain from them through deceitful means.

  • Fake rental ad scams: Fake listings trick renters into paying deposits for properties that don’t exist or aren’t available.
  • Investment scams: Fraudsters pose as legitimate investment agencies, promising high returns with low risk, often involving crypto and fake investment platforms.
  • Ticket or fine scams: Fake notices demand payment for parking or driving violations or offer fake refunds to steal account info.
  • Shipping and delivery scams: Scammers pose as sellers or couriers, requesting extra fees or personal info for fake deliveries.
  • Lottery or prize scams: Claim you’ve won a prize, then ask for fees or personal details to “claim” it.
  • Copycat websites: Look-alike sites mimic real ones to steal logins, financial information, or personal details. Always check the URL of any site.

Romance scams happen when scammers create fake online identities to form emotional connections and gain a victim’s trust. These scams often start on dating apps or social media, then quickly move to private messaging or chat apps. The relationship develops quickly, with the scammer expressing strong emotions from the outset. They often claim to have jobs that explain why they can’t meet in person, such as working on an oil rig, in the military, or as a doctor abroad. Excuses such as a broken camera or a sudden emergency are often used to avoid video calls or meetings. Once trust is established, the scammer creates a crisis or opportunity that requires financial assistance.

Common requests include travel or visa fees, emergency medical expenses or help with debts or investments. They may request payment via gift cards, wire transfers, or cryptocurrency. Some scams persist for months, with ongoing requests, while others conclude once the victim refuses to send more money.

Tech scams exploit trust in technology and often target people with limited technical knowledge. Scammers often pose as tech support or security experts to gain unauthorized access to devices, sensitive data, or financial information.
Some scams use fake pop-ups or messages claiming your device is infected, urging you to click a link or call a number. Others impersonate legitimate companies and request remote access, which can lead to the installation of malware or the theft of sensitive information.

Some scams use real technology threats, such as:

  • Ransomware: Locks files and demands payment to restore access.
  • Spyware/Keyloggers: Secretly track and steal personal data and passwords.
  • Viruses & Worms: Spread through infected links or downloads to damage systems or steal data.

Some orchestrate fake technology scams that include:

  • Tech support scams: Pretend your device has a virus; ask for payment or access.
  • Scareware: Alerts that trick you into thinking your data is at risk to get you to pay or download malware.
  • Pop-ups: Fake alerts claiming prize wins, account breaches, or software issues.

Being able to identify and understand different types of scams is a key part of staying safe online. The more aware you are, the less likely you are to fall victim. Scams are common, so staying alert is essential to protecting your personal information, accounts, finances and identity.

Mission support

Password best practices

CyberDay Wordpress image highlight 2 1

Passwords may seem like a small detail, but they’re your first and most important layer of protection against cyber threats. Weak passwords are often the easiest way for hackers to gain access to sensitive data, whether it’s your email, classroom tools, bank accounts, or student info systems.
Why Strong Passwords Matter
Hackers use various methods to crack passwords, including:

  • Brute force attacks (automatically trying password combinations) 
  • Phishing scams (tricking you into revealing your login) 
  • Credential stuffing (reusing stolen passwords across sites)

Characteristics of a good password

Unique:

  • Never reuse the same password across multiple accounts.
  • If one account is compromised, reused passwords allow attackers to access others.
  • Even slight variations (e.g., Password123 vs. Password123!) are easily guessed.  

Complex (to crack):

  • Turn on multi-factor authentication (MFA) wherever possible. This adds an extra layer of security using a one-time code via text, call, or an authenticator app.
  • Even if someone gets your password, they can’t access your account without the second factor.

Secure:

  • Don’t store passwords in notebooks, Word docs, or sticky notes.
  • Use a trusted password manager (many free or low-cost options are available) to store and generate strong passwords securely. 
  • Lock your devices and accounts when you’re not using them.

Strong:

  • Aim for at least 12–16 characters. 
  • Use a mix of uppercase and lowercase letters, numbers, and special characters.
  • Avoid personal info (names, birthdays, pet names) and common words or patterns
  • Try using passphrases: a random combination of words and symbols (e.g., BlueMonkey!Tree97).   

Password Managers

A password manager is a secure tool that stores all your passwords in one place, allowing you to create strong, unique passwords for every account without needing to remember them all. It can also help track fake answers to security questions for added protection.

When choosing one:

  • Read the privacy policy to ensure your info won’t be shared.
  • Check who makes it and their reputation for security.
  • Ensure it works properly on all your devices and stores data securely.

Multi-factor Authentication

Enable multi-factor authentication (MFA) whenever possible. MFA adds a powerful layer of security by requiring more than just a password to access your accounts. In addition to something you know (your password), MFA requires something you have (like a one-time code sent to your phone or an authentication app) or something you are (like a fingerprint or facial recognition).

This means that even if someone manages to steal your password, they won’t be able to access your account without the second form of verification.

Classroom Implementation

Teaching Materials (Slide Decks)

Here are three slide shows, filtered by grade range (Grades 9–12, 5–8, and 1–4), that you can add straight into Google Classroom. These slideshows make it easy for you to turn the information into teachable lessons with ready-to-go slides so that students can become the experts themselves. You can present them in class or share them with students and parents to explore on their own.

English

1 – Mission Lockdown Cybersafety SLIDE (9-12 and Parents) (1)Download
2 – Mission Lockdown Cybersafety Slides (5-8)Download
3 – Mission Lockdown Cybersafety slides (1-4)Download

French

French – Mission Lockdown Cybersafety slides (9-12 and Parents)Download
French- Mission Lockdown Cybersafety SLIDE (5-8)Download
French – Mission Lockdown Cybersafety slides (1-4)Download
Classroom Implementation

Classroom Activities

Here are lesson activities you can use directly in the classroom or upload to Google Classroom. This version works as a teacher guide or can be shared with students for easy use. The activities are curriculum-aligned and designed to deepen students’ understanding of cybersafety concepts. They are organized by grade range (Grades 7–12 and Grades 1–6) and conveniently included in a single document for easy access.

English Version

Mission Lockdown ActivityDownload

French Version

Français – Mission Lockdown ActivityDownload

continuing the cybersafety mission

Cybersafety for Schools Kit mailchimp landing page 2
KnowledgeFLow cybersafety foundation

Cybersafety for Schools Kit

KnowledgeFlow offers a comprehensive Cybersafety for Schools Kit designed to support educators in teaching safe and responsible technology use. The kit includes a structured email course with weekly, easy-to-digest content, lesson plans, and classroom resources. Topics cover Digital Citizenship, Mobile Device Safety, Selecting Classroom Technology, Cybersafety Curriculum Integration, and more. The materials are designed to help teachers guide students in becoming confident, responsible, and safe digital citizens.

Enrol today
CyberBytes: Digital Skills Professional Development for Teachers
Information and Communications Technology Council (ICTC)

CyberBytes: Cyber Security and Privacy

CyberBytes is a free, self-paced professional development program for Canadian K–12 educators, developed by certified cybersecurity experts to strengthen digital literacy while supporting personal and professional growth. One of four key topics in the course is “Cybersecurity and Privacy”, where teachers learn essential cybersafety skills, including understanding the Information Triad, managing private and personal data, controlling digital footprints, and responding to cyberattacks. By the end, you’ll be equipped to protect your own information, safeguard your students’ data, and confidently apply practical cybersecurity practices in your classroom and everyday digital life. Check out this section and explore the full CyberBytes course to build your skills across all four key areas and enhance your digital literacy even further!

Take the course
cira image
The Canadian Internet Registration Authority (CIRA)

Free, printable activities and resources for teaching kids about Cybersafety.

The Canadian Internet Registration Authority (CIRA) designed these activities to help educators introduce cybersafety concepts to students in an age-appropriate manner and equip their families with tools to protect them against cyber threats.

Download Resources
logo

The Information and Communications Technology Council (ICTC) is a neutral, not-for-profit national centre of expertise with the mission of strengthening Canada’s digital advantage in the global economy. For over 30 years, and with a team over 100 experts, they have delivered forward-looking research, practical policy advice, and capacity-building solutions for individuals and businesses. ICTC’s goal is to ensure that technology is utilized to drive economic growth and innovation and that Canada’s workforce remains competitive on a global scale.

ICTC’s National CyberDay 2025 is funded by the Government of Canada’s CanCode Initiative