QualityHero
All quizzes

Online safety quiz

A short awareness check on staying safe online - covering phishing, password hygiene, deepfakes, social engineering, and the basics of protecting personal and learner data.

Questions: 10

Time: about 5 minutes

Pass mark: 80% (8 out of 10) for a printable certificate

No account needed. We email your certificate so you can save it for your CPD log.

Read up first (optional)

Navigating the Digital World: A Guide to Online Safety for FE & Skills Professionals

In today's interconnected world, digital safety isn't just an IT department's concern - it's everyone's responsibility. For professionals in the Further Education and Skills sector, protecting personal and sensitive data, fostering a secure online environment, and understanding digital risks is paramount. This guide from QualityHero (in partnership with WorkplaceHero) offers practical, jargon-free advice to help you stay safe and secure online.

1. Spotting a phishing attempt: your first line of defence

Phishing scams are everywhere, attempting to trick you into revealing sensitive information. They often come as emails, texts, or even phone calls that appear to be from a legitimate source.

Tell-tale signs to watch for

  • Urgent or threatening language: "Your account will be suspended if you don't act now!"
  • Requests for personal information: Legitimate organisations rarely ask for passwords, bank details, or ULNs via email or text.
  • Generic greetings: "Dear Customer" instead of your name.
  • Grammar and spelling errors: A common indicator of a scam.
  • Suspicious links and attachments: Hover over links (without clicking!) to see the true destination. Unsolicited attachments are a red flag.
  • Sender's email address: Does it look legitimate? Scammers often use addresses that are similar but not identical to official ones.

What to do

  • Don't click, don't reply, don't open attachments: Treat the message as suspicious by default.
  • Verify directly: If you're unsure, contact the organisation using an official phone number or website (not one provided in the suspicious message).
  • Report it: Forward suspicious emails to your IT department or your provider's designated infosec contact. For texts, forward them to 7726 (it's free!).

2. Passwords that actually work: beyond "Password123"

Your password is your first barrier against unauthorised access. Simple, reused passwords are a significant risk.

  • The three random words rule: A strong password doesn't have to be complex characters you can't remember. Instead, choose three completely unrelated words (e.g. "table-sunny-banana") and add a number or symbol if required. This creates a long, memorable, and much harder-to-guess password.
  • Password managers: Consider using a reputable password manager. These tools securely store all your unique, complex passwords, filling them in automatically and generating new strong ones when needed. You only need to remember one master password.
  • Why reuse is the real risk: If you reuse the same password across multiple accounts and one of those accounts is compromised, criminals can then access all your other accounts. Unique passwords for each service dramatically reduce this risk.

3. What to do with a suspicious link: the safe response in 30 seconds

Encountering a suspicious link can be nerve-wracking, but your response can prevent a compromise.

Golden rules

  • Don't click: Clicking a malicious link can initiate downloads, redirect you to fake login pages, or expose your device to malware.
  • Do report: If it's an email or text, follow your organisation's reporting procedure (e.g. forward it to IT). This helps your provider identify and block future threats.

The safe response (30 seconds)

  • Stop: Don't interact with the link.
  • Think: Does this look legitimate? Am I expecting this?
  • Report: Use your organisation's reporting method.
  • Delete: Once reported, remove the suspicious message from your inbox or messages.

4. Two-factor authentication (2FA) explained: blocking account takeovers

Two-Factor Authentication (2FA) adds an extra layer of security to your online accounts, making it significantly harder for unauthorised users to gain access, even if they have your password.

  • How 2FA works: After entering your password, 2FA requires a second piece of evidence to verify your identity - typically a code sent to your phone, an app-generated code, or a physical security key. Even if a hacker steals your password, they can't access your account without that second factor.
  • Why it blocks most account takeovers: Most successful account compromises happen with just a stolen password. 2FA largely mitigates this risk by requiring something a hacker won't have - your physical device or security token.
  • How to set it up in minutes: Many popular services (email, social media, banking) offer 2FA. Look for "Security Settings" or "Login & Security" in your account preferences. It's usually a straightforward process to link your phone or an authenticator app. We strongly recommend enabling 2FA on all critical accounts.

5. Professional boundaries online: handling DMs from learners

Maintaining professional boundaries is crucial in your role, and this extends to online interactions with learners. While platforms like Microsoft Teams or official learning environments are designed for professional communication, direct messages on personal social media platforms can present challenges.

How to handle DMs from learners

  • Direct to official channels: If a learner messages you on a personal platform, politely redirect them to the appropriate official communication channel (e.g. college email, VLE messaging, or during scheduled office hours).
  • Don't engage in personal conversations: Keep all interactions professional and directly related to their learning or welfare where appropriate via official channels.
  • Be clear about your online presence: Consider adjusting privacy settings on personal social media accounts to limit learner access.
  • Report concerns: If a message is inappropriate, makes you feel uncomfortable, or raises safeguarding concerns, follow your provider's safeguarding procedures immediately. This doesn't damage the professional relationship; it upholds it and ensures everyone's safety.

6. Deepfakes and AI impersonation: verification habits that beat them

The rise of AI has brought sophisticated new forms of fraud, including "deepfakes" - convincing but fake audio, video, or images. These can be used for impersonation and scams.

Scammers create fake calls from "colleagues" or "senior leaders" requesting urgent money transfers, or manipulated videos appearing to show a person endorsing fake products. They exploit our trust in visual and auditory cues.

Verification habits that beat them

  • Be sceptical of urgency: Scammers often create pressure to bypass critical thinking.
  • Verify independently: If you receive an unusual request, especially involving money or sensitive data, verify it through a known, official channel (e.g. call the person on a known number, not one provided in the message).
  • Look for inconsistencies: Deepfakes, while advanced, can still have subtle flaws in facial movements, unnatural speech patterns, or unrealistic lighting.
  • Sense check information: Does the request or situation make sense? Is it typical behaviour for that person?
  • Consider a video call: If you're on an audio call and suspect impersonation, suggesting a quick video call can often expose a deepfake.

7. What counts as personal data: your jargon-free guide to UK GDPR

Understanding personal data is fundamental to data protection. In the FE and Skills sector, you handle a lot of it!

Under UK GDPR, personal data is any information that relates to an identified or identifiable living individual. An identifiable individual is one who can be identified, directly or indirectly, by reference to identifiers such as name, ID number (e.g. ULN), location data, online identifier (e.g. IP address), or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Examples in the FE & Skills sector

  • Learner names, addresses, ULNs, dates of birth
  • Staff contact details, HR records
  • Attendance records, assessment grades, progress notes
  • Emails containing names or other identifying information
  • CCTV footage showing identifiable individuals

8. Clear-desk and screen-lock habits: small daily wins for data protection

Data protection isn't just about high-tech security; often, it's about simple, consistent habits.

Clear-desk policy

  • Before leaving: Ensure no sensitive documents (learner details, printouts, confidential papers) are left on your desk where they could be seen or accessed.
  • Shred, don't just bin: Dispose of confidential waste securely using approved shredding facilities.

Screen-lock habits

  • Whenever you step away: Even for a quick coffee break, lock your computer screen. This prevents unauthorised access to your digital workspace.
  • Keyboard shortcut: The fastest way is usually Windows key + L (Windows) or Ctrl + Cmd + Q (Mac). Make it a reflex.

9. Supporting a learner facing sextortion: what to say and do next

Sextortion is a devastating form of online abuse where an individual is coerced into sending sexually explicit images or videos, which are then used to blackmail them. If a learner confides in you about sextortion, your immediate response is critical.

What to say first

  • Listen without judgment: Reassure them it's not their fault and they're brave for speaking out.
  • Emphasise support: Let them know they are not alone and you will help them.
  • Do not delete anything: Advise them not to delete any messages, images, or account information as this can be crucial evidence.

What to do next

  • Activate safeguarding procedures immediately: Report the concern to your Designated Safeguarding Lead (DSL).
  • Do not attempt to investigate yourself: This is a job for trained professionals and law enforcement.
  • Block the perpetrator: On all platforms.
  • Do not pay: Paying usually leads to further demands.
  • Report to platforms: Ensure the learner reports the abuse to the social media platforms or apps where it occurred.
  • Gather evidence: Screenshot all communications and profiles (without viewing or saving any explicit content itself).

Where to report (in addition to your internal DSL)

  • Police: Local police can be contacted for severe cases.
  • CEOP (Child Exploitation and Online Protection Centre): Crucial for those under 18.
  • Revenge Porn Helpline: For advice and support for adults.

10. Sharing nudes: the right response

If a learner shares that they have sent private sexual images, or if you encounter such content (e.g. an image accidentally displayed on a learner's device), your response must be immediate, safe, and lawful.

Don't view, don't save

  • Do not view the content: Your focus is on the welfare of the learner and adherence to policy, not the image itself.
  • Do not save, store, or forward the image: This is critical to avoid potential legal ramifications and to protect the learner's privacy.

The safe and lawful steps to follow

  • Activate safeguarding procedures immediately: Inform your DSL without delay. This is a safeguarding concern.
  • Focus on the learner's welfare: Discuss the context with the DSL, focusing on why the image was shared, who it was shared with, and any risks to the learner.
  • Provide support and guidance (as directed by DSL): The DSL will determine the best course of action, which may include reporting to external agencies if there are concerns about exploitation, abuse, or underage individuals.
  • Reinforce online safety messages: Emphasise the risks of sharing personal images online and the importance of consent and privacy.
  • Document everything: Ensure all actions, decisions, and discussions are recorded in line with your provider's safeguarding policies.

By embracing these digital safety practices and staying informed, FE and Skills professionals can create a more secure and supportive online environment for themselves and their learners. For further training and resources on these topics, visit our sister brand, WorkplaceHero at workplacehero.co.uk/further-education-and-skills.