Course Content
Computer Essentials
0/7
Introduction to Computers
Operating System Basics
File & Folder Management
Networks & Internet Essential
Health, Safety, and the Environment
System Tools, Devices and Help Features
End of module 1 Test
Online Essentials
0/6
Web Browsing Basics
Searching for Information
Evaluating Online Content & Understanding Online Risks
Online Communication and Basics
E-mail Features, Settings and Good Practice
End of Module 2 test
IT Security
0/6
Security concepts and threats
Malware and Protection
Network Security
Secure Web Use
Communications and Secure Data Management
End of Module 3 test
Word Documents
0/7
Introduction to Word Processing & Interface
Editing Text & formatiing
Paragraphs, Layout & Styles
Inserting and Managing Objects (Images, Tables, Shapes and More
Proofing, Printing and Finalising Documents
Mail Merge
End of module Quiz
Spreadsheets
0/9
Spreadsheet Basics
Data Entry & Data Types
Formulas & Calculation Rules
Functions (SUM, AVERAGE, MIN, MAX, COUNT)
Formatting & Data Presentation
Charts & Data Visualisation
Sorting, Filtering & Data Tools
Printing, Page Setups & Final Tasks
End of Module Test
Presentations
0/8
Introduction to Presentations & The Interface
Working with Slides, Layouts & Sections
Adding Text, Images & Multimedia
Tables, Charts & Visual Elements
Transitions & Animations
Delivering Presentations & Presenter Tools
Reviewing, Proofing & Final Checks
End of module test
Teamwork
0/7
Introduction to Teamwork & Online Collaboration
Communication Tools for Teamwork
Collaborative Documents & File Sharing
Task Management & Project Tools
Online Meetings, Screen Sharing & Collaboration Etiquette
Team Roles, Best Practices & Remote Working
End of module test
ICDL Complete Course

Module 2 – IT Security

Lesson 5 – Communications and Secure Data Management

Secure communication and good data management are essential for protecting personal and organisational information. This lesson covers safe email and messaging practices, file transfer security, backups, encryption, retention, disposal and data protection principles — with short checks and mini-tasks to apply what you learn as you go.

1. Safe communication methods

1.1 Email security

Email is widely used but often targeted by attackers, so it needs extra care.

  • Avoid sending sensitive or confidential information unencrypted.
  • Verify email addresses before sending attachments or personal data.
  • Check attachments before opening to avoid malware.
  • Watch for phishing attempts or unexpected emails.
  • Use two-factor authentication (2FA) for email accounts.
  • Use secure email features when available, such as S/MIME or PGP encryption.

Quick check – email safety

  • Would you email unencrypted payslips to staff? Why / why not?
  • What’s one sign that an email attachment might not be safe?
Suggested answers (click to reveal)
  • No – payslips contain sensitive personal and financial data and should be encrypted or sent via a secure portal.
  • Attachments from unknown senders, unexpected attachments, or files with unusual extensions (like .exe) can be risky.

1.2 Digital signatures

Digital signatures help verify the sender and ensure a message has not been altered.

  • Confirm the identity of the sender.
  • Detect if a message has been tampered with in transit.
  • Provide stronger trust for business and legal communication.

Think about it

Why might a company require digital signatures for contracts instead of accepting plain emailed documents?

Show explanation

Digital signatures provide proof of origin and integrity, making it harder to forge or alter contracts without detection.

1.3 Instant messaging

Instant messaging (IM) is fast and convenient but may not always be secure.

  • Use trusted apps such as Teams, WhatsApp or Signal.
  • Enable end-to-end encryption where possible.
  • Avoid sending confidential files over unsecured apps.
  • Remember that messages may be stored on cloud servers.

Mini-scenario

Your colleague sends a confidential file in a casual chat app that doesn’t support end-to-end encryption. What would be a better approach?

Suggested answer

Use a secure, approved channel such as an encrypted file-sharing system, or a company messaging platform with end-to-end encryption.

1.4 Video conferencing

Video calls often involve sharing screens and documents, so access must be controlled.

  • Use meeting passwords or waiting rooms to control access.
  • Avoid posting meeting links publicly.
  • Verify participants before screen sharing.
  • Disable recording unless necessary and store recordings securely.

Try it now (on your platform)

  • Open Zoom / Teams / Meet and find where to:
    • Enable a waiting room or lobby.
    • Require a meeting password.

1.5 Transferring files safely

  • Scan USB drives with antivirus before opening files.
  • Avoid using unknown or “found” USB devices.
  • Use encrypted USB drives for confidential data.
  • Use secure file-sharing services (with encryption and access control) for sensitive files.

Quick decision check

You find a USB drive in a meeting room. Do you:

  1. Plug it into your computer to see what’s on it?
  2. Give it to IT or follow your organisation’s lost property / security procedure?
Best practice

Choose option 2 – unknown USB devices can contain malware and should be handled by IT or according to policy.

2. Secure data management

2.1 Data backup

Backups protect against data loss from hardware failure, mistakes, or attacks (like ransomware).

  • Back up important files regularly.
  • Use external drives, network locations or cloud storage.
  • Test your backups to ensure files can be restored.
  • Follow the 3-2-1 rule:
    • 3 copies of your data,
    • 2 different storage types,
    • 1 copy stored off-site.

Mini task – your backup plan

  • List:
    • One folder on your device that you cannot afford to lose.
    • Where it is currently backed up (if at all).
    • One improvement you could make to match the 3-2-1 rule.

2.2 Risks of cloud storage

Cloud storage is convenient but comes with risks.

  • Data is stored on remote servers outside your direct control.
  • Account security relies on strong passwords and 2FA.
  • You must trust the provider’s security, privacy policy and location of data.

Think & reflect

Write down one advantage and one risk of using cloud storage for your personal files.

2.3 Data encryption

Encryption protects data if a device or storage medium is lost or stolen.

  • Encrypt files or drives to prevent unauthorised access.
  • Use device encryption such as BitLocker (Windows) or FileVault (macOS).
  • Encrypt USB drives and portable devices.
  • Encrypt files stored in the cloud where possible.
Check your understanding – question

If an unencrypted laptop with customer data is stolen, what could happen that would be less likely with full-disk encryption enabled?

Show answer

The thief could access the customer data directly from the drive. With strong full-disk encryption, the data should be unreadable without the password or key.

2.4 File permissions and access control

  • Restrict who can read, edit or delete sensitive files.
  • Use passwords or access control lists on important documents and folders.
  • Share folders only with people who need access (“least privilege”).
  • Remove access rights when staff change roles or leave.

Try it – quick permissions review

  • Pick one shared folder you use (at work or in the cloud).
  • Check who currently has access.
  • Ask: “Does every person still need access to all of this?”

2.5 Data retention

  • Keep data only for as long as it is needed.
  • Review old files and archives regularly.
  • Stop storing outdated or unnecessary personal data to reduce risk.

2.6 Secure disposal

  • Shred paper documents containing personal or confidential information.
  • Use secure deletion tools (overwrite / wipe) to remove files from storage devices.
  • Factory reset phones and tablets before disposal or resale.
  • Physically destroy old hard drives or SSDs if they contain highly sensitive data.

Quick check – which method?

  • Old printed customer list → Shred.
  • Obsolete hard drive from HR server → Secure wipe or physical destruction.
  • Personal phone before selling → Backup then factory reset.

3. Data protection principles

Good data protection supports both security and legal compliance (e.g. GDPR).

  • Collect only the information needed for the task (“data minimisation”).
  • Keep information accurate and up to date.
  • Protect information from unauthorised access or disclosure.
  • Ensure data is stored securely and backed up appropriately.
  • Delete or anonymise information safely when no longer needed.

Reflection question

Think of one form you’ve filled in recently (online or on paper). Did it ask for more information than seemed necessary? What data could have been left out?

4. Practical activity

Try to complete these tasks on your own device (or a training machine):

  • Back up one important folder to cloud storage or an external drive.
  • Encrypt a file or check whether device encryption (BitLocker/FileVault) is turned on.
  • Clean up – delete or archive old, unnecessary files from your device.
  • Enable 2FA on an email or cloud account you use.
  • Write three secure communication habits, such as:
    • “I will always check email addresses carefully before sending sensitive documents.”
    • “I will avoid sending passwords or bank details over unencrypted channels.”
    • “I will verify unusual requests using a separate, trusted contact method.”

::contentReference[oaicite:0]{index=0}

Previous
Next