Skip to main content

Volunteering at Scouts is changing to help us reach more young people

Volunteering is changing to help us reach more young people

Volunteering is changing at Scouts. Read more

Discover what this means

Try a cyber-security quiz

Crack some codes to learn about cyber security.

Back to Activities

You’ll need

  • Pens or pencils
Cyber Quiz Questions And Answers
PDF – 794.6KB
Download Cyber Quiz Questions And Answers
Cyber Quiz Code Key With Letters
PDF – 242.4KB
Download Cyber Quiz Code Key With Letters
Cyber Quiz Code Key Without Letters
PDF – 283.0KB
Download Cyber Quiz Code Key Without Letters

Before you begin 

  • Use the safety checklist to help you plan and risk assess your activity. There's also more guidance to help you carry out your risk assessment, including examples.   
  • Make sure all young people and adults involved in the activity know how to take part safely.
  • Make sure you’ll have enough adult helpers. You may need some parents and carers to help. 

Planning and setting up this activity 

  • If unsure about cyber security knowledge, you can use the National Cyber Security Centre (NCSC) resources and improve your skills before running the activity. 
  • Make sure you have printed or written copy of the codes, questions and code breaker guide for each team. 
  • Use a strong and different password for your email: Combining 3 random words that each mean something to you is a great way to create a password that is easy to remember but hard to crack. You should use a different password for each of your accounts, particularly your email account.
  • Consider using a Password Manager: A password manager can store all your passwords securely, so you don’t have to worry about remembering them, helping you to use strong, separate passwords for all your important accounts.
  • Enable Two-Step Verification (2SV): Aim to use Two-Step Verification (2SV) wherever possible. This can involve entering a code that’s sent to your phone or email, as well as your password. It’s often also known as Two-Factor Authentication or Multi-Factor Authentication (MFA).
  • Keep software regularly updated: Regularly update your operating system, apps and antivirus software to protect against the latest threats. Cybercriminals, often known as hackers, make use of and benefit from weaknesses in outdated software to steal information. 
  • Look out for phishing and scams: For emails, messages or texts, always avoid using suspicious links or downloading attachments from unknown sources. Phishing emails, messages and texts often look legitimate, but their aim is to steal your information. They often use suspicious URL’s or email addresses, use bad spelling and have bad formatting.
  • Back up data regularly: Always back up your most important files stored in a secure location, such as on an external hard drive or in cloud storage. This helps to protect you from data loss if there’s malicious software (such as viruses, worms, spyware) or hardware failures.
  • Educate others: Make sure you stay informed about the latest cybersecurity threats and how to protect yourselves from them. It's always good to tell your friends, family and loved ones about them too.  
  1. What software protects your device from viruses? Antivirus
    1. Microsoft and Apple tend to have free antivirus programs installed, so if you turn these on you will be more secure.
    2. Make sure that antivirus is set up to apply updates automatically to keep you safe.
    3. You don’t need antivirus on a phone or tablet – but you should set up your apps and device to apply updates automatically. And always download apps from official stores like Apple App store and google play. 
  2. What do we call nasty software used for hacking purposes? Malware
    1. Malware is code that can harm your device and the data on it.
    2. Your devices can become infected if you accidentally download malware from an attachment in an email, visiting a dodgy website or plugging in an infected USB.
    3. Be careful what links you click on in emails and check if the email seems OK. If it’s offering for something too good to be true, it probably is!  
  3. What’s another name for two-step verification? Multi-Factor Authentication (MFA)
    1. This adds a layer of protection to your accounts– when you set up 2SV, you will be sent a PIN or code, often by SMS or email. (Whichever you provided details for) You then need to enter that PIN into the website to prove that it is really you.
    2. Another form of 2SV is fingerprint identification or face scan.
    3. It takes a few minutes to set up 2SV, and many websites will ask you to do this when you set up an account, or at least provide you with the option.
    4. If you clicked on a dodgy link and have 2SV set up, you would be notified that someone was trying to gain access to your account and be able to stop it, as you would have the PIN, email or fingerprint required as the final layer of protection before accessing your account.
    5. 2-factor authentication is also another phrase used for 2SV and MFA.
  4. What do you call the attempt to gather personal information from a person in a fraudulent way, normally through emails? Phishing
    1. Phishing is one of the most common ways for hackers to access your accounts. What do we need to look out for in emails to make sure we are not a victim of phishing? What did we learn from the phishing activity?
    2. Urgency – is there a deadline on the message? Does something need to be done urgently?
    3. Emotion – does the text make you feel stressed? Fearful? Panicked? Many hackers will try and create some kind of emotion to make you more likely to click on the link at the bottom of a text message
    4. Authority – has it come from someone official? Post office, bank, doctors, hospital etc. Hackers believe that the more official a message seems, the more likely they can trick you to click on a link/reply/give out personal information.
    5. Scarcity – is the message offering something in short supply? Concert tickets, discounted headphones? Does the text make you feel like you are missing out on a good deal if you don’t respond quickly?
    6. Current events – are you expecting to see an email like this? Maybe an email from school saying you missed a deadline for coursework, or a link to a form for a sporting event.
    7. Bad grammar, bad spelling and an unusual number could be the sign of a fake text.
  5. What’s installed automatically to keep your device secure? Updates
    1. Remember to install automatic updates to your devices.
  6. What should you only download from official stores, such as Google Play? Apps
    1. Keep all apps up-to-date whenever an update becomes available. It is one of the quickest things to keep you secure online.
    2. Usually these will take some time and may require reliable Wi-Fi to complete so bear this in mind.
  7. What’s the risk of using an old, unsupported device? Vulnerability
    1. The NCSC recommends that you replace any unsupported device so your device is not vulnerable to a cyber attack. It does not need to be brand new, but it is important to keep patching your device to keep it secure.
  8. What do software updates contain to keep your devices secure? Patches
    1. Patches are security updates, which are crucial for devices to remain secure throughout their lifespan. It’s common for manufacturers to find vulnerabilities or issues over time, so they release these patches, or security updates, to fix them and keep you secure online.
  9. What’s the act of stealing personal information and pretending to be someone else known as? Identity theft
    1. One of the many reasons we need to be careful about how much personal information we have online. Once it is out there, there is no getting it back and people may steal it to use without your consent.
  10. What's it called when someone sends you fake mobile text messages to trick you into downloading malware, sharing sensitive information or sending money to cyber criminals? Smishing 
    1. The term smishing comes from a combination of ‘SMS’ and ‘Phishing’.
    2. So how do you spot a smishing text? Look for the same signs as phishing such as urgency, emotion, and bad grammar.
    3. What do you do if you receive a smishing email? You can forward the email to 7726 which reports the message as a fake. You can also contact an organisation directly (not using the information in the text) to check on the information. If you fear it’s too good to be true, it probably is.

Running this activity 

  1. Gather everyone together and explain that you’re going to be practising code breaking. You’ll be finding out the answers to questions by working out a secret code. Some cyber-criminals, also known as hackers, often break codes or use computer programmes to help them break codes to find out information, such as passwords, or to access computer systems to gain information.
  2. Ask if anyone has tried code breaking or using secret codes to send messages before. For younger groups, you may need to explain the code that you’re using. For older groups, you could see if they can name any types of code or ask if anyone has tried computer coding before.
  3. Ask everyone to get into teams, then give each team a copy of the quiz questions sheet (but without answers) and a copy of the answers written in code.
  4. Now, give the teams time to crack the code and work out the answers. Teams should try to use the answers to the questions they know to help them work out the code. Depending on the age and ability of the group, you could give them the code sheet without letters first, then provide the version with letters if people are struggling. You could also let people try work out the code from answers they know and not provide a key code.
  5. When everyone’s ready, gather back together and go through the answers. You could give a prize or congratulate the team(s) who scored the most points, but also reward any teams who communicated well, worked together well or supported each other.  

Let us know how it went: 

Our supporter, the National Cyber Security Centre (NCSC), is keen to know how much you have learned about cyber security. If you’re happy to take part in their review, please ask your group these questions and send their answers to the NCSC using our Microsoft form. 

You’re going to read out a set of statements and everyone must decide if they Agree, Disagree or are Unsure. You could do this in lots of ways. You could use a thumbs up, thumbs down and thumbs in the middle. You could go round in a circle and ask people to say their answer, or you could set up three labelled areas for people to move between to show their answer. You will then report what the majority of the group answered. 

You may wish to run this before and after the activity to see what people have learned during the session.

Reflection

This activity was all about solving problems and learning about cyber security. Did you know any of the answers? Which question was the easiest and why? Which one was the hardest? Did you learn anything new? What’s one thing you’ve learned that you’d tell someone else? 

You also had to crack the code to find out the answers. How did you solve the code? Did you have a plan? When you started to get some of the answers, did it make it harder or easier to crack the code? What does this tell us about the passwords we should use? If someone cracks one of our passwords, they may be able to easily crack other passwords if we use the same or similar ones. 

You had to work together as a team. How did you find working as a team? Did you take on different roles? How did you use your skills to help the team? You needed to communicate and listen to each other too. How did you make sure everyone had chance to speak or had a turn at trying to answer the questions? Did anyone help lead the team or make sure everyone was treated fairly?  

You may have made a couple of mistakes when answering the questions or when cracking the code and that’s OK. If anything went wrong, or you were unsure of a question, what happened and how did you solve the problem? Did you have to go back and try again at any point? 

Safety

All activities must be safely managed. You must complete a thorough risk assessment and take appropriate steps to reduce risk. Use the safety checklist to help you plan and risk assess your activity. Always get approval for the activity, and have suitable supervision and an InTouch process.

  • If anyone needs help or struggles with fine motor skills, give them the opportunity to work in pairs, with a young leader or an adult volunteer. 
  • People who struggle with making choices could find all the options a bit overwhelming, so they might need extra support or to work with a young leader/volunteer. 

All Scout activities should be inclusive and accessible.

Digital Citizen Stage 1

If you enjoyed this activity, check out our others on cyber security or encourage the young people to check out the fun resources from the National Cyber Security Centre such as Cyber Sprinters - the award-winning interactive online security resources for 7-11 year olds. Or Cyber Navigators - all about how to stay secure online, it's an interactive online security resources for 11–14 year olds.

Young people could use the code to write other messages, or they could write their own quiz questions and coded answers.