Digital Privacy and Personal Cybersecurity
The Digital Privacy and Personal Cybersecurity course equips everyday users with practical skills to protect their accounts, devices, and identity online—covering passwords, two-factor authentication, phishing defense, safe browsing, data broker opt-outs, identity theft response, and family digital safety.
Who Should Take This
It is ideal for anyone who wants to significantly reduce their personal cyber risk without needing a technical background. Learners will come away with a prioritized action list, concrete steps they can take immediately, and the judgment to recognize and respond to the most common digital threats facing individuals and families.
What's Included in AccelaStudy® AI
Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
13 Activity Formats
Course Outline
1Passwords and Authentication 7 topics
Describe the characteristics of a strong password, including sufficient length, use of mixed character types, avoidance of dictionary words and personal information, and uniqueness per account
Explain why reusing passwords across multiple accounts creates catastrophic exposure risk when any single service is breached, using the concept of credential stuffing attacks
Apply a password manager (such as Bitwarden, 1Password, or Apple Keychain) to generate, store, and auto-fill strong unique passwords across all accounts without memorizing them
Apply two-factor authentication (2FA) to a high-value account using an authenticator app, explaining the difference between app-based TOTP codes, SMS codes, and hardware security keys
Identify the relative security of different 2FA methods, ranking SMS codes, authenticator apps, push-based approvals, and hardware keys from weakest to strongest and explaining why each level differs
Apply a breach check (using Have I Been Pwned or similar services) to determine whether your email addresses or passwords have appeared in publicly known data breaches and take remediation action
Analyze the tradeoffs between biometric authentication (fingerprint, face ID), PINs, and passwords as primary device unlock methods, considering both security and convenience for different use cases
2Phishing and Social Engineering 8 topics
Describe what phishing is, including email phishing, smishing (SMS), vishing (voice), and spear-phishing, explaining how each attack type attempts to trick a target into revealing credentials or installing malware
Apply red-flag detection techniques to identify phishing emails, including scrutinizing sender addresses, hovering over links before clicking, checking for urgent or fear-based language, and noticing grammatical errors or mismatched branding
Describe social engineering tactics beyond phishing, including pretexting (inventing a false scenario), baiting (leaving infected drives), quid pro quo (offering help in exchange for access), and tailgating into secure spaces
Apply a verification workflow before acting on any unsolicited request for credentials, payments, or sensitive data, including calling back on a known number and never clicking links in suspicious messages
Analyze why AI-generated phishing is increasingly difficult to detect compared to older campaigns, including hyper-personalized spear-phishing using leaked personal data and near-perfect grammar and branding
Apply safe link inspection practices including using a URL expander, checking domain spelling, looking for HTTPS, and navigating directly to the official website rather than following a link in an unexpected message
Apply reporting procedures when you receive or click on a phishing message, including reporting to your email provider, your IT department if applicable, the Anti-Phishing Working Group (reportphishing@apwg.org), and notifying affected institutions if credentials were compromised
Identify the psychological manipulation tactics used in social engineering, including authority (impersonating executives or IT), urgency (act now or lose access), scarcity, fear (your account is suspended), and social proof (your colleague did this), and explain how awareness reduces susceptibility
3Safe Browsing and Network Security 8 topics
Explain what HTTPS means, including that it encrypts data in transit between your browser and the website, and identify the padlock icon and how to inspect a site's certificate in common browsers
Describe the specific risks of using unencrypted public Wi-Fi networks, including man-in-the-middle attacks, network sniffing, and rogue hotspots, and explain which activities are dangerous on public Wi-Fi
Apply a VPN appropriately, including understanding what a VPN does and does not protect you from, selecting a trustworthy provider, and recognizing scenarios where a VPN adds meaningful security versus minimal benefit
Apply browser privacy settings to reduce tracking, including enabling enhanced tracking protection, managing cookies and site permissions, understanding private/incognito mode limitations, and using privacy-focused browsers or extensions
Identify the security benefits of keeping browsers, operating systems, and apps fully updated, including patching known vulnerabilities exploited by malware and attacker toolkits
Analyze the privacy tradeoffs between convenience-focused browser behaviors (saved passwords, synced history, autofill) and the risk of browser profile theft or cross-device data exposure
Apply DNS-over-HTTPS or a privacy-respecting DNS resolver (Cloudflare 1.1.1.1, NextDNS) to prevent your ISP from seeing your browsing history, and explain what DNS is and why it leaks browsing data on standard connections
Identify the risks of browser extensions and explain best practices for managing them, including granting permissions only to extensions from trusted developers, auditing installed extensions regularly, and removing ones that are no longer maintained
4Device Security 7 topics
Apply essential mobile device security settings, including enabling full-disk encryption, setting a strong screen lock PIN or passphrase, enabling remote wipe, and disabling lock screen notification previews
Apply a backup strategy for personal devices using both local (encrypted backup to a computer) and cloud backup options, explaining why regular backups protect against ransomware and device loss
Apply app permission management on iOS and Android to audit and revoke unnecessary permissions (location, microphone, camera, contacts) from installed apps, explaining the risk of over-permissioned apps
Identify warning signs that a device may be compromised, including unusual battery drain, unexpected data usage, apps running in the background, or new apps not installed by the user
Analyze the security implications of using personal devices for work (BYOD), including how mixing personal and work data increases both personal privacy risk and organizational security risk
Apply secure disposal practices when replacing a phone, laptop, or tablet, including performing a factory reset, removing SIM and storage cards, signing out of all accounts, and verifying that sensitive data cannot be recovered from the device before resale or recycling
Apply smart home and IoT device security practices, including changing default router passwords, disabling UPnP, placing IoT devices on a separate network segment (guest Wi-Fi), and keeping device firmware updated to patch vulnerabilities
5Platform Privacy Settings 7 topics
Apply privacy settings on major social media platforms (Facebook/Meta, Instagram, X/Twitter) to limit who can see your posts, search for your profile, tag you, and access your data for advertising
Apply privacy settings on major device ecosystems (Google Account, Apple ID) to control location history, ad personalization, app activity tracking, and cross-device data sharing
Describe what data brokers are, how they aggregate personal information from public records, purchase histories, and app data, and explain the business model that makes this data commercially valuable
Apply data broker opt-out processes to remove personal information from major aggregators such as Spokeo, Whitepages, BeenVerified, and similar services, using manual opt-out forms or a removal service
Analyze the long-term privacy implications of granting social login (Sign in with Google, Sign in with Apple) to third-party apps, including what data is shared and how to audit and revoke these connections
Apply email privacy practices including using a unique email alias per service (via Apple Hide My Email or SimpleLogin), recognizing that marketing emails track opens and link clicks, and using email providers with strong privacy policies such as ProtonMail
Analyze the privacy tradeoffs of free consumer services such as Gmail, Google Search, and Facebook, explaining the data collection model that funds these services and how to use privacy-protective alternatives when the tradeoff is unacceptable
6Identity Theft and Financial Protection 6 topics
Describe common forms of identity theft, including account takeover, new account fraud, tax fraud, and synthetic identity fraud, and explain the financial and legal consequences victims typically face
Apply a credit freeze at all three major US bureaus (Equifax, Experian, TransUnion) as the single most effective preventive measure against new account fraud, explaining how to lift and re-freeze as needed
Apply a step-by-step identity theft response process, including placing fraud alerts, filing an FTC report at IdentityTheft.gov, disputing fraudulent accounts, and notifying affected institutions
Apply proactive financial monitoring practices including setting up bank and credit card transaction alerts, regularly reviewing credit reports via AnnualCreditReport.com, and enabling fraud protection features
Analyze the relative effectiveness of identity theft protection services versus self-monitoring, explaining what paid services do and do not provide and when they may be worth the cost
Apply safe practices for protecting your Social Security Number and government-issued IDs, including limiting who you share them with, shredding documents containing SSNs, and recognizing SSN scam requests
7Secure Messaging and Communications 5 topics
Explain what end-to-end encryption means in messaging apps, including that only sender and recipient can read the message and why this protects against interception by the service provider or network observers
Compare the privacy properties of major messaging apps (Signal, WhatsApp, iMessage, Telegram, standard SMS) in terms of end-to-end encryption, metadata collection, cloud backup encryption, and open-source audibility
Apply secure messaging best practices including enabling disappearing messages for sensitive conversations, verifying safety numbers with trusted contacts, and understanding that cloud backups may not be encrypted
Analyze the security risks of email as a communication medium compared to end-to-end encrypted messengers, including why email should not be used for highly sensitive information without additional encryption
Apply awareness of metadata privacy to messaging and calls, explaining what metadata reveals (who you talk to, when, and how often) even when message content is encrypted
8Kids and Family Digital Safety 5 topics
Describe the unique online risks that children face, including online predators, cyberbullying, exposure to inappropriate content, in-app purchases, and the long-term consequences of oversharing personally identifiable information
Apply parental controls available on iOS Screen Time, Android Family Link, and gaming platforms (PlayStation, Xbox, Nintendo) to set age-appropriate content filters, app restrictions, and screen time limits
Apply age-appropriate conversations with children about online privacy, including not sharing their real name, school, location, or photos with strangers, and the importance of telling a trusted adult about uncomfortable online interactions
Analyze the privacy implications of apps, games, and platforms marketed to children, including COPPA protections in the US, how to evaluate a child app's data collection practices, and the risks of toys with internet connectivity
Apply strategies to respond to cyberbullying, including documenting incidents with screenshots, using in-platform reporting tools, contacting school administrators when appropriate, and supporting the affected child
9Security Mindset and Resilience 7 topics
Describe the principle of least privilege and apply it to personal digital life by granting apps, services, and contacts only the minimum access they need to function
Apply a healthy skepticism mindset to unsolicited digital communications, unexpected requests for personal information, and too-good-to-be-true offers, regardless of how official they appear
Apply a personal digital security audit checklist at least annually, covering password manager health, 2FA coverage, software update status, backup verification, and app permission review
Analyze the risk landscape for an average individual, distinguishing between highly likely low-sophistication attacks (phishing, credential stuffing) and rare high-sophistication attacks, to prioritize security investments wisely
Apply recovery planning for digital accounts by storing recovery codes in a password manager, setting up account recovery contacts or keys, and creating a written emergency access plan for family members
Apply the concept of security theater awareness—actions that appear to increase security without meaningfully reducing risk—to evaluate whether a security practice genuinely protects you or merely provides false reassurance
Apply community responsibility principles to digital security by sharing reliable security advice with family members, especially parents and grandparents, and recognizing that helping less tech-savvy people in your network reduces collective vulnerability
Scope
Included Topics
- Password hygiene and password manager setup, two-factor and multi-factor authentication, phishing and social engineering recognition, safe browsing practices, HTTPS and certificate basics, VPNs and their use cases, public Wi-Fi risks, device security (screen locks, encryption, backups), app permissions management, privacy settings on major platforms (iOS, Android, Google, Facebook/Meta, Apple), data brokers and opt-out processes, identity theft response steps, credit freezes, secure messaging basics, protecting children online
Not Covered
- Enterprise or organizational cybersecurity (covered in Security Awareness and CompTIA domains)
- Network infrastructure security and penetration testing
- Malware analysis, forensics, or incident response at a professional level
- Cryptography theory and protocol internals
- Security certifications and compliance frameworks (CISSP, SOC 2, etc.)
Ready to master Digital Privacy and Personal Cybersecurity?
Adaptive learning that maps your knowledge and closes your gaps.
Enroll