Home // CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems // View article
Authors:
Tai Durojaiye
Konstantinos Mersinas
Dawn Watling
Keywords: Cyber security culture; Higher Education Institutions (HEIs); security behaviour; communication; phishing; training.
Abstract:
The education sector is considered to have the poorest security culture score amongst many sectors. Human aspects of cyber security including cyber security culture which have often been overlooked in the study of cyber security have not been fully explored in Higher Education Institutions (HEIs). The lack of understanding of cyber security culture, unclear definition of the concept and guidance on how to measure and foster it, are challenges HEIs face. To address this lack of knowledge and understanding, we explore the factors that influence people's view of cyber security culture in UK HEIs. We interviewed senior HEI leaders, academics, professional services staff, and students (19 participants in total) in three UK universities of similar characteristics. We find that communication necessary to influence security culture in HEIs is lacking. There is lack of policies/frameworks in place to guide user behaviour. We also observe that IT expectations are not well defined, and phishing exercises create problems between the IT team and users. There is no onboarding security training and awareness for students which make up the largest percentage of the HEI populace. We recommend that senior HEI leaders invest in training and awareness programmes for IT staff and other users, focusing on communication, engagement, collaboration, and social engineering. We also recommend that senior HEI leaders prioritise the creation and implementation of a cyber security strategy, on which policies and other security efforts could be based. The adoption of these recommendations could influence the mindsets of users towards engaging in safe cyber security behaviours and by doing so improving the culture of security in HEIs.
Pages: 32 to 42
Copyright: Copyright (c) IARIA, 2021
Publication date: October 3, 2021
Published in: conference
ISSN: 2519-8599
ISBN: 978-1-61208-893-8
Location: Barcelona, Spain
Dates: from October 3, 2021 to October 7, 2021