POST-SECONDARY EDUCATION NETWORK SECURITY: THE END USER CHALLENGE AND EVOLVING THREATS

K. Reimers1, D. Andersson2

1University of Mount Olive (UNITED STATES)
2Triton College (UNITED STATES)
In today’s increasingly digitized workplace personal computer literacy is a requirement. Individual computer security literacy is quickly becoming as important as computer application software literacy. While there is a school of thought that holds that coping with technology security issues is simply “picked up” through individual experience, current research of young adults and students indicates that 7 out of 10 frequently ignore IT policies, and 3 of 5 young adults and students believe they are not responsible for protecting information and/or hardware devices. There is a tendency to hope/expect any consequences from employee/student poor IT habits will be buffered by the organization’s Information Technology (IT) department. Post-secondary institutions have a vested interest in “biting the bullet” by assigning resources to the issue and ensuring that their students receive a minimum of personal computer security training just as they should ensure their graduates are computer literate in the use of business application software.

Familiarity with PC security and best practices is important because:
a) the students are effectively part of the institutions networks as end-users with needs that must be addressed,
b) students must be prepared for life after college; an implied and accepted part of the role of the educational institution, and
c) students are the schools “product” and represent the school to everyone they interface with after graduation.

Just as business organizations are increasingly requiring their members to undergo annual or semi-annual PC-based ethical and security awareness training, educational institutions may wish to consider emulating this for their staff, faculty and students on the topic of personal computer-end user security best practices. The authors are addressing the challenge of technology/business computer security literacy by implementing a new e-learning solution; a customized, self-paced, web-based end user digital security awareness tutorial as well as a video presentation of the same material. The learning modules acquaint students with computer security best practices. Students taking the aforementioned tutorials report finding that the benefits carry over to a virtually all other courses that require using computing technology in completing assignments, aiding the student’s engagement and retention throughout their program. In summary, students exposed to newly learned digital best practices for safety and security report applying their new knowledge to other situations and courses, enhancing their progress, engagement and retention throughout their program and increasing the probability of program completion. Building on a previous 2014 study, a survey was refined and updated to reflect the recent surge in social media and ransomware attacks.

The purpose: to study and quantify the student perception of the usefulness of an online PC security end-user tutorial. The results of this study continue to suggest that exposure to a good quality digital security tutorial positively impacts students and that these factors can positively impact student success and program completion - a key aspect of program quality. As programs come under increasing scrutiny in terms of measuring learning outcomes, completion rates, and student success, faculty may wish to consider the advantages of recurrent PC security tutorial exposure to their students.
keywords: education, information technology, organizational change, program quality, professional development, network security, workplace competencies.