Established Students Survey, Security Practices and Behavior Behavior

The last section of survey findings dealt with user’s security practices and behaviors.

The next question tried to identify what type of protection was preferred by students in order to protect their computer and electronic data (Figure 26). The question presented a list of common information security procedures and more than one answer choices could be selected.

Figure 26: Do you have any of the following in place in order to protect your data and electronic data?

Similarly as with previous questions allowing more than one answer, also in this case all answers could be arguably selected as valid answers. Instead a small percentage from both groups have chosen to do so. More specifically, only 10

0.0% 20.0% 40.0% 60.0% 80.0% 100.0%

Antivirus

out of 61 of the freshmen students have chosen all options as methods used to protect their data. In the case of seniors a slightly better (22 out of 92 participants) but still low number is observed.

The use of antivirus software is considered the most popular option among freshmen and seniors with almost no variations at all. Same applies for the use of firewall and regular software updates, as the second and third most popular choices. In the case of freshmen, those who choose antivirus as a mean of protection, almost 83% of them decide to complement it with a firewall for extra protection. The same applies also in the case of seniors. Although in the case of freshmen, the choice of good password is not among the most common choices (same applies with the use of regular backups), seniors seem significantly more aware that the choice of good password greatly improves security measures.

When comparing data according to employment status, it seems that employment does not have a significant effect in the choice security measures for both freshmen and seniors. The only serious deviation to this rule is the case of choosing good passwords since it seems that employed students tend to choose them as a method of protecting data in notably higher numbers than unemployed ones.

It is worth at this point to attempt a comparison between the figures of this survey and the figures observed on the new entrants group at the previous survey. It seems that for both survey groups the use of antivirus software receives equal popularity. In all other cases, it seems that established students report a higher number of protection measures in place as compared with new entrants.

Moreover, it can be mentioned that as students’ progress in their academic life, the number of available protection measures increase.

Talking about passwords, the survey examined whether participants use the same password for all services that need a password. The results varied significantly between freshmen and seniors since freshmen reported that they use the same password form all services that need a password by 37%. In the case of seniors this percentage is only 10%.

Since password usage is strongly associated with information security precautions, similarly as with the previous survey, additional questions were asked in regards to habits concerning choosing and revealing passwords. At first participants were asked whether they felt comfortable revealing their password if requested to do so. A definite “Yes” or “No” answer was required.

Answering “Yes” to this question does not mean that they would always engage themselves in such behavior but that rather they feel comfortable doing it under specific circumstances. Only eight of the participants responded “Yes”, and from those the most dominant option was the network administrator. A couple of students reported that they would feel comfortable to reveal their password to a fellow student. Responses were equally balanced in term of student status and employment.

The following question continued the examination of password usage as a method of security attack prevention. In this case, the users are presented with a list of choices and they are asked to choose which of these were acceptable and safe to choose as their password.

Student status Freshmen Seniors

My college ID number 8.2% 5.4%

My name 0.0% 0.0%

Something that I easily remember 24.6% 18.5%

A combination of letters in upper and lower case, digits and special characters that have a special

meaning for me 80.3% 75.0%

My birthday 4.9% 0.0%

None of the above 3.3% 12.0%

Table 19: Which of the following password would you feel are acceptable and safe to choose as your password?

Between 75% and 80% of the respondents would choose a combination of letters and digits in upper and lower case which represents a fairly safe choice and is actually very close to the definition of what constitutes a strong password. At the same time, 19% of the seniors and 25% of freshmen would choose as a password something that they can easily remember. This can constitute an insecure habit if extra care is not taken so as to make sure that something easily remembered by the user is not at the same time weak and easy for others to guess.

The use of email has been identified in this and in the previous survey as the most popular Internet application. This survey continuous further this examination by identifying and examining security habits of participants concerning e-mail attachments. Similarly as previously concerning password usage, a general question is asked about whether students generally open email attachments and again a definite “Yes” or “No” answer was required. Again, answering “Yes” to this question does not mean that participants would always open email attachments but that rather they feel comfortable doing it under specific circumstances. For those that chose “Yes” an additional question was revealed asking them to identify under which circumstances they would open an email

Concerning the definite Yes/No option, the opinion of respondents between Freshmen (45%) and seniors (52%) appears equally balanced on whether they generally open email attachments. Concerning the circumstances under which they would open an email attachment, the participants were able to select more than one option and also an “Other option was available for those that wanted to choose an option different from the ones presented. In case of freshmen students a 48% have chosen the “correct” answer (if the e-mail successfully passes the security checks of my computer), while a 44% of seniors have chosen this option.

At the same time, a significant number of students have also selected the other two options.

In which case would you open the file

attachment? Freshmen Seniors

If the mail originates from a person that I know. 77.8% 87.5%

If the mail originates from an authority (e.g.

university, government, my bank) that I know. 63.0% 54.2%

If the mail successfully passes the security checks

of my computer. 48.1% 43.8%

Always 0.0% 0.0%

Table 20: E-mail attachments behavior

This is another example of a question where all options could be selected. The only difference with similar multiple answer allowed questions in this survey is that only one answer is correct while the others although obvious and common choices can be considered as insecure behavior. In this case we examine whether students that have selected the “correct” option, have also chosen the

“incorrect” ones. In the case of freshmen, a 30% of respondents have chosen the

“correct” answer alone with no other selections. In the case of seniors this percentage drops to 24%.

Student

If the mail originates from an authority (eg. university, government, my bank) that I

know.

Table 21: E-mail attachments behavior, comparison of options selected

As it can be seen from the table above, although the “correct” option has been selected, significant percentages of respondents would also choose options that may be usually the subject to an attack. It is worth mentioning here that in the case of seniors their security habits concerning email attachments do not change significantly according to employment status. On the other hand in the case of freshmen it seems that a much higher percentage of those who are unemployed choose the correct answer (61%) as compared with those that chose it and are employed (22%).

Considering the proliferation of social networks in our everyday lives, the last question in this section dealt with respondents’ habits when visiting a social networking habits. The options that could be chosen represent a brief summary on the most secure procedures that have to be taken into consideration when dealing with social networking sites and respondents could multiple answers.

Social networking security habits Freshmen Seniors Disclose very few details about yourself and only with

people you trust. 77.0% 75.0%

Don’t accept invitations and offers from people you

do not know and trust. 72.1% 78.3%

Avoid installing programs and plugins that are not

verified. 70.5% 85.9%

Check privacy settings and read the policy that

governs the degree of sharing personal information. 57.4% 72.8%

Table 22: Answers to the question ‘Which of the following do you consider a good

Although all options are of major importance when dealing with social networking sites, only a 42% of the freshmen and a 56% of seniors have chosen all options as important security precautions when visiting a social networking site. At the same time, as it can be seen from the table above, the option that receives the least popularity by both student groups is the one that deals with privacy settings and policies of social networking sites.

4.7 Established students survey, Results Summary and