Accounting for the human factors in cyber education

Human users are generally the main target for socially engineered cyber attacks, phishing scams, and data leaks. Thus, several human factors may raise or diminish the likelihood of being the victim of a cyberattack, hack, or data breach.

Cyber hygiene involves establishing and maintaining crucial cyber health behaviours. Routinely changing passwords and avoiding recycled passwords, updating virus protection software, storing online information safely are some examples of effective and “healthy” practices. Cyber hygiene is undoubtedly essential in maintaining cybersecurity, but it is not necessarily synonymous with cybersecurity. Cybersecurity is the measurement of behaviours taken to maintain security and remain defensive toward cyberattacks. In contrast, cyber hygiene is related to knowledge about online security and the practices associated with increasing cybersecurity.

Cyber education is currently under preparing graduates in terms of considering the human factors associated with breaches to cybersecurity. Several computer sciences, information systems, and cybersecurity courses do not contain content explicitly addressing the weaknesses related to users. Moreover, at many institutions, specific coursework related to human cognition and human behaviour is not required of computer science or information systems majors, which is problematic given a human user will ultimately be a huge part of the computer-based product.

In this article, the authors set to understand the human factors that may impact cyber hygiene, and use these findings to discuss individual differences in cyber hygiene in information science course curricula. More specifically, the authors seek to understand the role of cybersecurity knowledge, motivation,  self-efficacy, and demographics.

One hundred and seventy-three graduate and undergraduate students were surveyed for this study.

Several factors were predictive of cyber hygiene knowledge, attitudes, and behaviours. For both men and women, Internet use, information handling, and social media use were predictive of cyber hygiene-related knowledge. Similarly, information handling, social media use, password management, mobile device use, and email use were predictive of attitudes toward cyber hygiene. Information handling, incident reporting, password management, email use, and Internet use were predictive of cyber hygiene behaviours.

Some unique factors emerged between men and women. Computer self-efficacy was predictive of men’s cyber hygiene knowledge, but not for women. Intrinsic motivation was significant in predicting women’s attitudes toward cyber hygiene, but trust in technology and computer self- efficacy were important for predicting men’s attitudes toward cyber hygiene. Academic major was predictive of the cyber hygiene behaviours in which women engage. However, trust in technology was predictive of the cyber hygiene behaviours in which men engaged.

To cite: Neigel, A. r., Claypoole, V. L., Waldfogle, G. E., Acharya, S. and Hancock, G. M. (2020). Holistic cyber hygiene education: Accounting for the human factors. Computers & Security, 92.