Security education: The challenge beyond the classroom
Faculty of Health, Engineering and Science
ECU Security Research Institute
While it is easy to identify formal security education efforts directed towards professional programmes and academic curricula, it is arguable that the far larger population of end-users rarely benefit from such focused consideration. The paper discusses the nature of the challenge and presents survey evidence to illustrate that users are not coping with the technologies that they are expected to interact with, even when the threats concerned are relatively long-standing. Specific results are presented to show the persistence of bad practice with passwords, alongside the difference that can result if more effort were to be made to promote related guidance. Further evidence is then presented around end-user practices in relation to malware protection, suggesting that their limited understanding of the threats often leads to them protecting some devices but overlooking others. The discussion then concludes by recommending more proactive approach when targeting the end-users who may otherwise be unaware of their risks.