Cybersecurity behaviours of the employees and students at the Estonian Academy of Security Sciences

Abstract

PurposeThe purpose of this study is to identify the most common characteristics that make Internet users at the Estonian Academy of Security Sciences (SKA) vulnerable to various threats. This includes password management habits, online banking, shopping and payment behaviours, time spent online, use of public Wi-Fi, gaming and watching movies online. Additionally, the study seeks to review the dangers users encounter and how cautious they are, such as which online activities they consider the most dangerous and which they perceive as safe.Design/methodology/approachThe data used in this paper is based on an overview of relevant literature, highlighting previous studies and methodologies and explaining why the human factor is considered the weakest link in cybersecurity. This research aims to help characterise the patrons of the SKA and make suggestions for future training and research. For this purpose, the students, administrative employees and academic staff of the SKA were investigated. A five-point scale questionnaire with 54 questions was used as the methodology of the study, considering the following four scales: risky behaviour, conservative behaviour, risk exposure behaviour and risk perception behaviour. The results are interpreted based on the literature, and data obtained from the completed questionnaires were analysed using Excel’s Data Analysis ToolPak. The results are presented mostly as tables and bar charts.FindingsThe research results show that the cybersecurity behaviour of employees and students is generally at a good level. However, some aspects of conservative behaviour need increased attention, such as the use of USB and other external media, opening links in emails too readily, monitoring the authenticity of visited websites and deleting browsing history before logging out. Cyber training has a noticeable effect on behaviour, particularly in the context of password management.Originality/valueNo previous research on cyber behaviour has been conducted in the context of Estonian higher education, despite the increasing number of cyber-attacks in this sector.