How one university got students excited—yes, excited—about cybersecurity

The stakes are high for cybersecurity in higher education: college email addresses are at high risk for cybertheft, and data breaches cost more in education than in other fields.

And while you probably imagine today's students to be digital natives, many aren't prepared to shield themselves from cyberattacks, Lindsay McKenzie writes for Inside Higher Ed.

Only 25% of students consider their campus' cybersecurity training to be "very effective," according to a survey by CDW-G. And the same survey found that IT professionals on campus consider educating users on cybersecurity practices as their number one challenge.

The University of Massachusetts at Amherst, however, may have found a way to make cybersecurity campaigns engaging and informative, McKenzie writes.

Awareness campaigns tend to fall flat if they fail to connect with students on a personal level, says Iris Chelaru, a web communications manager at UMass Amherst. To overhaul their cybersecurity training, Chelaru's team collaborated with campus organizations to design an awareness campaign that felt "warm and fuzzy," she says.

The campaign focused on educating students about the danger of using their pets' names as passwords, McKenzie writes. To drive the point home, the university built a website for students to create posters of their pets, underneath the campaign's slogan: "My name is not a good password."

How secure is Th1s Pa$$w0rd? Not very, experts say.

To add another level of interaction, the team created giant photo frames for students to pose with, McKenzie writes. Even the university's mascot, Sam the Minuteman, and university administration took part in the campaign, says Matthew Dalton, the school's chief information security officer.

The password campaign was especially powerful because it didn't overwhelm students with information, Dalton says. Instead of asking students to absorb an unwieldly number of password guidelines, the campaign simply showed students what a bad password looks like, he notes.

Although the campaign's social media engagement outperformed previous ones, quantifying its effect on student behavior is tricky, Dalton says. The number of student account breaches has declined, but it's unclear whether the password campaign is responsible, he explains.

The campaign was successful, however, in getting buy-in from university administrators and branding the institution on social media, Dalton says. Most importantly, students were excited to participate in the campaign, which is critical for security awareness, Dalton says (McKenzie, Inside Higher Ed, 12/7).

Also see: 3 reasons cybersecurity efforts fail

Next in Today's Briefing

3 ways to be a better mentor

Next Briefing

  • Manage Your Events
  • Saved webpages and searches
  • Manage your subscriptions
  • Update personal information
  • Invite a colleague