Cybersecurity awareness is a matter of public health — at least, that’s how they’re treating it at the University of Maryland, Baltimore County (UMBC).
Jack Suess, vice president of IT at the public research university, enlisted global public health students this year to spread the word about staying safe online.
“The traditional models of trying to talk about cybersecurity just don’t work,” Suess said in an interview with EdScoop. “They’re way too technical, and people don’t feel that they’re actually able to control their own safety effectively online because it’s too complex and complicated.”
A meeting with Microsoft a few years ago spawned the idea that “public health has been dealing with this issue in a variety of ways for years, and on our own campuses, you use public health models to talk about why you shouldn’t do binge drinking or why you need to be thinking about safe sex,” he added. “We’ve got structures in place.”
In rethinking the approach to cybersecurity awareness, Suess appointed two public health students and one cybersecurity student to conduct outreach and research messaging techniques, and then figure out how to apply them to practicing safe surfing on the web.
In a study published in 2016 in the Berkeley Technology Law Journal, researchers linked cybersecurity to public health in terms of preventative measures. Suess noted that just as people use condoms to prevent sexually transmitted diseases, crimeware can be purchased to protect users from hacking, viruses and other cybercrimes.
“Preventative techniques that patch vulnerabilities or limit downloads and executables are effective against exploits” regardless of the host’s intent, according to the study.
At UMBC, the students came up with four main themes focused around how to create strong passwords, how to recognize phishing scams, how to think about securing their devices and how to manage theironline presence.
“These small steps are key to beginning to be safer online,” said Suess. “It’s not unlike healthy eating and cutting down on snacks and thinking about portion control.”
The students did a series of outreach events and presided over tables in the student commons where they gave out T-shirts that said “Be the Key” to their own safety online, and offered interactive quizzes for their peers to get more involved.
“It’s just a different approach to doing outreach, where instead of using technical cybersecurity majors, we used people who are more used to going out and interacting with people and coming up with fun, lighter kinds of communications,” said Suess. “We ended up creating an approach that was much more lightweight and student-centric, and what we found is it resonated well.”
Now, after the success of the public health outreach model, Suess is thinking of ways to incorporate the training and research into the college’s cybersecurity curriculum. He and his team are developing a new public health-inspired tutorial that would take about 10 minutes to complete, and participants would receive a badge that shows they’ve been through basic cybersecurity training.
The school is planning to launch the badge program in the fall.
“What most campuses do is go out and buy these dense packages of training that you have to sit through 20 to 30 hours worth of video, and nobody ever does it,” said Suess. “And even if somebody does do it, they don’t end up remembering it. If we’re going to try to succeed in improving cyber awareness for students, we’ve got to find a different way of reaching those students.”