This document discusses a study conducted by students at Florida State University to assess cybersecurity awareness among FSU students. The study involved distributing an anonymous survey to gather self-reported data on students' knowledge of cybersecurity issues like phishing, WiFi security, and social media safety. The results showed that seniors and IT students were overrepresented in the responses. While respondents displayed awareness of some key cybersecurity issues, more data is needed to fully understand campus cyber habits and knowledge. The study aims to help the university improve cybersecurity education and protection on campus.

1.
Cyber­Security Awareness Among FSU Students
Dustin Moriarty, Cuong Huynh, Zach Broe, Michael Birdsong, Matt Farrell
Florida State University
December 6, 2015

2. Cyber­Security Awareness Among FSU Students
1
Abstract
Cyber­security is a concern for almost anyone who interacts with personal data on the
internet. On a University campus, countless amounts of personal data are floating off and on
campus and we need to know if our students are knowledgeable enough to protect themselves.
Before we can start intervention programs to make sure we are safe, we need to figure out how
knowledgeable our campus is.
The way we ventured forth to gather this data is the self reported survey. This method
would allow us to reach a large sample of our population and to get a large response among the
various types of students we have at Florida State University. The only drawback is that we can’t
get a higher level of participation since it is anonymous and we can’t offer compensation in any
way but our gratitude.
Once our data was collected, we compared the types of students we had to get a picture of
who is responding to self reported surveys. We could also see who is not responding, or who is
not receiving our email. Using basic graphing tools we could present our data showing the
frequency differences of responses.
Our results show that our population was overrepresented in Seniors, and Information
Technology students. We did get a large percentage of people that are aware of phishing, wifi
security, and social media safeguards. This is promising, but more data is needed to get a better
view of campus cyber­security habits and knowledge.
Introduction

3. Cyber­Security Awareness Among FSU Students
2
Problem Statement
Our real world problem is the lowered state of awareness that exists in users of the
internet in reference to cybersecurity. Our question narrows down the focus to target college
students, so that we can get evaluations and results from real subjects in our community. We feel
that cybersecurity is an important topic, and the reason is because most breaches are due to an
individual’s negligence and disregard to the protection of their own personal information. In a
study done by the worldwide leader in networking for the internet, it stated that 88% of the
respondents in Russia, China, India, and the United States believed that cyberspace threats play a
major role in our internet infrastructure (Cisco Systems Inc., 2010). While many respondents feel
comfortable with online banking and shopping, more than 69% are not comfortable with sharing
their identity and personal data online (Cisco Systems Inc., 2010). In another article, it states that
93% of adults believe that being in control of who can access their information is important; 74%
feel this is “very important,” while 19% say it is “somewhat important.” In the same article, 90%
say that controlling what information is collected about them is important — 65% think it is
“very important” and 25% say it is “somewhat important.” (Madden et.al, 2015). Thus, our study
will seek to evaluate the proficiency level of understanding cyberspace threats amongst college
students from all majors/fields in our community.
Significance and Purpose of Study
Cybersecurity is important on many different levels. ​For the individual, such as a college
student with little money, it is important that they protect themselves from email phishing,
because as stated by Steve Sheng, the age group most susceptible to email phishing is 18­25

4. Cyber­Security Awareness Among FSU Students
3
(Sheng et al., 2010), which are typically the age of college students. It is also imperative that
they protect themselves from the theft of the money they have acquired in their bank accounts,
theft of identity that leads to fraudulent loans that ruin the their credit, theft of security; which
could leave an individual vulnerable to more cyber­attacks and possibly violent crime in real life.
In an article by Rajewski[BY1] (2013), he states that “Colleges and universities report
astounding rates of cyberattacks, with millions of hacking attempts into information systems
weekly”. This means that while a college student is attending school, it could be very likely that
out of the millions of hacking attempts, they could possibly be a statistic to theft of their
information. On the other hand, if an individual works for a secure business or the government,
the person can be subject to blackmail, man­in­the­middle attacks, or unknowingly infect their
company’s systems with malicious scripts. A statistic from Madden, Mary et al (2015 ) states
that “Just 6% of adults say they are “very confident” that government agencies can keep their
records private and secure, while another 25% say they are “somewhat confident” (. I feel that
these figures are very weak because we expect our government agencies to be very secure in
terms of cyber security, but we could be very wrong.
As more and more information is digitized, the information becomes less secure and there is a
much stronger push towards gaining access to an individual’s information, and with social
medias such as Facebook, additional information is available for attackers to use against their
victims. People can fall victim to con­artists that are looking to exploit people for the desire of a
quick buck, love interests, or fear of punishment​. It is scary that most, “66% of adults say they
are not confident that records of their activity maintained by search engine providers will remain
private and secure” (Madden et. al, 2015).

5. Cyber­Security Awareness Among FSU Students
4
Research Question
RQ1: What is the level of cyber­security proficiency of college students?
RQ2: What is ideally proficient cyber­security awareness among college students?
Literature Review
We have broken down our research into three separate subcategories that we feel are
important topical areas of cyber­security. These three categories are computer literacy, social
media, and phishing attacks. Computer literacy is the baseline of all, because if a user is not
aware of how to protect themselves from attacks they will fall victim to attacks of all kinds.
phishing emails are the easiest way for attackers to gain sensitive information from users just
because people do not know what to look for when they are clicking on links. Social media ties
into this because public environments online such as social media websites and apps may expose
you to malicious links posted by said pages. Furthermore, attackers are sending messages to
victims on social media to steal away their private information. This all comes back to computer
literacy, and how we need to educate users on how to use the internet safely.
Email Phishing
“Research findings have indicated IT users’ lack of knowledge and clear understanding
of cybersecurity solutions, including protections against phishing, unwanted tracking of their
online activities, and potential leak of sensitive personal information” (Ping 2013). We all know
phishing attacks happen everyday and people fall for them all the time. We as IT majors know
better but the emails can be very convincing. We as a group have all received phishing attacks,
especially to our FSU email, but you have to be smart about the links you click on and double

6. Cyber­Security Awareness Among FSU Students
5
check where they are routed to. Ping (2013) talks about how the amount of phishing attacks
have grown into a serious problem for end users.
We all know people who have fallen victim to phishing attacks and they are a very
serious threat. If you are not carefully you can easily submit sensitive data to the wrong person.
This is where computer literacy comes into play with these types of attacks. If you know what to
look for in an e­mail from, let us say your bank, you can easily identify the email as fraudulent or
legitimate. Furthermore, hackers are getting even smarter and using our social media to
implement these attacks by sending us messages to sign up for things and take our credentials
away as we do. Facebook combated this by creating a separate inbox for messages from people
we are not friends with, this however made it difficult to users who were not aware of the switch
to find the messages from people outside their social circle. Facebook has fixed this problem by
asking you to accept messages from people outside this circle, users just have to know who to
accept them from though and to not just click on links. Ping (2013) also talks about how there is
countermeasures for email phishing built into web browsers, furthermore they have ways to
detect, prevent, and minimize loss do to phishing emails.
​Social Media: Facebook
Then there is social media, where there also resides hackers but for a slightly different
type of cyber threat. These people known as social engineers, as Mensch and Wilkie (2011)
would call them, essentially want a user’s information so that they can send messages and make
posts on the user’s part, unknowingly, to their friends and family or whoever they may have in
their friends list to infect them the same way they were infected. Since 2002, Social media has

7. Cyber­Security Awareness Among FSU Students
6
grown exceptionally and with its maturation, hackers have been able to gather more personal
information of their victims than ever before. These hackers use many different strategies in
order to compromise a user’s information and typically if you become their target, they are
relentless in their journey to obtain your information.
A typical incident on social media networks would involve a user that may accept a file
from an unknown user, masked as a friend on their friends list or they may click a link in their
news feed that infects their account instantly after opening it. Thus, their account becoming
infected to the extent where it will send messages and create posts unknowingly and the only
way to find out that they have been infected is if those recipients that the messages or posts were
sent to, message the infected user back with “what is this”, “I’m not clicking that”, or something
along those lines. (P. Y. Chodnekar, personal communication, April 18, 2015), (T. Z. Ming,
personal communication, Janurary 5, 2015), (L. Slabbert, personal communication, March 14,
2015), (T. Khamenehzadeh, personal communication, July 8, 2015). Even then, sometimes a user
may never realize that their account has been infected and end up a becoming a host or carrier for
that cyber threat.
As Mensch and Wilkie (2011) stated in their article on social media literacy, “social
engineering is common tactic used by attackers and involves persuading people that the
perpetrator is someone other than who he/she really is” (p. 3). This happens often on campuses
around the U.S but goes unreported in university crime statistics. The article also mentions that
“Cybercrime is one of the most common criminal activities affecting college students that is not
tracked by the Clery Act” (Mensch & Wilkie, 2011, p. 3). This also ties in with phishing, it is
true that phishing attempts not only occur through email but on every social media platform. All

8. Cyber­Security Awareness Among FSU Students
7
things considered, cyber hacking attempts will always be around because it is a 24/7/365 threat,
no one is ever really safe unless they are avoiding using the internet at all, and even then, users
are still able to have their confidential information compromised, somehow.
Computer Literacy
This was the main part of our research that was the hardest to nail down. The main
problem was defining exactly what it means to be “computer literate.” Unlike literacy in general
we do not really have a scale on what is a based standard, this may be in due because computers
are still fairly new. Even though computers are everywhere and everyone knows what they are
and what they are used for, the use of them is still new to people. The older generations saw the
invitations of the first computer and maybe if bought an Apple I back in the day, but there are
still people who have never used a computer before, or if they have it has been minimal.
White (2015), Slusky & Partow­Navid (2012) all agree that due to a lack of computer
literacy the amount of cyber attacks have increased. White (2015) talks about that attacks are
also increased because of the amount of users has increased dramatically. We know this to be
true because most homes have at least one computer in them, if not one for each person in the
household. mobile devices are also on the rise and they play a part in cyber crimes as well.
People connect to free Wi­Fi all the time on their mobile devices and what they do not know is
that anyone on the network, if they know what they are doing, can access their information on
their devices. You could say while you are eating your lunch with a device connected to an
unsecure Wi­Fi someone is eating your data.
Methods

9. Cyber­Security Awareness Among FSU Students
8
Data Collection Method
We chose to use the survey questionnaire for our research instrument. A survey
questionnaire is a very efficient instrument for recording data on a large scale while offering both
structured and open­ended questions to receive the highest quality responses for analysis. This
instrument will help achieve not only a better definition of cyber­security awareness among
college students, but also greater insight towards measuring student perceptions of cyber­security
proficiency. We chose utilize a self­administered survey because we felt that it would be easiest
to use the student directory in order to randomize our selections when we collect our data
between the different colleges at Florida State University. The benefits that we thought the
survey method would have is that we can send out a mass amount of emails and hope for a
response from each of our random samples. Our research instrument consists of a multitude of
questions that are pertinent to what we feel are important topical areas of cyber­security.
Summary of research instrument development process
Our choice of Research Instrument is the self reported survey. We are sending links to
our survey to email addresses with their names removed. This way only data about major
describe the user. We used a combination of close ended and open ended questions to gather
more information about their cyber­security knowledge. Quantifiable answers are also given to
prevent inconsistencies.
Research Population, Samples, And Sampling Techniques
Our research population was made up of undergraduate FSU students. We retrieved their
emails through the university student directory that shows the status whether the student was

10. Cyber­Security Awareness Among FSU Students
9
active or not. Specifically, we were looking for active undergrad students because we believe it
would yield the best results. For our research instrument, we decided on utilizing a​ survey with a
randomized sample population as our means of gathering data. ​We chose a randomized sample
population because we only had 3 weeks to send out the max amount of emails per day (500
emails), and collect and analyze data. ​We selected our colleagues and students from the LIS3201
Fall class and also other undergraduate students from different colleges around the university.
We figured this would be the most efficient way to gather data for this project because it would
yield quality results from a rather large population of undergraduate students that were actively
attending the university. We had a total of 24 student participants who completed the survey.
Participant Recruitment Process
Our method of participant recruitment was a targeted strategy to reach our population.
We needed college students at our university and sending them our letter of intent and link to the
survey is guaranteeing they use the internet and are vulnerable to cyber­attack because they have
an email address. Our student directory lookup is available and a master list of all email
addresses was created.
This list of email addresses is then given incremented numbers to make sure there is a
unique number for each email address. Using Microsoft Excel’s random number generator, we
were able to get 500 random email addresses at a time and send the letters with the links to the
email addresses. 500 is the limit on our email service so we sent two batches of 500.
The email explaining our team, project, goal, and the survey will be sent with a link to the
actual survey. This way the subject will be aware that their personal information is protected,

11. Cyber­Security Awareness Among FSU Students
10
their honest responses are appreciated, and it won’t take too much of their time. Once an
appropriate goal has been reached we will store the information as it relates to each college, and
then combine into a separate list representing the university as a whole for analysis.
Analysis
Descriptive Analysis
According to our data, on average students spend around 4­5 hours each week on social media
(78% combined 0­4 and 5­9 hours), excluding those who do not know how many phishing
emails they receive each week students receive from 0 to 5 (34% combined 0 and 1­4) phishing
emails each week, they utilize advanced privacy features in social media websites (64% majority
said yes to this), and they knew when a link was suspicious (68% answered no to clicking
shortened links because the user doesn’t know to where the link points). Additionally over ¾ of
respondents know that connecting to free wifi is not safe. There was an even spread of usage
regarding types of security software utilized by end­users, while some respondents claimed
enough confidence in their Mac product not to have any security software. The mode for the
question regarding the importance of security software shows clearly an overwhelming support
for using security software.
Findings
After 1,000 emails and numerous social media invitations, we secured 22 actual
completed surveys. From this data we compiled histograms showing the various times an answer
was chosen for close ended questions and noted specific words used in the open ended questions.

12. Cyber­Security Awareness Among FSU Students
11
77% of our sample were Seniors, and no Freshman took our survey. This is already a saturated
population of Seniors but we will continue.
RQ1: What is the level of cyber­security proficiency of college students?
Of our 22 responses, 68% were in Information Technology, 11% reported a Business
major, and the rest were 4% each at Biological Science, Criminology, Exercise Science, and
Social Work. 70% did know what phishing is, 55% and 23% found security software “Very
Important” and “Important” respectively. These are snapshots of a greater picture that illustrates
the competency level of those who participated in this survey. The majority is always showing a
good amount of cyber­security knowledge. When confronted with a computer virus issue,
participants either relied on security software to prevent or eliminate the virus while resorting to
a complete computer wipe. Others simply relied on solving the problem by giving the
responsibility to a significant other or by contacting the manufacturer.

13. Cyber­Security Awareness Among FSU Students
12
RQ2: What is ideally proficient cyber­security awareness among college students?
Our questions established a baseline for cybersecurity awareness, and the responses to
these questions in close ended and open ended methods demonstrate current students’
cybersecurity awareness. Included in an ideally proficient cybersecurity awareness among
college student are aspects like usage of security software like Norton and McAfee, usage and
awareness of advanced privacy settings on social media, and an appropriate reaction to an email
phishing occurrence regarding stolen information due to falling victim to a phishing threat.

14. Cyber­Security Awareness Among FSU Students
13
Discussions/Implications
With a majority of students pursuing an Information Technology degree, we found that
nearly three­quarters of our respondents knew what phishing is. More than half of respondents
established security software as very important, and 23% found security software important,
making that nearly 80% of participants having a high level of cybersecurity awareness. Data
security is becoming increasingly important in the professional workplace, and a high level of
cybersecurity awareness is crucial when working in the real world. A majority of careers focused
on cybersecurity are IT­based, hence it is uplifting to observe a high level of proficiency among
a sample of students predominantly pursuing a degree in information technology. In the future,
technology will undoubtedly improve and new methods of phishing and data theft will develop.
As technology improves, however, its prevalence and continuing integration into daily life will
lead to greater efforts to educate young adults with cybersecurity awareness strategies. Twenty

15. Cyber­Security Awareness Among FSU Students
14
years from now if these two questions were to be asked to college students, even more will be
aware of cybercrime and the methods and policies to manage cybercrime. ​Our participants or any
end­user for that matter must learn to accept responsibility of their actions online and offline and
take proactive measures to stay educated about the most up­to­date/available security tools and
procedures to protect their personal data and information from cyber attackers.The results of this
study also strengthen the assertion that the human factor is truly security’s weakest link. ​ ​No
matter how sophisticated the technological solutions, there will always be a workaround for
cyber attackers.
Limitations/Future Study
Although we measured a high level of cybersecurity, our data does not significantly
represent the entire student population, and for future studies a better representation FSU’s
population would provide even greater data significance. Additionally, our data represents for a
majority senior students. Thus, a future study conducted among a similar population (college
students) should attempt to have an even distribution of education levels (from freshmen to
graduate students). However it is also important to further expand this research topic from not
only college students to including all young adults having an age similar to college students. Our
study was limited by the broad questions used in our research instrument. Case studies and
interviews can dive into the details of pinpointing cybercrime and cybersecurity proficiency, and
the more in­depth variables would lead to even greater data significance.
Conclusion

16. Cyber­Security Awareness Among FSU Students
15
Over the past 14 weeks, we have created and developed a contemporary research project
that explores the cybersecurity awareness of college students. Our research goals were
represented through two questions: what is the level of cyber­security proficiency of college
students and what is ideally proficient cyber­security awareness among college students. Our
data shows that college students, mainly information technology students and mainly senior
students, have a high level of cybersecurity awareness with regards to social media threats,
emailing and phishing awareness, computer literacy, and knowledge of the importance and the
use of computer security software. Our data appropriately measured a reasonable spectrum of
cybersecurity proficiency through a survey composed of multiple closed­ended and open­ended
questions, resulting in participants stressing of the use of security software (Norton and McAfee
for example), web link (URL) awareness, and phishing recognition.
Reflection on Conducting Research
Our team had a great semester conducting our research topic. Once we developed
research questions to solve we shifted into gear and was ahead of schedule. We all had great
ideas to add, while responding and adapting to each other’s ideas. ​Our first challenge was to find
access to our population and to obtain a sample from that population. The five­hundred FSU
participants we chose for our sample did not respond as willingly as we would have liked.​ While
talking it over we agreed to send another email blast, as well as to send the link to our fellow
college friends and neighbors who we knew would give us the statistics we needed. After getting
our results from the survey everything went smooth that point forward. Yes, some of us have not
worked together before and may never again, but working with people you have never imagined

17. Cyber­Security Awareness Among FSU Students
16
working with is a great technique.​ to improve communication skills and adaptability to the work
environment​.

18. Cyber­Security Awareness Among FSU Students
17
References
Ping, W. (2013). ​Assessment of Cybersecurity Knowledge and Behavior: An Anti­phishing
Scenario[BY2] pp. 1­7 Retrieved from
http://beta.orionsshoulders.com/Resources/articles/26_22296_%20().pdf
Charlotte, S., Susanna, C., & Renee, K. (2009). ​Trusted Distributed Repository of Internet Usage
Data for Use in Cyber Security Research pp. 83­88 Retrieved from
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=4804429
Sheng, S., Holbrook, M. Kumaraguru, P., Lorrie, F. C., & Downs, J. (2010). ​Who falls for
phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10).
ACM, New York, NY, USA, 373­382. DOI=10.1145/1753326.1753383
Mensch, S., & Wilkie, L. (2011). Information security activities of college students: An
exploratory study. ​Academy of Information and Management Sciences Journal, ​14(2), 91­116.
Musa, S. (2014). e​Cybersecurity: Awareness Training and the 90/10 Rule. Retrieved September
18, 2015.​ ​http://evolllution.com/opinions/cybersecurity­awareness­training­9010­rule/
Tsikerdekis, M., & Zeadally, S. (2014). ​Online deception in social media.​ Communications of
the ACM​, 57(9), 72­80

19. Cyber­Security Awareness Among FSU Students
18
White, G. L. (2015). ​Education and Prevention Relationships on Security Incidents for Home
Computers.​ The Journal of Computer Information Systems​, 55(3), 29­37. Retrieved from
http://search.proquest.com/docview/1674251481?accountid=4840
Slusky, L., & Partow­Navid, P. (2012). ​Students information security practices and awareness.
Journal of Information Privacy & Security​, 8(4), 3­26. Retrieved from
http://search.proquest.com/docview/1318750219?accountid=4840
Jones, B., Chin, A., & Aiken, P. (2014). ​Risky business: Students and smartphones. TechTrends:
Linking Research & Practice to Improve Learning, 58(6), 73­83. doi:10.1007/s11528­014­0806
Retrieved September 18, 2015
http://ha6lk3ly9z.search.serialssolutions.com.proxy.lib.fsu.edu/?sid=Refworks&charset=utf­8&_
_char_set=utf8&genre=article&aulast=Jones&auinit=B.&title=TechTrends%3A%20Linking%2
0Research%20%26%20Practice%20to%20Improve%20Learning&date=2014&volume=58&pag
es=73­83&issue=6&atitle=Risky%20business%3A%20Students%20and%20smartphones&spag
e=73&au=Jones%2CBeth&au=Chin%2CAmita&au=Aiken%2CPeter&
Brenner, J. F. (2013). Eyes wide shut: The growing threat of cyber attacks on industrial control
systems. Bulletin of the Atomic Scientists, 69(5), 15­20. doi:10.1177/0096340213501372
Retrieved September 18,2015
http://ha6lk3ly9z.search.serialssolutions.com.proxy.lib.fsu.edu/?sid=Refworks&charset=utf­8&_
_char_set=utf8&genre=article&aulast=Brenner&auinit=J.F.&title=Bulletin%20of%20the%20At

20. Cyber­Security Awareness Among FSU Students
19
omic%20Scientists&stitle=Bull.At.Sci.&date=2013&volume=69&pages=15­20&issue=5&atitle
=Eyes%20wide%20shut%3A%20The%20growing%20threat%20of%20cyber%20attacks%20on
%20industrial%20control%20systems&spage=15&au=Brenner%2CJoel%20F.%20&
Cisco Systems Inc. (2010). ​Cybersecurity: Everyone’s Responsibility retrieved from:
http://www.cisco.com/web/strategy/docs/education/C45­626825­00_Cyber_Security_Responsibi
lity_AAG.pdf
Madden, C., Mary, B., Rainee, A., Lee, H. (2015) ​Americans’ Attitudes About Privacy, Security
and Surveillance Pew Research Center retrieved from:
http://www.pewinternet.org/2015/05/20/americans­attitudes­about­privacy­security­and­surveilla
nce/
Instructions for Final Report (150 points)
● In the final report, you ​must revise the first drafts​ that you wrote in previous assignments through
semester ​based on the feedback given by the instructor​ and create a report document. The final
report should include the contents listed below:
○ Title page (project title, team member names, etc.)
○ Abstract (less than 300 words)
○ Introduction
■ Problem statement
■ Significance and purpose of the study
■ RQs
○ Literature review (not Annotated Bibliography!) 1 of 3 done

21. Cyber­Security Awareness Among FSU Students
20
■ Organize 2 ­ 4 sub sections regarding problem and significance (meaning
structure of your literature review).
■ Provide your own synthesis under the sub section titles based on your
interpretation of articles you read and summarized on your AB work.
○ Methods
■ Data collection method(s)
■ Summary of research instrument development process
■ Research population, sample, and sampling technique(s)
■ Recruitment strategy and process
○ Analysis (Findings/Results)
■ Start with the descriptive analysis (information about your subjects based
on mean, median, and mode).
■ Provide your findings (no interpretation yet!) under each RQ or theme you
want to address.
■ Organize your quantitative (e.g., texts, tables, charts, graphs) and
qualitative findings (e.g., texts, themes, direct quotes) with visuals.
○ Discussions/Implications ​Needs more
■ Briefly state the findings again and provide your interpretation and
meaning of findings.
■ You can validate your findings by comparing/contrasting with previous
studies.
■ Provide significance of the findings.
○ Limitations/Further Study
■ Do not color/hide your design or findings.
■ List them and plan for the future study.
○ Conclusions
■ Briefly conclude the findings and significance once again.

22. Cyber­Security Awareness Among FSU Students
21
○ Reflections on your research experience
■ What you learned, what challenges and issues you faced, how you handled
and managed them, etc.
● The report should be a professional document based on ​APA style​, having a title page, page numbers,
and references. A simple collection of each assignment will NOT be considered as a professional
report.
● Highlight your updates from the original assignments​ (use ​yellow highlight​ in WORD​), to show
how you made an improvement on the documents.
● File naming rule:
○ team#_Final Paper.doc(x)