Digital security is still a relatively unfamiliar issue among university students; what's perhaps worse is that many of them don't even realize how little they know. More than 40 per cent admit not logging out after accessing an online service or having no password protecting their smartphone. Yet, despite a widespread lack of awareness about the risks related to mobile devices, students' perceptions of their knowledge about the subject are strikingly off target.
This is the main finding of a new report launched on Saturday at Wired Next Fest, Milan. The study was carried out by the Law and Tech Centre and looked at a sample of 1012 students from more than 15 Italian universities. The aim was to gain insight into the level of awareness and perceptions of security among digital natives. Respondents were asked a wide range of questions touching upon different aspects of the issue, with one inviting students to rate their knowledge on a scale from 1 to 10.
The results showed a marked difference between what students think they know about digital security and their actual familiarity with the subject. As much as 55 per cent ranked their knowledge between 6 and 8, in the face of a 29 per cent average of technical questions that were answered correctly. When asked the same question at the end of the questionnaire, respondents were 10 per cent more likely to claim little or no knowledge of security-related issues than they were at the beginning.
According to the report, students tend to fall into unsafe behaviours especially when confronted with the choice between security and usability. The majority sees more security as desirable, but only as long as it does not entail particular difficulties in terms of implementation. For example, 81 and 75 per cent, respectively, say they update both applications/software and the operating system on their smartphones and laptops when they can do so easily and immediately. On the same note, 87 per cent of students claim to use passwords of at least 8 characters, which - the study suggests - may depend on the fact that many online services now require the use of stronger passwords as part of their default settings.
The problem arises when protecting one's device is perceived as a complicated and time-consuming operation. While 10 per cent of students don't log out after using an application because they don't think it's important, about 25 per cent fail do to so because they either forget or don't know how to do it. A similar trend can be identified with regards to the increasing number of authorisations requested by online services upon installation. The majority of respondents never or rarely check what permissions or data they are giving away before accepting an app's terms of service. At the same time, more than half of those employing no mobile protection system (e.g. Pin code, pattern lock, passphrase and password, biometric data etc.) complained that these make the device uncomfortable to use.
Striking the right balance between security and usability represents one of the main goals set out in the report. From a technical standpoint, the study highlights the necessity to make it easier for users to select what permissions they want to grant as well as to handle multiple and more secure passwords. App developers could also play an important role in the process by providing a more active and durable support to their applications. However, this could hardly be effective without the establishment of a more robust legal framework assigning obligations and responsibilities.
Most importantly, the study calls for the implementation of a 'culture of security' that is currently missing even among the youngest demographics. The lack of such a culture is reflected in a wide range of behaviours that are still common among students. While the majority of those who have ever sold or given away their mobile device admitted having removed their contacts, photos and videos, only a few of them say they deleted calendar appointments or downloaded applications. Equally worrying is the fact that out of the 10 per cent of respondents who declared having at least once lost their device or had it stolen, more than one third didn't report the event to the authorities.
As a growing number of activities become digital, young people need to learn how to behave in the online realm and, more specifically, how to deal with their own information. Identity theft is one of the major dangers connected with the use of mobile devices. Yet students seem to be mainly concerned about the economic dimension of the problem and often underestimate the importance of their personal data. Reducing the risks nestled in digital technology requires first of all that users be aware of their role in enhancing their own security. Educating students to the use of these new tools would lead to a more empowered and responsible youth today as well as to a more developed and secure society tomorrow.