Cybersecurity and the Future Workforce: What College Students Tell Us
I’ve spent the last several months living in two worlds at once. I had one foot firmly planted in the professional world as an intern for cybersecurity company BlackBerry, helping to write blogs like this one. My other foot remained rooted in Santa Clara University, located just outside of San Francisco, where I’m pursuing a degree in Communication.
Today’s college students are tomorrow’s workforce. In an age when technology is incorporated into every aspect of humanity, my generation should understand the various risks that come attached to tech. As technology advances, so do cyberattacks, and it is our job to make decisions that protect us, and that eventually will protect the companies that hire us.
When it comes to cybersecurity, what will my peers and I bring to the workforce when we get there — and what will we still need to learn?
Does the Future Workforce Think About Cybersecurity?
As college students, we rely on massive amounts of technology in our daily lives. We are always on our devices, whether phones, laptops, or tablets. We use them for chats, for studying, for research, even online classes, as well as more personal pursuits. Today’s college students are connected everywhere they go.
Some call my generation “digital natives” because we grew up with many of these apps and devices. However, does being exposed to technology since birth mean we’re more cybersecure than the previous generation? Thanks to my internship at a leading cybersecurity company, I now believe the answer is no. I’ve come to realize how little we students know about the risk technology can pose to our privacy and security if we fail to use it carefully.
Conversations With College Students
I had some recent conversations with fellow university students, and they seem to confirm my suspicions that despite being digital natives, we have much to learn about cybersecurity and digital privacy. Here is a sampling of the things I heard.
One student admitted, “I really don’t know anything [about cybersecurity], but I know I should. I’m just so busy and have so many things to think about that it doesn’t cross my mind most of the time.”
Not only is there a lot going on, but there’s also confusion about what we are saying okay to on most websites. “I have no idea what the ‘accept all cookies’ button means, but I click it every time anyway,” another student told me.
And while my peers and I love testing out what’s new, we aren’t always sure if that’s safe. “I’ve realized just how much we’ve advanced when it comes to technology, but not enough when it comes to protecting ourselves from it,” another student said.
These anecdotal comments are in line with a 2019 San Jose State University study, Cyber Security Awareness Among College Students. Researchers say their study focused on students attending college in “the most advanced technology environment” — California’s Silicon Valley.
The results show that even these college students, whose campus lies only six miles from my alma mater, are not very aware of how to protect their data. The study’s authors conclude their research with the following analysis.
Relating to College Students and Their Data
“College students...still are not very aware of how to protect their data. For example, they reported low levels of two-factor authentication usage or password complexity for accounts.”
Relating to College Students and Privacy
“Most students are aware of possible consequences of providing personally identifiable information to an entire university population, such as identity theft and stalking, but nevertheless feel comfortable providing it.”
The Future Workforce
Corporations hire vast numbers of college students each year, either as interns or as full-time workers. They need to be aware of who they are hiring, their skillsets, what they bring to the company, and what they might be lacking.
In a society where technology is everywhere, yet many individuals remain ignorant or ambivalent when it comes to the associated risks, organizations need software and dedicated staff to detect and defend against cyberattacks. They also need to help their employees to understand cybersecurity basics, so they can become another line of defense against threats like phishing, spoofing, and other forms of social engineering.
Dr. Irina Raicu is the director of internet ethics at Santa Clara University. I spoke with her about her experience with students and cybersecurity, as well as patterns that she has observed in the past few years.
“I think, aside from the students who are actually studying cybersecurity, all of us are bad at it, right? College students, professors, academia in general and beyond academia. Which is problematic,” Raicu says. “I think cybersecurity is, by now, one of the conditions required for the common good.”
She equates cybersecurity to other basics a community needs, like clean air and water.
“It's obvious cybersecurity is one of those conditions, because we are so reliant on the internet.”
While students are savvy when it comes to adopting new technical tools, they are not always as quick to recognize cybersecurity implications and risks, she says.
Her solution for this issue centers on education.
“Issues like cybersecurity need to be addressed really, really early. And it’s hard to do that when teachers and parents are not knowledgeable enough themselves.”
To help address the issue, she pointed to many of the Cybersecurity and Infrastructure Security Agency (CISA) resources, which include presentations on the basics of cybersecurity for parents and faculty, tips on detecting disinformation, and much more, that were developed to educate school-age kids and their families, as one example.
Also, some universities are now implementing cybersecurity training for students, to help them prepare for the technologically driven world that we are living in today. For example, Santa Clara University offers free online training for students and faculty. This training covers a variety of topics including tips on protecting oneself from potential cyber threats, creating secure passwords, and detecting phishing and scam emails.
All these things are a piece of the cybersecurity puzzle we, as digital natives, must help solve. And Raicu is optimistic that the next wave of cybersecurity professionals — who are currently college students — will play a special part in this.
“I'm trying to get them to see themselves as sort of educators, as well. They're going to be asked to explain things to their parents or their other family members...they actually have this really deeply powerful knowledge. And so, if they can participate in all kinds of events in their community and whatever organizations they end up in, and become essentially kind of public speakers,” she says, they can apply their knowledge to the greater good.
Perhaps this “deeply powerful knowledge” could be used to educate all of us, so that no matter who you are or what your role is, your goal is to always have at least one foot firmly planted in cybersecurity to protect ourselves, our schools and our companies.
As Raicu concludes, “If everybody just advances the ball a little bit, we're going to get further in the direction we want to be in.”