Information security practices and problems among staff members of Sri Lankan universities: a case study of Uva Wellassa University

Abstract

Information Security (IS) has emerged as an essential aspect of all organisations. Universities have an enormous amount of information collected, analysed, and stored daily, which is paramount. Therefore, beyond doubt, information security plays an integral role in the university system. University staff members store vital information on their computers. Furthermore, many academics keep themselves logged into online accounts. Hence, the attackers use these opportunities to carry out attacks that could result in compromising confidential information. Making university staff members aware of information security-related matters and aware of possible threats and countermeasures could lower the levels of IS risks faced by universities. Yet, the number of research conducted to identify the level of awareness regarding information security among university staff members is scarce. Therefore, this research investigated the information security-related practices of the Uva Wellassa University of Sri Lanka staff members. The University's academic and administrative staff members were considered the population, and an online questionnaire was shared among 110 randomly selected staff members. There was a response rate of 87%. The responses were analysed using Minitab statistical software. Cross tabulation and chi-square analysis were performed after coding the responses to identify the association between each other. The study revealed that only 26% of the respondents had a thorough understanding of the concept of information security and 6% of the respondents stated that they had not heard of the term information security. In comparison, the remaining 68% had mentioned that even though they had heard of the term information security, they were unsure what it meant. This reveals that despite having access to the newest technologies and a wide range of information, university employees are not adequately aware of the IS issues and best practices. This study developed a conceptual model which illustrated the relationship between the selected IS practices and the knowledge on information security. The researchers identified three factors (i.e. password protecting confidential documents, checking SSL before entering data, and sharing confidential information through emails) which had an association between them and possessing knowledge regarding IS at a 5% level of significance. The study also identified several factors which had interconnections among each other. The shortcomings associated with the current practices were analysed, and the possible countermeasures such as implementing a proper information technology policy, conducting periodical awareness sessions, etc., were presented.