Universities are attractive targets for cyberattacks due to open networks and a large number of users, primarily students. This research examines cybersecurity practices among higher-education students, focusing on three areas: password security, phishing awareness, and social-engineering vulnerability. This survey of 146 students from various Australian universities revealed that while students have a moderate awareness of cybersecurity dangers, their practices are inconsistent. High rates of password reuse and poor complexity were noted, and many participants struggled to identify phishing indicators. Postgraduate students generally demonstrated better cybersecurity behaviours compared to undergraduates. Additionally, previous cybersecurity training was linked to improved detection of social engineering, though the effect was limited. Participants expressed a strong interest in practical cybersecurity training, preferring interactive and self-directed methods over traditional lectures. The findings underscore the need for systematic, behaviour-based interventions and structured cybersecurity education within institutions. Future research should explore causal factors, test training interventions, and conduct crosscultural comparisons to enhance the understanding of cybersecurity practices among students.
Authors: Kumar, Akash; Nanda, Priyadarsi
DOI: https://doi.org/10.36227/techrxiv.177015935.56095390/v1
Publish Year: 2026
Download PDF