Password: 12345 – the human security vulnerability

The importance of users to internet security and what security awareness can achieve in the fight against cybercrime.

Text: Katja Dörlemann, published on 21.06.2019

As the official registry for .ch domain names, SWITCH is not only tasked with making the internet safer by OFCOM, but also has a fundamental interest in doing so. In addition to technical measures, raising internet user awareness plays an important role in increasing cybersecurity. SWITCH promotes safer behaviour on the internet through communication campaigns, advising IT security officers and community management.

Security awareness often falls by the wayside

Security awareness has long been included in the most important security standards and is therefore a permanent fixture in most organisations’ security concepts. However, the actual implementation is often problematic. Effective security awareness measures consist of a mix of actions to raise awareness and educate and train employees, and therefore take time and require communication skills. However, most IT security officers do not have the required resources. Many do not have sufficient communications expertise, and almost all of them do not have enough time.

SWITCH assists IT officers of various organisations with security awareness. We actively participate on many international exchange platforms for security awareness experts and inform the university community of the state of affairs and the latest theoretical and practical findings through events, working groups and mailings. This means that everyonecan benefit from the results and measures that are developed by associations or working groups such as the Anti Phishing Working Group (APWG), the ENISA-organised European Cyber Security Month (ECSM), the Swiss Internet Security Alliance (SISA) and, of course, GÉANT.

STOP.THINK.CONNECT. campaigns are designed to raise user awareness

The SWITCH foundation is deeply involved in the STOP.THINK.CONNECT. initiative. Globally launched by the APWG, the Swiss Internet Security Alliance (SISA) is responsible for the Swiss offshoot. In cooperation with parties interested in security awareness from the private sector, public authorities, NGOs and universities, SWITCH develops four to five themed campaigns online every year. We also distribute printed information material at universities for Password Day in May and European Cyber Security Month in October.

All of the content developed as part of STOP.THINK.CONNECT. is available under the Creative Commons licence. Some universities use the existing material with little additional effort for their own campaigns: from text for their homepage to the finished flyers where they merely add their own logo.

Reaching out to the community – SWITCH Security Awareness Day and eduhub

Every year, Security Awareness Day allows the entire SWITCH Community to learn, exchange knowledge with colleagues from other fields of expertise, and meet new people. The event program promises insights into the different approaches to security awareness and offers attendees new ideas and sources of inspiration. You can register now for the next Security Awareness Day on 1 October 2019.

Security awareness campaigns require interdisciplinary skills. To help security officers, who are primarily technically trained, get the attention and support they need within their organisation, SWITCH also raises the topic in other university communities, such as eduhub. We use webinars, workshops and eduhub to provide information and stoke interest in information security in general and security awareness in particular.

Hack the hacker – fun security training for long-term success

Fun security awareness options are particularly helpful. It’s easier to motivate people when you entertain them as well. That is why SWITCH has developed Hack The Hacker– the Security Awareness Experience: fun security training that leads to long-term success.

Just like in an escape room, participants have to work as a team to solve riddles in an analogue game environment. The training consists of three stations. An introduction provides basic security knowledge which must then be applied practically during the game. In a debriefing, the game hosts then establish the link to the topics discussed at the start. The mixture of theory and practice, fiction and reality, and teamwork makes the experience highly memorable for participants and motivates them to further discuss the topics covered. We offer special discounts to teams from the university community.

Our mobile version of Hack The Hacker makes it easier for the entire Swiss university community to participate. We work with individual universities to organise training sessions outside of the SWITCH facilities in Zurich. For example, we spent three days at the Université de Lausanne in April 2019 and at the Università della Svizzera italiana in Lugano in July 2019, which allowed us to offer the training course to nearby organisations.

Joining forces to raise awareness for safe online behaviour

Continuously raising awareness is crucial for promoting the safe handling of information and data.On request, we can provide the entire university community with our collective expertise on the subject of security awareness. SWITCH is constantly working to expand its offerings and support universities and affiliated organisations.

About the author
Katja    Dörlemann

Katja Dörlemann

Katja Dörlemann joined SWITCH as Awareness Specialist in September 2017. In serving as a security awareness consultant for two different Swiss IT companies, she gained several years’ experience in raising awareness among Internet users. She holds a PhD in General and Comparative Literature.


Hack The Hacker escape room

The SWITCH security awareness experience is aimed at students and employees in all areas. It takes place at SWITCH’s premises and lasts around two hours. A maximum of six people can participate in each game. Price on request.

For more information, please contact Katja Dörlemann, tel: +41 44 268 16 42 or visit our website.

Other articles