The information security awareness of the Slovakian kindergarten teacher students at starting and finishing the study in higher education

. In this paper we have analysed the changing of the kindergarten teacher-education students’ awareness of information security at J. Selye University in Slovakia. Because there are sensitive data about children stored in the kindergarten (e.g. home address, parents' details, medical records, etc.), it deeply matters how careful is the data stored. Thorough data protection is important in order to avoid the digitally stored information to be viewable by other persons, who can use them for malicious purposes (e.g. social engineering, kidnapping, murder). This requires appropriate care and protection of storage and handling. In our research we wanted to know what level of information security awareness characterizes the kindergarten teacher-education students, whether they are aware of the basic data protection aspects. We want to see the higher education without any information security course have gained the information security awareness of the kindergarten teacher-education students or not.


Introduction
The young generation use smartphones, tablets to keep in contact with friends at home, on public transport, in the school etc. They use different communication forms on the internet like social networks, chat rooms and so on. These applications are protected by password authentication system to keep save the data of the users.
The sensitive information related to young children is getting particularly more and more important since the daily news coverage is referring about missing and abducted children. Kindergarten teachers take records about the child's home address, medical information, personal information of parents, etc. If these data get to untrained hands it is possible to use them to bad purpose through social engineering [1]. In addition it is possible to disguise a child's murder to accident, based on obtained severe food allergy information, or using conflicts between parents' in order to child abduction etc. The listed examples might seem too be extravagant, but they show how serious consequences may have if sensitive data relating to children does not come into the right hands.
Our research aims to examine the changing of the information security awareness of graduate teachers, assessing whether they will be able to use the right level of data protection in their work. We have analyzed of the IT knowledge level of Slovakian students before the final exam [2,3,4]. In this case want we measure the information security awareness at the beginning and at the end of the higher education. For the analysis, the students filled out a questionnaire, which asked what kind of online services they use, about the importance of used online services and the students' user password habits.
With this information we can get a notion about the level of information security awareness they have, which will affect the protection of sensitive data they will manage in the future. The study assesses what kind of online services they use and what level of protection they use in these services for their own data. The analysis of ordinal measurement level variables we performed by using non-parametric tests based on use of rank numbers. At the end of our analysis we concluded that many of them are not aware of the essential data and information protection. The data they have stored can be very easily obtained. These facts are foreshadowing what level of data protection we can expect in their nursery work. Based on the results and considering the serious consequences of the misuse of the sensitive data could have, an additional training in information protection is very much required among the kindergarten teacher-education students.
In regards to the sensitive data used by the kindergarten teachers at work and the lack of information security awareness which we see as a result of this survey, it would be worthwhile to hold a training for them in the mentioned topic of protection of data, also demonstrating the cases, when relevant information has been taken to wrong hands, because of insufficient information security skills [5,6].
The question is the following: has any influence of the higher education on the information security awareness of the kindergarten teachers without any information security course?

The study
In the questionnaire apart from the personal data questions we have asked about the ICT tools they own; the time spent using Internet; their web service use and its importance; and their user password habits. The importance of services was measured using a 5-point Likert scale (1 -I do not use at all, 5 -very important) [7,8] Our questionnaire was filled out by 37graduating students (kindergarten teachers) in Slovakia who are coming from different cities and villages in Slovakia.
The questionnaire had a wide range of variables (nominal measurement level). Some of these (characterized by sequence of interest) we coded as higher ordinal measurement level variables (e.g. education, village size etc.). In case of password usage we gave higher score (rank number) for more cautious and safer passwords and lower score for the risky ones. (E.g. The passwords dissimilarity indicator variable was given one point for the identical passwords, 2 points for partially same passwords (with identical area), 3 points for a completely different passwords). The analysis of ordinal measurement level variables we performed by using nonparametric tests based on use of rank numbers (e.g. Spearman correlation in relationship testing, in case of independent sub-sample the Mann-Whitney, respectively Kruskal-Wallis test in deviation/dissimilarity testing) [9,10].
We treated these variables as range variables where the comparisons of the different categories (dissimilarity tests) were performed.

Analysis of passwords used in online services at starting and finishing the study in higher education
Almost 70% of the students used partially different passwords at the beginning of the study and 25% totally different passwords by different internet services. At the finishing the study almos 50% of students use partially different passwords and almost 40% totally different (Fig 1.).  Never changed the passwords 12% of the students before starting the study and by the finishing of it. In case of 41% of the students did not change their password only if they think someone found it out and this growed on 46% by finishing the study. In case of 24% of respondents changed the password annually or less frequently at starting the study and 30% t finishing the study. In case of 22% of the students changed it every 3-6 months and decreased on 5% at finishing the study. In case of 5 % of respondents change every 1-2 months the passwords at finishing the study at university, at beginning no one changed so frequently (Fig 2.).

Fig. 3. Password length
We estimated the number of characters in passwords given by the respondents. The minimum number of password characters is 6, the longest 18. The number of characters in passwords in 11% of participants was less than 8 at starting the study and this number decreased on 3% at finishing the university. In case of 55% of respondents was 8-10 characters at the beginninng and 59% at finishing the study. In case of 21% was this number 11-13 at the beginning and 19% at finishing the study. Longer passwords than 16 characters was used 5% of the respondents at the beginning and 3% at finiching the study (Fig 3.).
We also have analyzed the characters used in the selection of passwords. From the participants in the survey 8% of respondents used only lowercase letters in passwords at the staring of the study and 2% at finishing, other 2% of students used combination of upper and lowercase letters at starting and finishing the study. In case of 75% of respondents used combination of uppercase, lowercase letters and numbers at the starting the stud and it is increased to 81% by finishing the study, which is required by some services. In case of 12% of students used uppercase letters, lowercase letters, numbers and other characters too at beginning and finishing the university (Fig 4).  We investigated also the quality and the strength of password. In case of 11% of respondents saved their passwords by the browser at starting the university and 8% at finishing it. In case of 21% of students written their password down at the beginning the study in Higher education and 19% at finishing. In case of 27% of respondents written down some passwords at starting the study a it decreased on 24% at finishing it. In case of 40% remembered their passwords without writing it down at the beginning the study and 49% at finishing. Only 6% of the students used/use password manager program for generate and save complicated passwords (Fig 5.).
If we see the results of the password using habits the kindergarten teacher students have low level information security awareness.

Analysis of changes in password using habits between the starting and finishing the study in higher education
Earlier have we seen the password using habits of the kindergarten teacher students when they started the learning at the university and by getting the undergraduate diploma. If we want to see the changes of information security awareness of the students we have to make statistical analysis. Comparisons of the pre-test and post-test data were carried out by using Wilcoxon signed rank. Our question was: has any influence of the higher education on the information security awareness of the kindergarten teachers without any information security course? According to the table we can not see any significant improvements (Table 1.). Since there were no significant differences in information security awareness in the kindergarten teacher students group at the beginning of the academic study and at finishing. It can be assumed that the study in higher education had not any influence on the password using habits without information security course.

Conclusion
The result of our research shows the kindergarten teacher have low level information security awareness at the beginning of the study in the higher education.
This information security awareness of the kindergarten students did not changed until the study in the higher education, it means the study in higher education had not any influence on the password using habits without information security course.
The low level of the information security awareness of the kindergarten students is a high risk in the kindergarten to protect our children from kidnap, murder by allergy and so on.
We have to find the way to increase the information security awareness of the kindergarten students for build the live of the children in kindergarten more secure!