Cybersecurity Vulnerability Behavior Scale in College During the Covid-19 Pandemic

The penetration of Indonesian internet users in first quarter of 2020 has increased by 17 percent compared to 2019. Based on Google Consumer Barometer in 2018, many 79% of Internet users in Indonesia use the internet on a daily basis. During the Covid-19 Pandemic, universities had to do Study From Home and Work From Home. This resulted, use of information technology and computers also increasing. This increase will have an impact on the level of cybercrime vulnerability. The scale of cyber vulnerability is needed to measure level of cybersecurity in universities, especially in data managers. The Risk Cybersecurity Behavior Scale (RScB) is the result of input from digital forensic investigators and law enforcement. Developed further and adapted to the conditions of college or universities in Indonesia. From this, the cyber vulnerability scale is formed. There are five scales, Very Safe, Safe, Vulnerable, Very Vulnerable, and Dangerous. Where the scale is used in negative and positive statements. From the measurement of the questionnaire based on the Risky Cybersecurity Behavior Scale model, the Cronbach Alpha value is 0.721 or has a reliable status. The results show an average value of 3.3 or a vulnerable scale. Total average value of negative statements is 2.53 or scale close to vulnerability. So it is necessary to socialize the importance of cybersecurity to minimize occurrence of cybercrime. Keywords— Cybersecurity, RScB, Vulnerability Scale, Cybercrime, Covid-19


INTRODUCTION
The penetration of internet users in Indonesia has always increased every year. Research released by Hotsuite and We Are Social in January 2020 states that the number of internet users in Indonesia has reached 175.4 million people. Meanwhile, total population of Indonesia is around 272.1 million. This number has increased by 17 percent compared to 2019, or around 27 million users [1]. From the same source, it is stated that the largest internet usage dominates on smartphones and social media devices. Based on the Google Consumer Barometer in 2018, 79% of Internet users in Indonesia use the internet on a daily basis [2].
At the end of 2019 the world was shocked by the emergence of the Coronavirus Disease 19 or Covid-19 pandemic which caused several regions in Indonesia forced to lockdown starting April 2020. Some activities outside the home must be stopped and replaced with Work From Home (WFH). Even the education sector, it was also affected, forcing them to Study From Home (SFW).
Of course, the existence of Work From Home (WFH) and Study From Home (SFH) causes an increase in Indonesia internet uses for the first quarter of 2020. The increasing use of internet will cause an increase in cybercrime. Changes in work practices and socializing make many people spend their time online. Apart from that, the unemployment rate has also increased, which means it is likely that some of these people will turn cybercrime to keep earning income [3] [4].
Many important data stored as educational transactions in the college. Starting from the identity of lecturers, students and lecture activities. Of course, college database manager, an administrator must understand the importance of data and information security in using computer devices. If not, it will result in the inability of the agency to deal with cybercrime. Especially during the Covid-19 pandemic, the use of information technology and computers has increased. So that the need for vigilance from data managers.
Risky Cybersecurity Behaviors Scale (RScB) is a method for calculating the risk level of potential cybercrimes by assessing the linkert scale. Where in items related to computer use, internet, social media, use of online storage and exchanging information. With the existence of cybersecurity behavior assessment, it can be a reference for increasing cyberattack awareness in College. With the existence of cyber crime vulnerability assessment in the education sector, later it can provide referrals as suggestions or references in providing cyber crime mitigation policies in higher education.
Paradigm shift is critical to the effectiveness of cybersecurity techniques and practices. Since most cyber incidents are human-caused, this shift requires research that extends to unexplored areas such as aspects of cybersecurity behavior. It is more important to focus on social and behavioral problems to improve the current situation. This paper is an attempt to provide an overview of relevant theories and principles, and provides insights including an interdisciplinary framework that incorporates behavioral cybersecurity. Measurement of information security awareness and data privacy on Android Smartphone users has also been carried out with an information security awareness level of 71% and 76% privacy. In its measurement, it uses the dimensions of Attitude, Knowledge and Behavior towards Smartphone use [8]. Information security awareness also attacks users of smartphones and other mobile devices. It is proven that many smartphone users have banking applications in it. In addition, the fraudulent model still occurs via SMS, telephone or Financial Technology [9].
In the behavior theory and cybersecurity rules mentioned by DNV-GL Cybersecurity, one of the core cybersecurity concepts is people. First, it is important for all stakeholders in college to be aware of their role in preventing and reducing cyber threats, be it understanding sensitive data, or understanding phishing e-mails. Second, in the case of specialized technical security staff, updating their skills and qualifications to ensure that appropriate controls, technology and practices are in place to prevent cyber threats is critical to an organization's ability to prevent cyberattacks [10].

A. College or University Data Center
Based on Presidential Decree number 11 of 2020 concerning Determination of COVID-19 public health emergencies in Indonesia, which requires countermeasures in accordance with statutory provisions, the Directorate General of College has implemented various strategies to carry out these efforts. To avoid the spread and spread of the Covid-19 Pandemic, a policy of work, worship and study from home has been issued. Face-to-face learning is transformed into online learning [9].
The College Data Center is the main data which contains data on students, lecturers and teaching and learning activities. Important data is stored starting from personal data, name of birth, mother, place of birth date, address and contact information.

B. Risky Cybersecurity Behaviors Scale (RScB)
Risk Cybersecurity Behaviors Scale (RCsB) refers to the Security Behavior Intentions Scale (SeBIS). This scale was created with input from Digital Forensic investigators and Law Enforcement Risky Cybersecurity Behaviors Scale (RScB) sebagain merujuk pada Security Behavior Intentions Scale (SeBIS). [10].
The questionnaire asks participants to rate themselves regarding their behavior in using computer technology by selecting a scale of 0-5 (where 0 = Never and 5 = Very Often). The final scale includes 20 items with possible scores ranging from 0-150. A higher RScB score indicates an individual at risk of engaging in cybersecurity behavior. In this study, all 20 items have a mean value of 27.72, standard deviation of 14.81 and Cronbach  of 0.823 which indicates that the questionnaire items are very reliable [11]. The complete list of items for the Risky Cybersecurity Behaviors Scale (RScB) is shown in Table  I. Sharing passwords with friends and colleagues.

2
Using or creating passwords that are not very complicated (e.g. family name and date of birth).

3
Using the same password for multiple websites.

4
Using online storage systems to exchange and keep personal or sensitive information.

5
Entering payment information on websites that have no clear security information/certification 6 Using free-to-access public Wi-Fi

7
Relying on a trusted friend or colleague to advise you on aspects of online-security.

8
Downloading free anti-virus software from an unknown source.

9
Disabling the anti-virus on my work computer so that I can download information from websites.

10
Bringing in my own USB to work in order to transfer data onto it.

11
* Checking that software for your smartphone/tablet/laptop/PC is up-to-date.

12
Downloading digital media (music, films, games) from unlicensed sources

13
Sharing my current location on social media.
14 Accepting friend requests on social media because you recognise the photo.

15
Clicking on links contained in unsolicited emails from an unknown source.

16
Sending personal information to strangers over the Internet.

17
Clicking on links contained in an email from a trusted friend or work colleague.

18
* Checking for updates to any anti-virus software you have installed.

19
Downloading data and material from websites on my work computer without checking its authenticity. In processing the questionnaire data, there are several steps that must be passed. Starting from data entry into the computer, normalization, validity and reliability testing, descriptive analysis to hypothesis testing. Descriptive statistics are useful for describing the summary of research data such as mean, standard deviation, variance, mode, minimum, maximum and total number [12] [13].

III. RESULT AND DISCUSSION
Data collection was carried out with vulnerability during April -June 2020 or peak of the Covid-19 Pandemic. Where several regions are implementing lockdowns and are currently Worfk From Home (WFH). The respondents were the managers or administrators of the Database College in LLDIKTI 6 Central Java Region, without any educational level restrictions.
In this questionnaire model, additional variables are carried out based on the Risk Cybersecurity Behavior Scale (RScB) or in Table 1, to further clarify the behavior of Internet and computer users. The addition this variable is by looking at the activities of using information technology and computers during the Covid-19 Pandemic. Five (5) groups will be formed, namely, behavior using passwords, data and information access behavior, device and internet or network usage behavior, social media behavior and behavior using smartphone devices. The total number of question items (Q) is 33, it can be shown in Table II   TABLE II. CYBERSECURITY BEHAVIOR QUESTIONNAIRE ITEMS

Q1.1 b)
Sharing passwords with friends and colleagues.

Q1.2 b)
Using or creating passwords that are not very complicated (e.g. family name and date of birth).

Q1.3 b)
Using the same password for multiple account.

Q1.4 a)
Using two-step password verification (OTP, SMS, Authenticator) Q1.5 a) Log out the account after use Q1. 6 Save Passwords in the web browser Displays personal information on social media profiles Q4. 4 Provide posts to social media regularly every day Q4.5

B. Behavior of Data and Information Access
Repost (repost) without confirmation of correctness Q4. 6 Using more than one social media Q4.7 Using social media for business / selling E. Behavior of Using Smartphone Devices Variable Items Q5. 1 Using a smartphone with the Android operating system Q5. 2 Unlock system access rights (ROOT / JAILBRAKE) Smartphone Q5.3 a) Use a PIN / Password combination to unlock a smartphone device Q5. 4 Activating Smartphone GPS Q5. 5 Enable Smartphone Auto Syncronization Q5. 6 Lend a smartphone to a friend a

) Positive Value b) Items From RScB Scale
Scale is needed to determine the measurement value. Each item variable uses a linkert scale to measure individual behavior by responding for 5 choice points, namely 1) Very Never, 2) Never, 3) Never, 4) Often and 5) Very Often. The results of the scale of each variable will relate to the level of cybersecurity vulnerability. In behavior with positive value on very frequent scale, it will indicate cybersecurity vulnerability is very safe of cyberattack. Meanwhile, behavior with a negative value on a very frequent scale will indicate dangerous cyber vulnerability. As shown in Table III   TABLE III Reliability test is needed to measure the accuracy of measurement results. This is very important so that the questionnaire (Table II) used as a data collection tool is truly reliable.  On Table V, the mode value for each variable will be analyzed. The Mode is value that most often appears in the results of the questionnaire answers. The purpose this analysis is to determine the level of cybercrime vulnerability in each behavior group.

A. Analysis of Using Password Behavior
There are 6 (six) questionnaire statements in the behavior of using passwords. There are 2 (two) positive statements and 4 (four) negative statements. For positive statements, Q1.4 (using two-step verification) and Q1.5 (log out account after use) have a mode value of 5 (Very often). Statements to pay attention to are the Q1.3 statement (using the same password for multiple accounts) with a value of 4 (Often) and Q1.6 (saving passwords in the browser) with a value of 3 (ever).
Based on the scale of vulnerability in Table III, respondents are in the vulnerable category of cyber attacks in terms using passwords for several accounts and the confidentiality passwords stored in a web browser.

B. Analysis of Data and Information Access Behavior
In data and information access behavior with a statement of 7 (seven), there is an indication of cybersecurity vulnerabilities in statements Q2.1 (using an online storage system to exchange and store information), Q2.2 (storing important data without passwords in online storage) and Q2.5 (downloading data / files from the site without checking authenticity).

C. Analysis of Using Internet Devices / Network Access Behavior
The results of internet usage behavior show Q3.1 (using free wifi to access important information), Q3.3 (downloading data / files from illegal sources), Q3.4 (using illegal / pirated applications / software) and Q3.5 (sharing folders / files between computers) are vulnerable to cyber attacks. In addition, in Q3.2 (using free antivirus) it is in the very vulnerable category for users to experience cyber attacks..

D. Analysis of Social Media Behavior
Social media behavior shows vulnerable level in Q4.3 (displaying personal information on social media profiles), Q4.6 (using more than one social media) and Q4.7 (using social media for business / selling).

E. Analysis of Using Smartphone Behavior
Smartphone physical device security with PIN / Password (Q5.3) entered at a very secure level. Respondents' results show very often (5) in using PIN / Password on their smartphone. This statement is a positive statement.
The negative statement results in Q5.4 (activating the Smartphone GPS) shows a dangerous level with a value of 5 (five). Whereas in the negative statement Q5.5 (activating autosynconization) shows that the level is very vulnerable with a value of 4 (four). In Figure 1, you can see the distribution of statements with levels from vulnerable to dangerous. Where the average value is 3,3 or categorized as vulnerable to cyberattacks. Meanwhile, the average value of all negative statements in Table 1 is 2,53 or falls into the near vulnerable category.

IV. CONCLUSION
The questionnaire variable formed based on the Risk Cybersecurity Behaviors Scale (RCsB) have Cronbach  is 0.721 or the reliability is accepted.
The increasing level information technology and computer use during the Covid-19 Pandemic will affect the scale of cybercrime vulnerability behavior. There are 33 cybersecurity behavior statements with 30 negative statements and 3 positive statements. Of the 30 negative statements, 15 statements resulted in values from vulnerable to very vulnerable ( Figure  1). The average value of cybersecurity is 3,3 or in the vulnerable category. While the average value of negative statements is 2,53 with the category approaching vulnerable. This assessment is based on the answers of 34 respondents from the LLDIKTI 6 Central Java Region.
Future research needs to analyze the relationship between categories. In addition, respondents are not limited to administrators only, but also to all components of college. Information about cybersecurity also needed to minimize the cybercrime.