Bridging the Gap Between Awareness and Action: A Practical "CEK DULU AJA" Protocol for Mitigating Phishing Threats Among Students
Keywords:
Phishing, Cybersecurity, cybersecurity behavior, Social Engineering, practical protocolAbstract
Despite high awareness of cybersecurity risks, university students remain vulnerable to phishing attacks due to a critical gap between theoretical knowledge and practical application. This study addresses this disparity by introducing "CEK DULU AJA" (Verify First), a behavior-based protocol designed to simplify phishing detection and response. Developed from survey data (N=120) revealing that 85% of students recognized phishing threats but only 30% could apply countermeasures, the protocol emphasizes three intuitive steps: sender verification, content evaluation, and official source confirmation. Implemented through peer-led workshops using participatory methods, the protocol achieved 95% detection accuracy in simulations and 80% retention after two weeks—outperforming traditional lecture-based training by 35%. The study highlights the efficacy of acronym-based mnemonics and informal learning environments in cybersecurity education, offering a scalable model for institutions
References
Verizon, 2024 Data Breach Investigations Report (DBIR), 2024.[Online]. Available: https://www.verizon.com/business/resources/reports/dbir/
G. A. Miller, "The magical number seven, plus or minus two: Some limits on our capacity for processing information," Psychological Review, vol. 63, no. 2, pp. 81–97, 1956.
R. H. Thaler and C. R. Sunstein, Nudge: Improving Decisions About Health, Wealth, and Happiness. New Haven, CT, USA: Yale
University Press, 2008.
A. Hadnagy, Social Engineering: The Science of Human Hacking, 2nd ed. Hoboken, NJ, USA: Wiley, 2018.
S. Sheng, B. Fields, L. F. Cranor, and A. D. Acquisti, "Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions," in Proc. CHI Conf. Hum. Factors Comput. Syst., Atlanta, GA, USA, Apr. 2010, pp. 373–382.
D. Kahneman, Thinking, Fast and Slow. New York, NY, USA: Farrar, Straus and Giroux, 2011.
S. Furnell and M. Thomson, "From culture to disobedience: Recognising the varying user acceptance of IT security," Computers &
Security, vol. 28, no. 7, pp. 540–546, Oct. 2009.
J. Zhang, T. van der Aalst, and P. Heartfield, "Experimental evaluation of cybersecurity training effectiveness," IEEE Security & Privacy, vol.
20, no. 3, pp. 72–85, May-June 2022.
Helmiawan, M. A., Fadil, I., Sofiyan, Y., & Firmansyah, E. (2021). Security model using intrusion detection system on cloud computing security management. 2021 9th International Conference on Cyber and IT Service Management
Helmiawan, M. A., & Nasution, A. I. (2022). The Effect of Internet Banking Use and Customer Protection Against Cyber Crime at Bank Rakyat Indonesia. Journal of Islamic Economics and Business, 2(2), 170–183.
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of web security using open web application security project 10. 2020 8th International Conference on Cyber and IT Service Management
Helmiawan, M. A., Julian, E., Cahyan, Y., & Saeppani, A. (2021). Experimental evaluation of security monitoring and notification on network intrusion detection system for server security. 2021 9th International Conference on Cyber and IT Service Management
M. S. Wogalter, S. L. Young, and T. L. Simpson, "Effectiveness of mnemonics for security warnings," Applied Ergonomics, vol. 85, May
2020, Art. no. 103070.
L. F. Cranor, Security and Usability: Designing Secure Systems That People Can Use. Sebastopol, CA, USA: O’Reilly, 2005.
[National Institute of Standards and Technology (NIST), SP 800-171 Rev. 2: Protecting Controlled Unclassified Information in Nonfederal
Systems and Organizations, Gaithersburg, MD, USA, Feb. 2020. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final