The news is full of stories about "cyber security," particularly within the context of international espionage. However, cyber security is also an issue that starts right at home. Everyone who enters personal or business-confidential data that is accessible through the Internet needs to take certain precautions.
So how do home-based users make security decisions on a routine bases? That's what a study being funded by the National Science Foundation and conducted by our Behavior Information Technology laboratory (BITLab) is set to find out.
More than 80 million households in the U.S. alone have a computer with an Internet connection. According to Assistant Professors Emilee Rader and Rick Wash, who are heading up the research project, many of these users have little computer security knowledge or training and quite frankly, often avoid making security decisions.
User decisions are guided by how they think about computer security, their "mental models." The goal of the study is to better understand what influences these mental models and identify ways for non-technical users to properly protect themselves and make good cyber security decisions, without having to become a "security expert."
With the help of five student research assistants, the team is initially focusing on two hypotheses: 1) stories about experiences have a larger influence on behavior than behavioral advice; and 2) information from friends and colleagues has a stronger influence on mental models, and therefore behavior, than information from security experts.
A good example of how this comes to play is when a software or social media company announces an upgrade. Oftentimes those upgrades are bundled with new features or a graphical user interface that changes the look of the program. Perceptions that these new features are another way for companies to collect marketing information, or the simple desire to hold on to the familiar, can contribute to a decision to forgo a security update. As a result, home-based computer users may dismiss the whole package of upgrades, leaving themselves vulnerable to potential hackers.
Throughout the study, reasons that home computer users choose not to act securely will be documented. Finally, the project will explore ways to encourage behaviors that support secure systems. Additionally, the research tools created for this project, survey instruments and security behavior measurement software, can be used by other cyber security researchers.
What we know now is that current education campaigns are failing to effect widespread changes for non-technical computer users. To address this issue, it will not only take more secure technology, there will have to be behavioral changes as well.
Taking on this type of challenge is exactly how CAS researchers within the BITLab and across our college have built an international reputation of research excellence. We have an impressive track record of being able to effectively identify the mental models behind human behavior and then effectively developing ways to influence that behavior, whether that means more secure computer use, safer drivers, or a healthier population.
Congratulations to our BITLab team for securing funding from NSF for this project! I look forward in future blogs to sharing more examples of how CAS faculty and students are conducting research that impacts lives.Share via these networks: