BBL: How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior
HCIL (2105 Hornbake, South Wing)
Few users have a single, authoritative, source from whom they can request digital-security advice. Rather, digital- security skills are often learned haphazardly, as users filter through an overwhelming quantity of security advice. By understanding the factors that contribute to users’ advice sources, beliefs, and security behaviors, we can help to pare down the quantity and improve the quality of advice provided to users, streamlining the process of learning key behaviors. In this work we rigorously investigated how users’ security beliefs, knowledge, and demographics correlate with their sources of security advice, and how all these factors influence security behaviors. Using a carefully pre-tested, U.S.-census-representative survey of 526 users, we present an overview of the prevalence of respondents’ advice sources, reasons for accepting and rejecting advice from those sources, and the impact of these sources and demographic factors on security behavior. We find evidence of a “digital divide” in security: the advice sources of users with higher skill levels and socioeconomic status dier from those with fewer resources. This digital security divide may add to the vulnerability of already disadvantaged users. We conclude with recommendations for combating the digital divide and improving the efficacy of digital-security advice.
Elissa Redmiles is a Ph.D. student in Computer Science at the University of Maryland. Her research focuses on usable security – the intersection between Cyber-security and Human Computer Interaction. Elissa was a 2015 Eric and Wendy Schmidt Data Science for Social Good Fellow at the University of Chicago. Prior to pursuing her Ph.D., she held Marketing Management and Software Engineering roles at IBM and completed her B.S. in Computer Science, cum laude, at the University of Maryland.