Researchers find a telling relationship between who gives online privacy and cybersecurity advice and the number of internet-based security incidents experienced by the recipient of the advice.
Advice on the internet flows freely. With so much information available, how does one know what to believe?
For example, there is still significant confusion regarding the now defunct FCC regulation requiring ISPs to get permission from their customers before they collect web-browsing data. So who do we trust to give good advice about being safe and private on the internet?
The need for good cybersecurity advice
Elissa Redmiles, a Ph.D. student in computer science at the University of Maryland, wrote a commentary for The Conversation titled Can better advice keep you safer online? in which she offers insight about who to trust when it comes to cybersecurity advice.
"One key to staying safer online may be getting advice from the right places—people and sources with accurate, helpful information that can let you take control of your online privacy and security," writes Redmiles. "My research, in collaboration with Sean Kross (Johns Hopkins University) and Michelle Mazurek (University of Maryland), explores where people get their advice about online security, and how useful it actually is."
Survey says
Redmiles, Kross, and Mazurek used a survey of 3,000 internet users who are in the US to determine where people receive their advice about online security and privacy. The researchers published their findings in the paper Where is the Digital Divide? A Survey of Security, Privacy, and Socioeconomics (PDF).
"We found that no matter how wealthy or how poor a person is, no matter her education level, the speed of her internet service or whether she has a smartphone, a person's online safety is closely related to where, and from whom, she gets advice about online security," reports Redmiles. "Approximately 70 percent of Americans learn about online security behaviors as a result of advice shared by friends, family and co-workers, or on websites they visit."
Think critically about any advice received
With so much security advice available, Redmiles suggests people should not accept any answer wholesale, and follow these recommendations instead.
- When seeking advice from coworkers, friends, and family, ask how they learned about this information.
- Think critically about the advice received.
- Ask if the answers agree with advice from other sources.
- Seek out people working in internet or technology fields who can offer their suggestions and/or perspectives about advice from other sources.
Unclear conclusions
Redmiles, Kross, and Mazurek feel strongly that there is a strong relationship between respondents' security and privacy experiences and advice sources; however, the details are murky. "The direction of this relationship is unclear: do people receive bad advice that leads to worse experiences, or do they wait to seek advice until after a negative experience?" explain the researchers. "We hypothesize some of both."
What is crystal clear to the three authors is that the current advice ecosystem is not working and should be reevaluated.
No comments:
Post a Comment