Use of computers and the Internet is an integral part of our lives, with business becoming more digital. As a result, individuals are using their home computers to perform diverse tasks and to store sensitive data. This paper investigates the relative efficacy of two strategies to protect home computers from security threats: security tools and...
How to keep your information secure? Toward a better understanding of users security behavior
Encouraging organisational information security incident reporting
21st-century organisations can only learn how to respond effectively to, and recover from, adverse information security incidents if their employees report any incidents they notice. This should happen irrespective of whether or not they themselves triggered the incident. Organisations have started to inform their employees about their incident reporting obligations. However, there is little research...
Nothing ventured, nothing gained. Profiles of online activity, cyber-crime exposure, and security measures of end-users in European Union
We use large-scale survey data from the Eurobarometer 77.2/2012 to explore variability in online activity, cyber-crime exposure, and security measures of end-users in European Union (EU27). While cyber-security is a high-priority activity for security experts and researchers, end-users conduct it in the context of their daily lives, as a socially accountable and resource-limited activity. We...
Human-centric cybersecurity research: From trapping the bad guys to helping the good ones
The issue of cybersecurity has surged in importance in recent years due to numerous high-profile incidents, hacking attempts, and data breaches that have captured headlines. The continuous rise in cyber incidents suggests the need for a reevaluation of how we perceive cybersecurity and whether a shift in mindset is warranted. In essence, cybersecurity is fundamentally...
Securing mobile devices: Evaluating the relationship between risk perception, organisational commitment and information security awareness
This study examined the relationship between perception of risk, organisational commitment, and Information Security Awareness (ISA), finding both organisational commitment and perception of personal risk to be significant predictors of ISA. Surprisingly, frequency of workplace information security training negatively affected ISA.
Don’t make excuses! Discouraging neutralization to reduce IT policy violation
Past research on information technology (IT) security training and awareness has focused on informing employees about security policies and formal sanctions for violating those policies. However, research suggests that deterrent sanctions may not be the most powerful influencer of employee violations. Often, employees use rationalizations, termed neutralization techniques, to overcome the effects of deterrence when...
Password management strategies for online accounts
Given the widespread use of password authentication in online correspondence, subscription services, and shopping, there is growing concern about identity theft. When people reuse their passwords across multiple accounts, they increase their vulnerability; compromising one password can help an attacker take over several accounts. Our study of 49 undergraduates quantifies how many passwords they had...
Where did they go wrong? An analysis of the failure of knowledgeable Internet consumers to detect deception over the internet
This paper uses an information-processing model of deception detection to understand the reasons underlying Internet consumers' success and failure at detecting forms of intentional deception that occur on the Internet. Eighty MBA students visited either a real commercial site or a deceptive copycat (“page-jacking”) site. The deceptive site was identical to the clean site except that...