How I learned to be secure: A census-representative survey of security advice sources and behavior

Rarely do users have a single, reliable source for soliciting advice on digital security. More often, the acquisition of digital security skills is a sporadic process, as users sift through an excess of security advice. A deeper understanding of the factors that shape users’ sources of advice, beliefs, and security behaviors could allow for the refinement and reduction of the advice given, thereby streamlining the process of acquiring key behaviors. This research thoroughly examines the correlations between users’ security beliefs, knowledge, and demographics, their advice sources, and how these aspects influence security behaviors. Utilizing a meticulously pre-tested survey, representative of the U.S. census, from 526 users, we provide an overview of the common sources of advice, reasons for accepting or rejecting advice from these sources, and the influence of these sources and demographic factors on security behavior. Our findings indicate a “digital divide” in security: Users with superior skill levels and socioeconomic status have different advice sources than those with fewer resources. This divide in digital security may exacerbate the vulnerability of already disadvantaged users. Additionally, we corroborate and extend findings from previous small-sample studies about the reasons users accept certain digital-security advice (for instance, due to trust in the source rather than the content) and reject other advice (for instance, due to its inconvenience and the presence of excessive marketing material). We end with suggestions for addressing the digital divide and enhancing the effectiveness of digital-security advice.