Informal Support Networks: an investigation into Home Data Security Practices

The widespread and rising adoption of information and communication technology in homes is happening at a time when data security breaches are commonplace. This has resulted in a wave of security awareness campaigns targeting the home computer user. Despite the prevalence of these campaigns, studies have shown poor adoption rates of security measures. This has resulted in proposals for securing data in the home built on interdisciplinary theories and models, but more empirical research needs to be done to understand the practical context, characteristics, and needs of home users in order to rigorously evaluate and inform solutions to home data security. To address this, we employ a two-part study to explore issues that influence or affect security practices in the home. In the first part, we conduct a qualitative Grounded Theory analysis of 65 semi-structured interviews aimed at uncovering the key factors in home user security practices, and in the second part we conduct a quantitative survey of 1128 participants to validate and generalise our initial findings. We found evidence that security practices in the home are affected by survival/outcome bias; social relationships serve as informal support networks for security in the home; and that people look for continuity of care when they seek or accept security support.

[1]  R. Fisher Social Desirability Bias and the Validity of Indirect Questioning , 1993 .

[2]  Lorrie Faith Cranor,et al.  Teaching Johnny not to fall for phish , 2010, TOIT.

[3]  Nicolas Christin,et al.  Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes , 2016, SOUPS.

[4]  Sajid Ahmed Khan,et al.  Improving Protection and Security Awareness Amongst Home User , 2016 .

[5]  E. McColl Cognitive Interviewing. A Tool for Improving Questionnaire Design , 2006, Quality of Life Research.

[6]  Zinta S. Byrne,et al.  The Psychology of Security for the Home Computer User , 2012, 2012 IEEE Symposium on Security and Privacy.

[7]  Peter Gutmann Applying problem-structuring methods to problems in computer security , 2011, NSPW '11.

[8]  Laura A. Dabbish,et al.  The Effect of Social Influence on Security Sensitivity , 2014, SOUPS.

[9]  Elissa M. Redmiles,et al.  How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior , 2016, CCS.

[10]  Ying Li,et al.  A Call For Research On Home Users' Information Security Behaviour , 2011, PACIS.

[11]  Rick Wash,et al.  Identifying patterns in informal sources of security information , 2015, J. Cybersecur..

[12]  Rick Wash,et al.  Stories as informal lessons about security , 2012, SOUPS.

[13]  B. Zumbo,et al.  Estimating Ordinal Reliability for Likert-Type and Ordinal Item Response Data: A Conceptual, Empirical, and Practical Guide. , 2012 .

[14]  L. Jean Camp,et al.  Pools, clubs and security: designing for a party not a person , 2012, NSPW '12.

[15]  Kregg Aytes,et al.  Computer Security and Risky Computing Practices: A Rational Choice Perspective , 2004, J. Organ. End User Comput..

[16]  M. Friedman A Comparison of Alternative Tests of Significance for the Problem of $m$ Rankings , 1940 .

[17]  Umesh Hodeghatta Rao Xavier,et al.  Study of internet security threats among home users , 2012, 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN).

[18]  Steven Furnell,et al.  Assessing the security perceptions of personal Internet users , 2007, Comput. Secur..

[19]  F. Wilcoxon SOME RAPID APPROXIMATE STATISTICAL PROCEDURES , 1950 .

[20]  J. Baron,et al.  Outcome bias in decision evaluation. , 1988, Journal of personality and social psychology.

[21]  Norbert Nthala,et al.  Rethinking Home Network Security , 2018 .

[22]  Rick Wash,et al.  Influencing mental models of security: a research agenda , 2011, NSPW '11.

[24]  Kat Krol,et al.  Productive Security: A Scalable Methodology for Analysing Employee Security Behaviours , 2016, SOUPS.

[25]  Paul Dourish,et al.  Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.

[26]  Elissa M. Redmiles,et al.  I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[27]  Elizabeth Furtado,et al.  Hey, I Have a Problem in the System: Who Can Help Me? An Investigation of Facebook Users Interaction When Facing Privacy Problems , 2015, HCI.

[28]  Mohammad Rahim,et al.  A Socio-Behavioral Study of Home Computer Users' Intention to Practice Security , 2005, PACIS.

[29]  Cormac Herley,et al.  So long, and no thanks for the externalities: the rational rejection of security advice by users , 2009, NSPW '09.

[30]  Alex Pentland,et al.  Social Information Leakage: Effects of Awareness and Peer Pressure on User Behavior , 2014, HCI.

[31]  A. Nederhof Methods of coping with social desirability bias: A review. , 1985 .

[32]  Laura A. Dabbish,et al.  Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation , 2014, CCS.

[33]  Sebastian Günther Folk Models of Home Computer Security , 2012 .

[34]  Karl N. Levitt,et al.  Towards the realization of a public health system for shared secure cyber-space , 2013, NSPW '13.

[35]  Sunny Consolvo,et al.  "...No one Can Hack My Mind": Comparing Expert and Non-Expert Security Practices , 2015, SOUPS.

[36]  Ivan Flechais,et al.  "If It's Urgent or It Is Stopping Me from Doing Something, Then I Might Just Go Straight at It": A Study into Home Data Security Decisions , 2017, HCI.

[37]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[38]  P. Biernacki,et al.  Snowball Sampling: Problems and Techniques of Chain Referral Sampling , 1981 .