User Perception of Data Breaches
暂无分享,去创建一个
Background: Data breaches happen when an unauthorized party gains access to personally identifiable information. They are becoming more common and impactful, raising serious concerns for individuals as well as companies. Literature review: Although there is considerable literature on users’ mental models in security and privacy, there has been limited study of mental models related to data breaches. Research questions: 1. How do users understand data breaches? 2. What are their perceptions of the causes, responsibilities, and consequences, as well as possible prevention and appropriate follow up? Methodology: We explored end-user understanding of internet data breaches by conducting a study with 35 participants. They were asked to draw their understanding of data breaches and answer some open-ended and closed-ended questions afterwards. Results/discussion: Although their drawings varied in detail and complexity, we identified four patterns in the participants’ drawings: they illustrated abstractions of attacks to gain administrator access, end-user access, backdoor access, or access using database server vulnerabilities. We found that participants had a basic model of how an internet data breach happens, but with significant uncertainties regarding system vulnerabilities, causes, consequences, prevention methods, and follow-up steps after a breach. Conclusions: In all, end-user mental models of internet data breaches are basic and show gaps that emphasize the need for improved communication to increase users’ awareness and help them hold companies accountable.