Interventions over smart card swiping behaviour

Background. A social influence of a messenger or the broken-window effect may impact the compliance level for security policies [11, 19, 26]. Aim. We investigate the effect of socio-environmental interventions on smart card swiping behaviour. Method. We conducted a study with three conditions in a between-subjects design on a sample of N = 54 university students owning a university-issued access-control smart card. In all three groups, participants were asked to complete a set of Capture the Flag challenges in our Cyber Security Room where they had no Internet access. Outside of the room, the participants could access the Internet. Thereby, participants were compelled to leave and enter the room, without disclosing the experiment purpose. We asked participants to swipe their smart card on entering and exiting the Cyber Security Room. The Control group had no intervention. The Discrete+ experiment group was exposed to a Messenger influence [11]. The Continuous- experiment group was exposed to an untidy Cyber Security Room, which was inspired by the broken-window Theory [26]. We measured swiping behavior on entry and exit, computing total swipes and swipe rate ratio as key metrics subjected to an Analysis of Variance. Results. We found a statistically significant large effect of the Continuous- intervention, that is, the broken-window effect impacting the total swipe rate negatively, Hedges' g = -1.04, 95% CI [-1.78, -0.28]. Conclusion. While having observed a negligible effect size between the Control and Discrete+ groups, we acknowledge that the swipe rate was high for both of these groups. From the effect size of the Control group and Continuous- group, we offer evidence towards an untidy area and lack of compliance for security policies.

[1]  J. Wilson,et al.  BROKEN WINDOWS: THE POLICE AND NEIGHBOURHOOD SAFETY , 1982 .

[2]  Tamara Dinev,et al.  Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture , 2012, Decis. Sci..

[3]  F. H. Hankins,et al.  The Psychology of Social Norms , 1937 .

[4]  Ajinkya Kulkarni,et al.  Reciprocity attacks , 2011, SOUPS.

[5]  L. Doob The psychology of social norms. , 1937 .

[6]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[7]  R. Cialdini,et al.  Social influence: Social norms, conformity and compliance. , 1998 .

[8]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[9]  H. Gainforth,et al.  ABC of Behaviour Change Theories , 2014 .

[10]  Applying Behavioural Insights to Organ Donation: preliminary results from a randomised controlled trial , 2013 .

[11]  Benno Torgler,et al.  Are Academics Messy? Testing the Broken Windows Theory with a Field Experiment in the Work Environment , 2010 .

[12]  R. Cialdini Pre-Suasion: A Revolutionary Way to Influence and Persuade , 2016 .

[13]  S. Asch Opinions and Social Pressure , 1955, Nature.

[14]  Chris Arney Nudge: Improving Decisions about Health, Wealth, and Happiness , 2015 .

[15]  M. Angela Sasse,et al.  The compliance budget: managing security behaviour in organisations , 2009, NSPW '08.

[16]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[17]  Ben Green,et al.  Does 'cyber-conformity' vary cross-culturally? Exploring the effect of culture and communication medium on social conformity , 2007, Comput. Hum. Behav..

[18]  John Leach,et al.  Improving user security behaviour , 2003, Comput. Secur..

[19]  Aad P. A. van Moorsel,et al.  Nudging towards security: developing an application for wireless network selection for android phones , 2015, BCS HCI.

[20]  Michael Luca,et al.  Behavioural Insights Team (A) , 2015 .

[21]  C. Kubrin,et al.  New Directions in Social Disorganization Theory , 2003 .

[22]  P. Dolan,et al.  MINDSPACE: influencing behaviour for public policy , 2010 .

[23]  T. Leonard,et al.  Richard H. Thaler, Cass R. Sunstein, Nudge: Improving decisions about health, wealth, and happiness , 2008 .

[24]  Tom Fordyce,et al.  Investigation of the effect of fear and stress on password choice , 2018, STAST '17.

[25]  Robert West,et al.  The Behaviour Change Wheel: A Guide To Designing Interventions , 2014 .

[26]  Alexandre Padilla Review of Richard H. Thaler and Cass R. Sunstein, Nudge: Improving decisions about health, wealth, and happiness , 2009 .

[27]  Charles Morisset,et al.  Influence tokens: analysing adversarial behaviour change in coloured petri nets , 2016, STAST.

[28]  Shashi Shekhar,et al.  Environmental Criminology , 2008, Encyclopedia of GIS.

[29]  Noah E. Friedkin,et al.  A Structural Theory of Social Influence: List of Tables and Figures , 1998 .