Researchers find a telling relationship between who gives online privacy and cybersecurity advice and the number of internet-based security incidents experienced by the recipient of the advice.
Advice on the internet flows freely. With so much information available, how does one know what to believe?
For example, there is still significant confusion regarding the now defunct FCC regulation requiring ISPs to get permission from their customers before they collect web-browsing data. So who do we trust to give good advice about being safe and private on the internet?
SEE: The real reason behind the new law for ISPs and what it means for internet users (TechRepublic)
The need for good cybersecurity advice
Elissa Redmiles, a Ph.D. student in computer science at the University of Maryland, wrote a commentary for The Conversation titled Can better advice keep you safer online? in which she offers insight about who to trust when it comes to cybersecurity advice.
"One key to staying safer online may be getting advice from the right places—people and sources with accurate, helpful information that can let you take control of your online privacy and security," writes Redmiles. "My research, in collaboration with Sean Kross (Johns Hopkins University) and Michelle Mazurek (University of Maryland), explores where people get their advice about online security, and how useful it actually is."
SEE: Your internet history is now for sale. Here's how you can protect it. (TechRepublic)
Redmiles, Kross, and Mazurek used a survey of 3,000 internet users who are in the US to determine where people receive their advice about online security and privacy. The researchers published their findings in the paper Where is the Digital Divide? A Survey of Security, Privacy, and Socioeconomics (PDF).
"We found that no matter how wealthy or how poor a person is, no matter her education level, the speed of her internet service or whether she has a smartphone, a person's online safety is closely related to where, and from whom, she gets advice about online security," reports Redmiles. "Approximately 70 percent of Americans learn about online security behaviors as a result of advice shared by friends, family and co-workers, or on websites they visit."
Ask a librarian—they know best
Figure A provides a comparative overview of the respondents' advice sources and the percentages of respondents who were eventually victims of an online security/privacy issue.
In her commentary, Redmiles offered the following additional information.
- 38% of people surveyed received privacy and security advice from friends and relatives; 49% of those people reported at least one online security incident.
- 20% of the survey's participants took advice from coworkers; 25% of those people reported an online security incident.
- 25% of those surveyed who took advice from websites report fewer incidents than those who took advice from friends and coworkers.
- 14% of people who took advice from a government website reported an online safety problem.
One of the findings by Redmiles, Kross, and Mazurek of particular interest is that 13% of people participating in the survey received advice from teachers or librarians, and of those only 8%—the lowest percentage reported—had an online safety problem.
"Our findings also suggest that librarians are underutilized but potentially very valuable sources of online safety information," explains Redmiles. "We asked local librarians for a few suggestions of good resources for getting started with protecting your information. They recommended Get Started With Privacy and Security Starter Pack & Tutorials as good first steps to making an online security plan."
To help keep children safe while online, Redmiles mentions the librarians recommended the National Cyber Security Alliance website, with security and privacy activities and information for kids and parents.
Think critically about any advice received
With so much security advice available, Redmiles suggests people should not accept any answer wholesale, and follow these recommendations instead.
- When seeking advice from coworkers, friends, and family, ask how they learned about this information.
- Think critically about the advice received.
- Ask if the answers agree with advice from other sources.
- Seek out people working in internet or technology fields who can offer their suggestions and/or perspectives about advice from other sources.
Redmiles, Kross, and Mazurek feel strongly that there is a strong relationship between respondents' security and privacy experiences and advice sources; however, the details are murky. "The direction of this relationship is unclear: do people receive bad advice that leads to worse experiences, or do they wait to seek advice until after a negative experience?" explain the researchers. "We hypothesize some of both."
What is crystal clear to the three authors is that the current advice ecosystem is not working and should be reevaluated.
- 5 data security and privacy tips for iOS (TechRepublic)
- 9 privacy and security errors startups can't afford to make (TechRepublic)
- 5 mobile security precautions nobody should ignore (TechRepublic)
- Are users right in rejecting security advice? (TechRepublic)
- Security awareness and training policy (Tech Pro Research)