Date of Completion
12-15-2017
Embargo Period
12-12-2018
Keywords
cybersecurity, psychology, emotions, social motivations, interventions
Major Advisor
Mohammad Khan
Associate Advisor
Ross Buck
Associate Advisor
Steven Demurjian
Field of Study
Computer Science and Engineering
Degree
Doctor of Philosophy
Open Access
Open Access
Abstract
Security is a priority to most, but studies show that users commonly fail to adopt recommended cybersecurity behavior. Researchers have looked to user factors for explanations of this gap, finding security and convenience to be common considerations, along with perceptions of risks and past experiences. Some have tried to alter user behavior, but are targeted at specific advice and focused on rational motivations to persuade users.
In this thesis, three expertly recommended cybersecurity advice (i.e., updating software regularly, using two-factor authentication, using a secure password manager) are deeply explored. These results inform the design of videos in a systematic study of novel cybersecurity interventions aimed at altering users’ behavior around these advices. First, users’ rational motivations around each, including social motivations are studied, and then each advice is studied with more in-depth instruments, including those that gathered users’ emotions in the varying contexts, which can influence decision-making.
These studies found that those who do not follow expert recommendations commonly see the risks in their decision as lower than those who do follow. Additionally, users rarely make social considerations in these contexts. Finally, negative emotions are found to be prevalent across many specific cases. These emotions may influence and trigger perceptions of negative past experiences, which in-turn hinders adoption. With these leads, novel video-based interventions are developed that incorporate appeals which address social motivations and emotions around cybersecurity advice. Awareness, perceptions, emotions, and behavior were measured before, immediately, two weeks, and one month after an intervention was delivered aimed at altering their behavior around one of the three test advices. This study finds that the emotion-based techniques may have merit since the groups which saw videos that used this approach had the largest and most sustained increases on variables that measured awareness and perceptions of benefits, costs, and risks. Also, the data demonstrates the role social motivations may have in cybersecurity behavior, showing the importance of both of these alternative approaches in this field.
Recommended Citation
Fagan, Michael, "Emotionally and Socially Aware Approaches to Understanding and Changing Users’ Cybersecurity Behavior" (2017). Doctoral Dissertations. 1663.
https://digitalcommons.lib.uconn.edu/dissertations/1663