Where do Older Adults Get Their Cybersecurity Information?
This article summarises a paper authored by James Nicholson, Lynne Coventry, and Pamela Briggs. This paper will be presented at CHI 2019, a conference of Human-Computer Interaction, on Tuesday 7th May 2019 at 16:00 in the session Security Perceptions.
Summary:
Can radio be the answer for helping older users stay up-to-date with cybersecurity information and events? Our research suggests that older users do not always turn to the most appropriate sources of information when it comes to cybersecurity advice, so it is important to make sure that they have high quality and reliable information available to protect themselves.
Context:
Stopping the bad guys from stealing your information and money over the internet is one of the biggest issues facing people today. In fact, on average a computer is attacked every 39 seconds. If you consider the three types of cybercrime which impact individual citizens (identity theft, online scams, and scareware), the overall estimated cost of cybercrime to UK citizens is £3.1 billion per annum. With the popularity of internet-connected devices increasing (for example Amazon Echos and Google Homes), the problem of cybersecuritywill only get worse and the risk of losses will increase.
Knowing what the issues are, and how to prevent them, is essential for protecting yourself from cybersecurity attacks. A lot of this knowledge is learned from training awareness programmes at work, or by asking knowledgeable others (for example friends who specialise in computer security).
Older adults (those aged over 60 years old) are increasingly becoming the target for cyberattacks and scams. They are the fastest-growing demographic to adopt internet-connected devicesand an attractive target with savings, valuable data and less awareness than other age groups may have. However, we know relatively little about their understanding of cybersecurity, how they search for cybersecurity information, and what sources they trust.
Our Research:
We interviewed 22 older internet users (average age was 72 years old) from the north east of England with the goal of understanding who they turn to for cybersecurity information and advice, and who they trust the most when it comes to taking action.
One of the most important things that we found was that — unlike younger people who prioritise expertise of the source over all other criteria — older people prioritise the availability of the source over everything else. This is a problem as it means they may not be approaching the most qualified people to fix cybersecurity issues, but instead they are asking people who can provide an answer quickly.
Another important finding was that our older participants — who used the internet for finding all sorts of information — avoided using the internet for cybersecurity information. This is key because the web is an important and convenient source of information for the general population. The web is also a key platform for cybersecurity information sharing by organisations such as the National Cyber Security Centre(NCSC), and it appears that such communications may not be effective for this group of adults.
Conclusions:
With this in mind, it is important to consider how to make good quality, reliable cybersecurity information available to older users. An underexplored medium is radio, which our sample of older users utilised heavily, and it may be “always-on” in some homes. We need to look more into how such age-specific mediums can be used for giving older users appropriate helpful information, rather than the typical scaremongering cybersecurity news coverage.
Read our full findings in our paper “If it’s Important it will be a Headline”: Cybersecurity Information Seeking in Older Adults: https://doi.org/10.1145/3290605.3300579
Sources:
Anderson, M. & Perrin! A. (2017). Tech Adoption Climbs Among Older Adults. Pew Research Center. Available: https://www.pewinternet.org/2017/05/17/tech-adoption-climbs-among-older-adults/
Detica. (2011.) The Cost of Cybercrime. Report Available Online: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/60943/the-cost-of-cyber-crime-full-report.pdf
Nicholson, J., Coventry, L., & Briggs, P. (2018). Introducing the cybersurvival task: assessing and addressing staff beliefs about effective cyber protection. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018) (pp. 443–457).
Ramsbrock, D., Berthier, R., & Cukier, M. (2007). Profiling attacker behavior following SSH compromises. In 37th Annual IEEE/IFIP international conference on dependable systems and networks (DSN’07)(pp. 119–124). IEEE.
National Cyber Security Centre: www.ncsc.gov.uk
