Non-expert computer users frequently face security-related decisions, and while their choices are often not optimal, they are not random. This raises the question: what informs these decisions? Our research posits that these decisions are largely influenced by stories shared by others. Through a survey involving open and closed questions about security stories, we discovered that most individuals glean lessons from informal security incident narratives shared by friends and family. These narratives shape people’s security perceptions and impact their subsequent security-related decision-making. Moreover, many individuals relay these stories to others, suggesting that a single narrative can potentially influence multiple people. By understanding how non-experts learn from these stories and the types of narratives they learn from, we can develop new strategies to aid them in making more informed security decisions.
The Impact of Workload on Phishing Susceptibility: An Experiment
Phishing is when social engineering is used to deceive a person into sharing sensitive information or downloading...