Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
The design of phishing studies: Challenges for researchers
In this paper, a role play scenario experiment of people's ability to differentiate between phishing and genuine emails demonstrated limitations in the generalisability of phishing studies. This involves issues around the priming of participants and the diversity of...
A protection motivation theory approach to improving compliance with password guidelines
Usernames and passwords form the most widely used method of user authentication on the Internet. Yet, users still find compliance with password guidelines difficult. The primary objective of this research was to investigate how compliance with password guidelines and...
Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs
Standards and best practices for information security awareness programs focus on the content and processes of the programs, without taking into consideration how individuals internalize security-related information and how individuals make security related decisions....
Online safety begins with you and me: Convincing Internet users to protect themselves
This article delves into the persistent issue of individuals neglecting basic cybersecurity measures, despite the increasing reports of losses from security breaches. It emphasizes the importance of understanding the psychological factors that encourage users to adopt...
Improving your security awareness campaigns: Examples from behavioral science
This short blog post suggests cyber security awareness campaigns should not be run by IT but by human resources or standalone departments; that companies should quantify risks to guide cyber security investments; that awareness campaign effectiveness should be...
The sufficiency of the theory of planned behavior for explaining information security policy compliance
This paper aims to challenge the assumption that the theory of planned behaviour (TPB) includes all constructs that explain information security policy compliance and investigates if anticipated regret or constructs from the protection motivation theory add...
Experiments with security and privacy in IoT networks
We explore the risks to security and privacy in IoT networks by setting up an inexpensive home automation network and performing a set of experiments intended to study attacks and defenses. We focus on privacy preservation in home automation networks but our insights...
Investigating personal determinants of phishing and the effect of national culture
The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations. Intention to resist...
Scaring and bullying people into security won’t work
Users are more likely to respond to trustworthy and credible risk indicators that align with the threats they wish to evade. Security measures that frequently yield false positives erode the credibility of security protocols and condition users to disregard them. To...
Examining the distinct antecedents of E-mail habits and its influence on the outcomes of a phishing attack
This research investigates the link between social media phishing susceptibility and individual Facebook habits, particularly how these habits lead to victimization and its relation to email-based phishing. The study analyzes the precursors and effects of email habits...
“… no one can hack my mind”: Comparing expert and non-expert security practices
The state of advice given to people today on how to stay safe online has plenty of room for improvement. Too many things are asked of them, which may be unrealistic, time consuming, or not really worth the effort. To improve the security advice, our community must...
Empirical study on ICT system’s users’ risky behavior and security awareness
In this study authors gathered information on ICT users from different areas in Croatia with different knowledge, experience, working place, age and gender background in order to examine today's situation in the Republic of Croatia (n=701) regarding ICT users'...
Cleaning house: The impact of information technology monitoring on employee theft and productivity
This study explores the impact of technology-based employee monitoring on both misconduct and productivity in businesses. The research utilizes unique theft and sales data from 392 restaurants across five companies that implemented a theft monitoring information...
Leadership styles and information security compliance behavior: The mediator effect of information security awareness
Leadership styles play an important role to enhance employee’s information security awareness and may lead to proper information security compliance behavior. Therefore, the current study aims to investigate the indirect effect of leadership styles on user’s...
Organizational safety climate and supervisor safety enforcement: Multilevel explorations of the causes of accident underreporting
According to national surveillance statistics, over 3 million employees are injured each year; yet, research indicates that these may be substantial underestimates of the true prevalence. The purpose of the current project was to empirically test the hypothesis that...
A closer look into privacy and security of Chromecast multimedia cloud communications
Cloud computing has enabled a wide range of streaming multimedia applications and many HDMI based devices have emerged as a result. Chromecast is one of these devices that plugs into the HDMI port of a larger screen and turns it into a smart screen. With Chromecast,...
Scaling the security wall: Developing a security behavior intentions scale (SeBIS)
Despite the plethora of security advice and online education materials offered to end-users, there exists no standard measurement tool for end-user security behaviors. We present the creation of such a tool. We surveyed the most common computer security advice that...
Trust and distrust on the web: User experiences and website characteristics
This study aims to analyze the components of user experiences that cultivate trust and incite distrust on the internet, with a specific focus on the characteristics of websites that bolster trust or provoke distrust. We gathered data on users' experiences during...
“Shadow Security” as a tool for the learning organization
Traditionally, organizations manage information security through policies and mechanisms that employees are expected to comply with. Noncompliance with security is regarded as undesirable, and often sanctions are threatened to deter it. But in a recent study, we...
An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric
Fear appeals, which are used widely in information security campaigns, have become common tools in motivating individual compliance with information security policies and procedures. However, empirical assessments of the effectiveness of fear appeals have yielded...
The social psychology of cybersecurity
As the fields of HCI, cybersecurity and psychology continue to grow and diversify there is greater overlap between these areas and new opportunities for interdisciplinary collaboration. This paper argues for a focus specifically on the role of social psychology in...