With continuous technological advancements, our homes become smarter by interconnecting more and more devices. Smart homes provide many advantages. However, they also introduce new privacy and security risks. Recent studies show that only a few people are aware of abstract risks, and most people are not aware of specific negative consequences. We developed a privacy and security awareness intervention for people who want to inform themselves about risks in the smart home context. Our intervention is based on research literature on risk perception and feedback from both lay users and security and privacy experts. We evaluated our intervention regarding its influence on participants' perceived threat, privacy attitude, motivation to avoid threats, willingness to pay, and time commitment to configure protective measures. The results of this evaluation show a significant increase for all these aspects. We also compared our intervention to information that users could obtain during an Internet search on the topic. In this comparison, our intervention evokes a significantly higher perceived threat and privacy attitude. It showed no significant difference for the other three scales. We discuss our findings in light of related work.
Smart environments are becoming ubiquitous despite many potential security and privacy issues. But, do people understand what consequences could arise from using smart environments? To answer this research question, we conducted a survey with 575 participants from three different countries (Germany, Spain, Romania) considering smart home and health environments. Less than half of all participants mentioned at least one security and privacy issue, with significantly more German participants mentioning issues than the Spanish ones and the Spanish participants in turn mentioning significantly more security and privacy issues than the Romanian participants. Using open coding, we find that among the 275 participants mentioning security and privacy issues, 111 only expressed abstract concerns such as "security issues" and only 34 mentioned concrete harms such as "Burglaries (physical and privacy)", caused by security and privacy violations. The remaining 130 participants who mentioned security and privacy issues named only threats (i.e. their responses were more concrete than just abstract concerns but they did not mention concrete harming scenarios).
Phishing is currently one of the biggest threats in cybersecurity for both the business and the private contexts. A large percentage of phishing attacks are blocked by automated technical solutions, but unfortunately there is often a delay between when phishing emails enter inboxes and when the technical solutions are able to detect and filter them out. To close this gap, it is common practice for companies to implement mandatory phishing awareness measures for their employees. But what about the private context? We aimed at answering that question by analysing 94 anti-phishing webpages from eight different countries and four organisation types. Our analysis revealed not only contradicting recommendations, but also that most of them are rather abstract (e.g. check the URL before clicking on the link without telling what to look for) and lack guidance on advanced phishing techniques (e.g. clone phishing). We discuss the problems faced by readers of these webpages and outline both immediate recommendations to the web designer and ways forward to improve the current situation as future work.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.