The administration of systems plays an important part in security. This means that people using, and by necessity administering, home computers must make various security decisions. However, computer security is complex and home users are generally untrained and uninterested. Although it is important to make security inherent to computers, people may always be a part of the security equation. Even if we make security easier to use, it remains essential to educate home users to make better security decisions. Advancing this cause requires that we know how people understand security, including different kinds of attacks and protection methods. We also need to know what kinds of educational material can effciently alter people’s perceptions and behaviours to improve their security.
Zhang-Kennedy, Chiasson and Biddle looked at ways to effectively educate people on home computer security and persuade them to improve their security habits. First, they designed security infographics to test how well certain types of images and metaphors contributed to learning. They discovered helpful metaphors that improved cybersecurity understanding. They found image-based communications to be a more effective teaching tool than text alone. Based on these fndings, they designed a witty, interactive comic series. The researchers used different instructional design principles to come up with interactive comics about passwordguessing attacks, malware protection and mobile online privacy. They then used eye-tracking technology to optimize the comics and make adjustments to the fow and length as necessary.
To test the effectiveness of their comic, the researchers recruited 52 study participants at Carleton University to interact with their comic. They interviewed the participants to fnd out how much they knew about the three security areas that the comics address. They then used questionnaires and interviews to test the participants’ security understanding before and after interacting with the comic. One week later, they looked to see if the participants had changed their behaviour.
Initially, the participants had a poor understanding of computer security. Many had diffculties distinguishing between different kinds of attacks. Others thought they were unlikely targets of cyberattacks. This may affect their ability and motivation to practice safe behaviour online. The comics followed four principles that link instructional design and persuasive technology principles.
After interacting with the comics, the participants knew more about cybersecurity. The simplicity of the comics reduced the cognitive effort required to understand the complex security content. Furthermore, the interactive aspects of the comics provided insight into the benefts of following their security recommendations. These aspects effectively persuaded participants to follow the advice given in the comics. Overall, the participants self-reported more positive behaviour changes after interacting with the comics. They reported changing their passwords, updating their security software and sharing advice from the comics with family and friends.
Simplifying content through images and metaphors in an entertaining comics-based approach can help people overcome the challenges of learning about cybersecurity. Furthermore, this type of approach may even be helpful in other felds. Projects that aim to teach, inform and modify behaviour could beneft from an evidencebased immersive comics approach.
Evidence-based, interactive comics are an effective teaching tool for cybersecurity.