Older adults are actively targeted for online fraud, particularly for pension and romance scams. They also tend to lose more money to these scams than their younger counterparts and are often unwilling to report incidents. Unfortunately, little is known about the sources that this group trusts for cybersecurity information.
Nicholson et al. conducted 22 semi-structured interviews with digital citizens over 65, in order to explore their cybersecurity information seeking behaviors. The study consisted in the construction of a sociogram, a graphic representation of social links, and discussions about information gathering amongst and outside that social group. Starting interviews with graphically representing a support network was done to improve the accuracy of recalled interactions, as directly asking participants about experiences often leads to erroneous and incomplete recall.
The study identified four subthemes in relation to cybersecurity literacy:
1. Legacy Knowledge: Information that has been retained from previous employment. Users adopted knowledge from their organizations security policies, such as password composition strategies. However, such knowledge may be inaccurate or out of date.
2. Interest in IT: The person and their social group’s interest in learning more about Information Technology. Participants had a very limited IT literate social network, with whom cybersecurity information was unlikely to be discussed.
3. Language: The ability to understand and communicate the vocabulary of cybersecurity information. If a person is unable to formulate a recognizable query, they may not receive the appropriate help. A poor language level in participants did undermine their confidence in communicating about cybersecurity.
4. Past experience: Positive and negative experiences that shape the perception of cybersecurity. A software update slowing down a device or changing the user interface, rendering previous experience useless, dissuades older people from further updates. Conversely, good experiences can also work as gateways for more experimentation.
Social sources of assistance were predominantly close friends and family. The participants appeared to prioritize availability over competence in their choice of information sources, given their limited relevant social options and literacy. This prioritization of availability, combined with a predisposition to seek and trust advice from professionals, made them also rely heavily on commercial resources.
Participants were introduced to new cybersecurity risks when friends and family handed them internetconnected devices without appropriate accompanying support. They expressed their difficulty in finding community-organized cybersecurity courses appropriate to their literacy level and age group.
Participants also avoided using the internet to seek security information, because of their limited technology literacy and their general lack of trust for cybersecurity advice found online. Instead, they usually absorbed their cybersecurity information passively via radio and television broadcasts.
Older people are particularly vulnerable to online fraud due to a lack of access to authoritative security information, poor finances, second-hand hardware or low technology literacy. Findings suggest that community-organized face-to-face courses, as well as radio broadcasts, would both be great resources for older digital citizens.
Older people are vulnerable to online fraud due to a lack of access to authoritative security information and low technology literacy. Face-to-face courses and radio broadcasts could help.