What will motivate people to be safe online ?

Ajouter à mon PDF personnalisé

Online safety begins with you and me: Convincing Internet users to protect themselves

People rely on the Internet for a whole range of business and pleasure pursuits, but this tradition is not entirely free of risk. Despite warnings about potential threats, many users do not follow basic practices to stay safe online. Do people not understand the risk? Are the instructions too complicated? Or do they think someone else has them covered?

Motivating people to step up to online security is a significant challenge. It is no small task to communicate the seriousness of the threats in a way that motivates participation in taking manageable, accessible precautions. Shillair et al. examined a number of factors related to human motivation to find those that feature heavily in online habits. Through a web-based survey, 161 participants were assigned to one of four groups. Each of the four groups saw different messages: some were encouraged to accept personal responsibility, others were assured responsibility lies elsewhere; some participants were shown a step by step demonstration of performing safety habits (called ‘vicarious experience), while others were given messaging to boost their confidence in handling online risks, but without being shown how (known here as ‘persuasion’). This use of groups allows a comparison of those factors in people’s online safety decisions.

After reviewing the messages, participants in all groups responded to a questionnaire asking their:

  • intention to perform online safety behaviours (e.g. read license agreements before downloading software) rating of personal responsibility (e.g. ‘online safety is my personal responsibility’ vs. ‘online safety is somebody else’s job, not mine’)
  • response efficacy and coping self-efficacy (e.g. confident could identify terms in agreements or privacy policies that pose threat)
  • measure of prior knowledge (e.g. questions about knowledge of spyware and Trojans)
  • technology awareness (e.g. ‘I follow news and developments about malware tech’)
  • message involvement (e.g. ‘how carefully did you read the online safety information’)

People with prior knowledge of online safety problems tended to have higher levels of coping self-efficacy; the confidence in their ability to deal with the problem. Those who were shown how, through vicarious experience, had a stronger sense of their ability than those who were merely encouraged. The emphasis on personal responsibility had no effect on people’s safety behaviour intention or on coping self-efficacy. However, among those who had only a little online safety knowledge, the messages about personal responsibility had a different role; in the high personal responsibility group, being shown how (vicarious experience) resulted in greater safety intentions compared to persuasion. In contrast, among the low personal responsibility (and low prior knowledge) group, persuasion was more effective in changing intention. The relationship was different among those with greater prior knowledge – for those who were reminded of a personal responsibility, self-efficacy had no effect, while those in the low personal responsibility (but high prior knowledge) group, were more influenced by vicarious experience.

These findings reinforce the importance of understanding your audience when creating security messaging. Some people need only the information about risks and some guidance on safe practices, but others will need additional support to integrate the knowledge into everyday routine. Ultimately it’s clear which mechanisms work; the important decision is how to combine them for different groups.

Telling Internet users that they have to be safe online has little effect on their intention unless the message and education is appropriate for that user.