How Do Home Computer Users Browse the Web?

With the ubiquity of web tracking, information on how people navigate the internet is abundantly collected yet, due to its proprietary nature, rarely distributed. As a result, our understanding of user browsing primarily derives from small-scale studies conducted more than a decade ago. To provide an broader updated perspective, we analyze data from 257 participants who consented to have their home computer and browsing behavior monitored through the Security Behavior Observatory. Compared to previous work, we find a substantial increase in tabbed browsing and demonstrate the need to include tab information for accurate web measurements. Our results confirm that user browsing is highly centralized, with 50% of internet use spent on 1% of visited websites. However, we also find that users spend a disproportionate amount of time on low-visited websites, areas with a greater likelihood of containing risky content. We then identify the primary gateways to these sites and discuss implications for future research.

A Comparative Study in Israel and Slovenia Regarding the Awareness, Knowledge, and Behavior Regarding Cyber Security

With the COVID-19 pandemic, many organizations and institutions moved to e-learning and to e-working from home. With the increase in internet usage, the rate of cyber-attacks have also increased, and this was followed by the request for more cyber security behaviors from employees and students. In the current study, the authors explore the connection between cyber security awareness, cyber knowledge, and cyber security behavior. The authors measured the behaviors among students in two similar countries: Israel and Slovenia. Results show that students felt they had adequate awareness on cyber threat but apply only a few protective measures to protect their devices, usually relatively common and simple ones. The study findings also show that awareness to cyber threats mediate the connection between knowledge and protection behaviors, but only in the case that the knowledge is specific with regard to IT protection courses. Results, implications, and recommendations for effective cyber security training programs for organizations and academic institutions are presented and discussed.

SETA and Security Behavior

This article contends that information security education, training and awareness programs can improve employee security behavior. Empirical studies have analyzed the direct effects of employee security training on security behavior without taking into account the mediating role of employee relations, monitoring, and accountability. Based on employee relations and accountability theories, this study proposes and tests a causal model that estimates the direct effect of employee security training on security behavior as well as its indirect effects as mediated by employee relations, monitoring, and accountability. The empirical analysis relies on a survey data from a cross section of employees from five major industry sectors and a structural equation modeling approach via SmartPLS 3.0. The results show that employee security training has indirect and significant effects on security behavior through its influence on employee relations, monitoring, and accountability. However, the result does not indicate direct and significant effect of security training on employee security behavior.

Work ethic and information security behavior

Purpose Information security is a growing issue that impacts organizations in virtually all industries, and data breaches impact millions of customers and cost organizations millions of dollars. Within the past several years alone, huge data breaches have been experienced by organizations such as Marriot, Equifax, eBay, JP Morgan Chase, Home Depot, Target and Yahoo, the latter of which impacted three billion users. This study aims to examine the utilization of pre-employment screening to identify potential hires that may require enhanced information security training to avoid such costs. Design/methodology/approach The authors hypothesize that an individual’s work ethic predicts a person’s information security behavior. The authors test this hypothesis using structural equation modeling with bootstrapping techniques. Findings Data analysis suggests that certain dimensions of work ethic do indeed predict information security posture, and thus, simple pre-employment screening techniques (i.e. questionnaires) can aid in identifying potential security threats. Practical implications The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires. Originality/value The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires.

Impact of digital nudging on information security behavior: an experimental study on framing and priming in cybersecurity

PurposePhishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.Design/methodology/approachA 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).FindingsThe findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.Originality/valueThis research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.