Cybersecurity Gossip: Using Stories to Improve Security Decisions
Every day, people make hundreds of small decisions while using their computing devices that represent potentially risky actions. Should I click on this link? Is it OK to enter sensitive information into this webpage? What password should I use for this new account? In this talk, I will discuss one of the major ways that people learn what to do in these situations: cybersecurity gossip. People tell stories to each other – mostly about past incidents, mostly among family and friends – that help them understand what to do and, more importantly, why to do it. These stories focus on different issues than traditional facts-and-advice training that is typically provided by experts. I will discuss why these stories complement existing security training by improving peoples’ “gut feeling” about when something might be potentially dangerous. Finally, I will describe a recent example of how we used stories to help train university employees to better recognize and avoid fraudulent phishing emails.
Rick Wash is an Associate Professor at Michigan State University in the Department of Media and Information. His work involves understanding how people think about computing technology, and their interactions with other people through technology, with a particular focus on cyber-security and collaborative systems. His research is supported by multiple grants from the US National Science Foundation including an NSF CAREER award. He completed his PhD at the School of Information at the University of Michigan. Prior to studying information, Rick completed his masters degree in Computer Science from the University of Michigan, and his bachelors degree in Computer Science from Case Western Reserve University.