ABSTRACT
The COVID-19 pandemic has shined a light on the digital divide and its implications in a digital-first society. In the UK, where our research is focused, parts of society still lack the infrastructure and/or basic skills needed to access essential online services like health, welfare, food, housing and education. During the pandemic, these services became digital by necessity, forcing many people to seek help through informal networks such as community hubs. Based on our focus groups and interviews with voluntary and third sector organisations in the UK, we make a case in this chapter for a kinder, more holistic approach to the accessibility of essential online services, based on the hypothesis that such an approach creates the types of spaces in which the benefits of such services can be more safely realised. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
The COVID-19 pandemic has shined a light on the digital divide and its implications in a digital-first society. In the UK, where our research is focused, parts of society still lack the infrastructure and/or basic skills needed to access essential online services like health, welfare, food, housing and education. During the pandemic, these services became digital by necessity, forcing many people to seek help through informal networks such as community hubs. Based on our focus groups and interviews with voluntary and third sector organisations in the UK, we make a case in this chapter for a kinder, more holistic approach to the accessibility of essential online services, based on the hypothesis that such an approach creates the types of spaces in which the benefits of such services can be more safely realised. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
Security configuration remains obscure for many Internet users, especially those with limited computing skills. This obscurity exposes such users to various Internet attacks. Recently, there has been an increase in cyberattacks targeted at individuals due to the remote workforce imposed by the COVID 19 pandemic. These attacks have exposed the inefficiencies of the non-human-centric implementation of Internet security mechanisms and protocols. Security research usually positions users as the weakest link in the security ecosystem, making system and protocol developers exclude the users in the development process. This stereotypical approach has negatively affected users’ security uptake. Mostly, security systems are not comprehensible for an average user, negatively affecting performance and Quality of Experience. This causes the users to shun using security mechanisms. Building on human-centric cybersecurity research, we present a tool that aids in configuring Internet Quality of protection and Experience (referred to as PowerQoPE in this paper). We describe its architecture and design methodology and finally present evaluation results. Preliminary evaluation results show that user-centric and data-driven approaches in the design of Internet security systems improves users’ Quality of Experience. The controlled experiment results show that users are not really stupid;they know what they want and that given proper security configuration platforms with proper framing of components and information, they can make optimal security decisions. © 2022, IFIP International Federation for Information Processing.
ABSTRACT
Recent trends show an increase in risks for personal cyberattacks, in part due to an increase in remote work that has been imposed by worldwide Covid-19 lockdowns. These attacks have further exposed the inefficiencies of the paternalistic design of Internet security systems and security configuration frameworks. Prior research has shown that users often have inadequate Internet security and privacy mental models. However, little is known about the causes of flawed mental models. Using mixed methods over a period of nine months, we investigate Internet security mental models of users in Africa and the implications of these mental models on personal security practice. Consistent with prior research, we find inadequate Internet security mental models in self-reported expert and non-expert Internet users. In addition, our mental modelling and task analysis reveal that the flawed security practice does not only result from users’ negligence, but also from lack of sufficient Internet security knowledge. Our findings motivate for reinforcing users’ Internet security mental models through personalised security configuration frameworks to allow users, especially those with limited technical skills, to easily configure their desired security levels. © 2022, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.
ABSTRACT
In the last decades, research has shown that both technical solutions and user perceptions are important to improve security and privacy in the digital realm. The field of 'usable security' already started to emerge in the mid-90s, primarily focussed on password and email security. Later on, the research field of "usable security and privacy" evolved and broadened the aim to design concepts and tools to assist users in enhancing their behaviour with regard to both privacy and security. Nevertheless, many user interventions are not as effective as desired. Because of highly diverse usage contexts, leading to different privacy and security requirements and not always to one-size-fits-all approaches, tailorability is necessary to address this issue. Furthermore, transparency is a crucial requirement, as providing comprehensible information may counter reactance towards security interventions. This article first provides a brief history of the research field in its first quarter-century and then highlights research on the transparency and tailorability of user interventions. Based on this, this article then presents six contributions with regard to (1) privacy concerns in times of COVID-19, (2) authentication on mobile devices, (3) GDPR-compliant data management, (4) privacy notices on websites, (5) data disclosure scenarios in agriculture, as well as (6) rights under data protection law and the concrete process should data subjects want to claim those rights. This article concludes with several research directions on user-centred transparency and tailorability.
ABSTRACT
The ongoing Covid-19 pandemic has impacted our everyday lives and demands everyone to take countermeasures such as wearing masks or disinfecting their hands. However, while previous work suggests that these countermeasures may profoundly impact biometric authentication, an investigation of the actual impact is still missing. Hence, in this work, we present our findings from an online survey (n=334) on experienced changes in device usage and failures of authentication. Our results show significant changes in personal and shared device usage, as well as a significant increase in experienced failures when comparing the present situation to before the Covid-19 pandemic. From our qualitative analysis of participants' responses, we derive potential reasons for these changes in device usage and increases in authentication failures. Our findings suggest that making authentication contactless is only one of the aspects relevant to encounter the novel challenges caused by the pandemic. © 2022 ACM.
ABSTRACT
Numerous information-Tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. While prior work has heavily explored the factors affecting people's willingness to adopt contact-Tracing solutions, which inform people when they have been exposed to someone positive for COVID-19, numerous countries have implemented other information-Tracking solutions that use more data and more sensitive data than these commonly studied contact-Tracing apps. In this work, we build on existing work focused on contact-Tracing apps to explore adoption and design considerations for six representative information-Tracking solutions for COVID-19, which differ in their goals and in the types of information they collect. To do so, we conducted semi-structured interviews with 44 participants to investigate the factors that influence their willingness to adopt these solutions. We find four main categories of influences on participants' willingness to adopt such solutions: individual benefits of the solution, societal benefits of the solution, functionality concern, and digital safety (e.g., security and privacy) concerns. Further, we enumerate the factors that inform participants' evaluations of these categories. Based on our findings, we make recommendations for the future design of information-Tracking solutions and discuss how different factors may balance against benefits in future crisis situations. © 2022 ACM.
ABSTRACT
With the fourth industrial revolution, there is a digitization wave going on for the transformation of existing systems into modern digital systems. This has opened the window for many opportunities, but at the same time, there is a multitude of cyber-security threats that need to be addressed. This paper considers one such threat posed by phishing and ransomware attacks to the healthcare infrastructures. Phishing has also been the most prevalent attack mechanism on the healthcare infrastructures during the ongoing COVID-19 pandemic. The paper proposes two intervention strategies as a step towards catering to the challenges posed by phishing and ransomware attacks in the context of healthcare infrastructures. © 2022, IFIP International Federation for Information Processing.
ABSTRACT
The onset of the COVID-19 pandemic has given rise to an increase in cyberattacks and cybercrime, particularly with respect to phishing attempts. Cybercrime associated with phishing emails can significantly impact victims, who may be subjected to monetary loss and identity theft. Existing anti-phishing tools do not always catch all phishing emails, leaving the user to decide the legitimacy of an email. The ability of machine learning technology to identify reoccurring patterns yet cope with overall changes complements the nature of anti-phishing techniques, as phishing attacks may vary in wording but often follow similar patterns. This paper presents a browser extension called MailTrout, which incorporates machine learning within a usable security tool to assist users in detecting phishing emails. MailTrout demonstrated high levels of accuracy when detecting phishing emails and high levels of usability for end-users. © Boyle et al. Published by BCS Learning and Development Ltd.