Past research investigating the human side of cybersecurity has treated people as isolated individuals rather than as social actors acting within a web of relationships and social influence. We are investigating how social influence can and does affect cybersecurity. More specifically, we are studying how people learn about new security behaviors from their social network, using both qualitative and quantitative methods.
We are also developing and evaluating novel techniques for leveraging social influences to improve people?s awareness and knowledge of cybersecurity, as well as motivation to act securely. These techniques make use of established principles from social psychology for influencing people, specifically similarity and social norms. We are applying these same ideas towards influencing people?s attitudes and behaviors towards cybersecurity.
Success in this work will open up a new dimension to cybersecurity and add to the toolbox for researchers and practitioners, in terms of applying known ideas from an established field in a new context to improve cybersecurity. Our work will also improve the community?s understanding of how people learn their cybersecurity behaviors (of which currently there is little literature), and will lead to a rigorous evaluation of how effective two different social mechanisms are in influencing people?s awareness, knowledge, and motivations towards acting more securely online.
