DIY security risky for home computers

MICHIGAN STATE (US) — Too often, home computer users either mistakenly think they have enough security in place or don’t believe they have enough valuable information that would be of interest to a hacker.

“Home security is hard because people are untrained in security,” says Rick Wash, assistant professor of telecommunication, information studies, and media at Michigan State University. “But it isn’t because people are idiots. Rather they try their best to make sense of what’s going on and frequently make choices that leave them vulnerable.”

In a new study published in the proceedings of the Symposium on Usable Privacy and Security, Wash identifies eight “folk models” of security threats used by home computer users in deciding what security software to use and which advice to follow.

The models can be vague and generic: “viruses are bad” or more specific: “hackers are burglars who break into computers for criminal purposes.”

People who rely on folk models for computer security don’t necessarily follow security advice from credible experts because they either don’t understand the advice or because they believe the security advice isn’t relevant to them.

Knowing what people believe or discount can help the experts help the users.

“The folk models we describe begin to provide an explanation of which expert advice home computer users choose to follow and which advice to ignore,” Wash says. “By better understanding why people choose to ignore certain pieces of advice, we can better craft that advice and technologies to have a greater effect.”

Security experts need to do a better job explaining the threats that home computer users face, Wash says. “Without an understanding of threats, home-computer users intentionally choose to ignore advice that they don’t believe will help them.

“Security education efforts should focus not only on recommending what actions to take, but also emphasize why those actions are necessary.”

More news from Michigan State University: