Informing, simulating experience, or both: A field experiment on phishing risks

Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but...

Descripción completa

Detalles Bibliográficos
Autores principales: Baillon, Aurélien, de Bruin, Jeroen, Emirmahmutoglu, Aysil, van de Veer, Evelien, van Dijk, Bram
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Public Library of Science 2019
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6919577/
https://www.ncbi.nlm.nih.gov/pubmed/31851688
http://dx.doi.org/10.1371/journal.pone.0224216
Descripción
Sumario:Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but is there a better way to reduce phishing risks? Experience and feedback have often been claimed to be effective in helping people make better decisions. In a large field experiment involving more than 10,000 employees of a Dutch ministry, we tested the effect of information provision, simulated experience, and their combination to reduce the risks of falling into a phishing attack. Both approaches substantially reduced the proportion of employees giving away their password. Combining both interventions did not have a larger impact.

Ejemplares similares