Cargando…
Informing, simulating experience, or both: A field experiment on phishing risks
Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but...
| Autores principales: | , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2019
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6919577/ https://www.ncbi.nlm.nih.gov/pubmed/31851688 http://dx.doi.org/10.1371/journal.pone.0224216 |
| _version_ | 1783480777187524608 |
|---|---|
| author | Baillon, Aurélien de Bruin, Jeroen Emirmahmutoglu, Aysil van de Veer, Evelien van Dijk, Bram |
| author_facet | Baillon, Aurélien de Bruin, Jeroen Emirmahmutoglu, Aysil van de Veer, Evelien van Dijk, Bram |
| author_sort | Baillon, Aurélien |
| collection | PubMed |
| description | Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but is there a better way to reduce phishing risks? Experience and feedback have often been claimed to be effective in helping people make better decisions. In a large field experiment involving more than 10,000 employees of a Dutch ministry, we tested the effect of information provision, simulated experience, and their combination to reduce the risks of falling into a phishing attack. Both approaches substantially reduced the proportion of employees giving away their password. Combining both interventions did not have a larger impact. |
| format | Online Article Text |
| id | pubmed-6919577 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2019 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-69195772019-12-27 Informing, simulating experience, or both: A field experiment on phishing risks Baillon, Aurélien de Bruin, Jeroen Emirmahmutoglu, Aysil van de Veer, Evelien van Dijk, Bram PLoS One Research Article Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but is there a better way to reduce phishing risks? Experience and feedback have often been claimed to be effective in helping people make better decisions. In a large field experiment involving more than 10,000 employees of a Dutch ministry, we tested the effect of information provision, simulated experience, and their combination to reduce the risks of falling into a phishing attack. Both approaches substantially reduced the proportion of employees giving away their password. Combining both interventions did not have a larger impact. Public Library of Science 2019-12-18 /pmc/articles/PMC6919577/ /pubmed/31851688 http://dx.doi.org/10.1371/journal.pone.0224216 Text en © 2019 Baillon et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Baillon, Aurélien de Bruin, Jeroen Emirmahmutoglu, Aysil van de Veer, Evelien van Dijk, Bram Informing, simulating experience, or both: A field experiment on phishing risks |
| title | Informing, simulating experience, or both: A field experiment on phishing risks |
| title_full | Informing, simulating experience, or both: A field experiment on phishing risks |
| title_fullStr | Informing, simulating experience, or both: A field experiment on phishing risks |
| title_full_unstemmed | Informing, simulating experience, or both: A field experiment on phishing risks |
| title_short | Informing, simulating experience, or both: A field experiment on phishing risks |
| title_sort | informing, simulating experience, or both: a field experiment on phishing risks |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6919577/ https://www.ncbi.nlm.nih.gov/pubmed/31851688 http://dx.doi.org/10.1371/journal.pone.0224216 |
| work_keys_str_mv | AT baillonaurelien informingsimulatingexperienceorbothafieldexperimentonphishingrisks AT debruinjeroen informingsimulatingexperienceorbothafieldexperimentonphishingrisks AT emirmahmutogluaysil informingsimulatingexperienceorbothafieldexperimentonphishingrisks AT vandeveerevelien informingsimulatingexperienceorbothafieldexperimentonphishingrisks AT vandijkbram informingsimulatingexperienceorbothafieldexperimentonphishingrisks |