research-article

Understanding Young People's Experiences of Cybersecurity

Authors:

James Nicholson,

Pardeep KumarAuthors Info & Claims

EuroUSEC '21: Proceedings of the 2021 European Symposium on Usable Security

Pages 200 - 210

https://doi.org/10.1145/3481357.3481520

Published: 11 December 2021 Publication History

Abstract

Young people are increasingly becoming responsible for the security of their devices, yet do not appear to have the knowledge to protect themselves online. In this paper, we explore young people's knowledge of cybersecurity through a series of workshops with secondary school children, and co-design cybersecurity lessons aimed at engaging this demographic. We find that technical demonstrations are an effective way of engaging young people's curiosity in the subject, and that group activities aimed at exploring the subject are preferred methods. We also find that while knowledgeable about cybersecurity theory (e.g. passwords), their actual behaviours did not reflect best practice. We discuss the role of schools in cybersecurity education and how to best embed this content in the curriculum to maximise the engagement of students, including a focus on teaching about cybersecurity protective tools.

References

[1]

Murat Akçayır, Hakan Dündar, and Gökçe Akçayır. 2016. What makes you a digital native? Is it enough to be born after 1980? Computers in Human Behavior 60: 435–440. https://doi.org/10.1016/j.chb.2016.02.089

Digital Library

[2]

Yusuf Albayram, Mohammad Maifi Hasan Khan, and Michael Fagan. 2017. A Study on Designing Video Tutorials for Promoting Security Features: A Case Study in the Context of Two-Factor Authentication (2FA). International Journal of Human–Computer Interaction 33, 11: 927–942. https://doi.org/10.1080/10447318.2017.1306765

[3]

Wei Bai, Michael Pearson, Patrick Gage Kelley, and Michelle L. Mazurek. 2020. Improving Non-Experts’ Understanding of End-to-End Encryption: An Exploratory Study. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), 210–219. https://doi.org/10.1109/EuroSPW51379.2020.00036

[4]

Ahmad Basheer, Muhamad Hugerat, Naji Kortam, and Avi Hofstein. 2016. The Effectiveness of Teachers’ Use of Demonstrations for Enhancing Students’ Understanding of and Attitudes to Learning the Oxidation-Reduction Concept. Eurasia Journal of Mathematics, Science and Technology Education 13, 3: 555–570. https://doi.org/10.12973/eurasia.2017.00632a

[5]

Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative Research in Psychology 3, 2: 77–101. https://doi.org/10.1191/1478088706qp063oa

[6]

Moonsun Choi, Dean Cristol, and Belinda Gimbert. 2018. Teachers as digital citizens: The influence of individual backgrounds, internet use and psychological characteristics on teachers’ levels of digital citizenship. Computers & Education 121: 143–161. https://doi.org/10.1016/j.compedu.2018.03.005

[7]

Yee-Yin Choong, Mary F Theofanos, Karen Renaud, and Suzanne Prior. 2019. “Passwords protect my stuff”—a study of children's password practices. Journal of Cybersecurity 5, 1. https://doi.org/10.1093/cybsec/tyz015

[8]

Yee-Yin Choong, Mary Theofanos, Karen Renaud, and Suzanne Prior. 2019. Case Study – Exploring Children's Password Knowledge and Practices. In Proceedings 2019 Workshop on Usable Security. https://doi.org/10.14722/usec.2019.23027

[9]

Jasper Cole, Greg Walsh, and Zach Pease. 2017. Click to Enter: Comparing Graphical and Textual Passwords for Children. In Proceedings of the 2017 Conference on Interaction Design and Children (IDC ’17), 472–477. https://doi.org/10.1145/3078072.3084311

Digital Library

[10]

Sauvik Das, Laura A. Dabbish, and Jason I. Hong. 2019. A Typology of Perceived Triggers for End-User Security and Privacy Behaviors. 97–115. Retrieved June 10, 2021 from https://www.usenix.org/conference/soups2019/presentation/das

[11]

Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. “...No one Can Hack My Mind”: Comparing Expert and Non-Expert Security Practices. 327–346. Retrieved June 11, 2021 from https://www.usenix.org/conference/soups2015/proceedings/presentation/ion

[12]

Carrie James, Emily Weinstein, and Kelly Mendoza. 2019. Teaching Digital Citizens in Today's World: Research and Insights Behind the Common Sense K–12 Digital Citizenship Curriculum. Common Sense Media. Retrieved October 29, 2020 from https://www.researchgate.net/profile/Donia_Ragab/publication/337447543_Teaching_Digital_Citizens_in_Today's_World_Research_and_Insights_Behind_the_Common_Sense_K-12_Digital_Citizenship_Curriculum/links/5dd82852458515dc2f43a28c/Teaching-Digital-Citizens-in-Todays-World-Research-and-Insights-Behind-the-Common-Sense-K-12-Digital-Citizenship-Curriculum.pdf

[13]

Hilda K. Kabali, Matilde M. Irigoyen, Rosemary Nunez-Davis, Jennifer G. Budacki, Sweta H. Mohanty, Kristin P. Leister, and Robert L. Bonner. 2015. Exposure and Use of Mobile Media Devices by Young Children. Pediatrics 136, 6: 1044–1050. https://doi.org/10.1542/peds.2015-2151

[14]

Mark J. Keith, Courtenay Maynes, Paul Benjamin Lowry, and Jeffry Babb. 2014. Privacy Fatigue: The Effect of Privacy Control Complexity on Consumer Electronic Information Disclosure. In International Conference on Information Systems (ICIS 2014). Retrieved July 23, 2018 from https://papers.ssrn.com/abstract=2529606

[15]

John M. Keller. 1987. Strategies for stimulating the motivation to learn. Performance + Instruction 26, 8: 1–7. https://doi.org/10.1002/pfi.4160260802

[16]

Agnieszka Kitkowska, Mark Warner, Yefim Shulman, Erik Wästlund, and Leonardo A. Martucci. 2020. Enhancing Privacy through the Visual Design of Privacy Notices: Exploring the Interplay of Curiosity, Control and Affect. 437–456. Retrieved June 10, 2021 from https://www.usenix.org/conference/soups2020/presentation/kitkowska

[17]

Daniel G. Krutka and Jeffrey P. Carpenter. 2017. Digital Citizenship in the Curriculum. Educational Leadership 75, 3: 50–55.

[18]

Priya Kumar, Shalmali Milind Naik, Utkarsha Ramesh Devkar, Marshini Chetty, Tamara L. Clegg, and Jessica Vitak. 2017. “No Telling Passcodes Out Because They're Private”: Understanding Children's Mental Models of Privacy and Security Online. Proceedings of the ACM on Human-Computer Interaction 1, CSCW: 64:1-64:21. https://doi.org/10.1145/3134699

Digital Library

[19]

Dev Raj Lamichhane and Janet C. Read. 2017. Investigating Children's Passwords Using a Game-based Survey. In Proceedings of the 2017 Conference on Interaction Design and Children (IDC ’17), 617–622. https://doi.org/10.1145/3078072.3084333

Digital Library

[20]

Elmer Lastdrager, Inés Carvajal Gallardo, Pieter Hartel, and Marianne Junger. 2017. How Effective is Anti-Phishing Training for Children? In Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017), 229–239.

[21]

Sumbal Maqsood, Robert Biddle, Sana Maqsood, and Sonia Chiasson. 2018. An Exploratory Study of Children's Online Password Behaviours. In Proceedings of the 17th ACM Conference on Interaction Design and Children (IDC ’18), 539–544. https://doi.org/10.1145/3202185.3210772

Digital Library

[22]

Florence Martin, Tuba Gezer, and Chuang Wang. 2019. Educators’ Perceptions of Student Digital Citizenship Practices. Computers in the Schools 36, 4: 238–254. https://doi.org/10.1080/07380569.2019.1674621

[23]

Florence Martin, Tuba Gezer, Wei Chao Wang, Teresa Petty, and Chuang Wang. 2020. Examining K-12 educator experiences from digital citizenship professional development. Journal of Research on Technology in Education 0, 0: 1–18. https://doi.org/10.1080/15391523.2020.1815611

[24]

James Nicholson, Lynne Coventry, and Pam Briggs. 2013. Age-related performance issues for PIN and face-based authentication systems. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’13), 323–332. https://doi.org/10.1145/2470654.2470701

Digital Library

[25]

James Nicholson, Lynne Coventry, and Pam Briggs. 2018. Introducing the Cybersurvival Task: Assessing and Addressing Staff Beliefs about Effective Cyber Protection. In In Proceedings of Symposium on Usable Privacy and Security (SOUPS) 2018, 16.

Digital Library

[26]

James Nicholson, Yousra Javed, Matt Dixon, Lynne Coventry, Opeyemi Dele-Ajayi, and Philip Anderson. 2020. Investigating Teenagers’ Ability to Detect Phishing Messages. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 10. https://doi.org/10.1109/EuroSPW51379.2020.00027

[27]

James Nicholson and Jill McGlasson. 2020. CyberGuardians: Improving Community Cyber Resilience Through Embedded Peer-to-Peer Support. In Companion Publication of the 2020 ACM Designing Interactive Systems Conference (DIS’ 20 Companion), 117–121. https://doi.org/10.1145/3393914.3395871

Digital Library

[28]

James Nicholson, Ben Morrison, Matt Dixon, Jack Holt, Lynne Coventry, and Jill McGlasson. 2021. Training and Embedding Cybersecurity Guardians in Older Communities. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York, NY, USA, 1–15. Retrieved June 10, 2021 from https://doi.org/10.1145/3411764.3445078

Digital Library

[29]

Christos K. Nikopoulos and Mickey Keenan. 2004. Effects of Video Modelling on Training and Generalisation of Social Initiation and Reciprocal Play by Children With Autism. European Journal of Behavior Analysis 5, 1: 1–13. https://doi.org/10.1080/15021149.2004.11434227

[30]

Joanne Orlando. Kids need to learn about cybersecurity, but teachers only have so much time in the day. The Conversation. Retrieved June 10, 2021 from http://theconversation.com/kids-need-to-learn-about-cybersecurity-but-teachers-only-have-so-much-time-in-the-day-112136

[31]

Al Pascual and Kyle Marchini. 2018. 2018 Child Identity Fraud Study. Javelin. Retrieved October 29, 2020 from https://www.javelinstrategy.com/coverage-area/2018-child-identity-fraud-study

[32]

Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, and Alain Forget. 2017. Let's Go in for a Closer Look: Observing Passwords in Their Natural Habitat. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ’17), 295–310. https://doi.org/10.1145/3133956.3133973

Digital Library

[33]

Emilee Rader, Rick Wash, and Brandon Brooks. 2012. Stories As Informal Lessons About Security. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ’12), 6:1-6:17. https://doi.org/10.1145/2335356.2335364

Digital Library

[34]

Carlo Sugatan and Florian Schaub. 2020. Interactive Stories for Security Education: A Case Study on Password Managers. In USENIX Symposium on Usable Privacy and Security (SOUPS) 2020, 6.

[35]

Hamidreza Taheri-Torbati and Mohammad Saber Sotoodeh. 2019. Using video and live modelling to teach motor skill to children with autism spectrum disorder. International Journal of Inclusive Education 23, 4: 405–418. https://doi.org/10.1080/13603116.2018.1441335

[36]

E. Vass. 2002. Friendship and collaborative creative writing in the primary classroom. Journal of Computer Assisted Learning 18, 1: 102–110. https://doi.org/10.1046/j.0266-4909.2001.00216.x

[37]

Rick Wash. 2010. Folk models of home computer security. In Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS ’10), 1–16. https://doi.org/10.1145/1837110.1837125

Digital Library

[38]

Rick Wash, Emilee Rader, Ruthie Berman, and Zac Wellmer. 2016. Understanding Password Choices: How Frequently Entered Passwords Are Re-used across Websites. 175–188. Retrieved April 14, 2021 from https://www.usenix.org/conference/soups2016/technical-sessions/presentation/wash

[39]

Hue Watson, Eyitemi Moju-Igbene, Akanksha Kumari, and Sauvik Das. 2020. “We Hold Each Other Accountable”: Unpacking How Social Groups Approach Cybersecurity and Privacy Together. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI ’20), 1–12. https://doi.org/10.1145/3313831.3376605

Digital Library

[40]

Jun Zhao, Ge Wang, Carys Dally, Petr Slovak, Julian Edbrooke-Childs, Max Van Kleek, and Nigel Shadbolt. 2019. `I make up a silly name’: Understanding Children's Perception of Privacy Risks Online. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (CHI ’19), 1–13. https://doi.org/10.1145/3290605.3300336

Digital Library

[41]

Yixin Zou, Kevin Roundy, Acar Tamersoy, Saurabh Shintre, Johann Roturier, and Florian Schaub. 2020. Examining the Adoption and Abandonment of Security, Privacy, and Identity Theft Protection Practices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI ’20), 1–15. https://doi.org/10.1145/3313831.3376570

Digital Library

Cited By

Currin FHourcade J(2024)Creating Personas of Parents of Young Children Based on Balancing PrioritiesProceedings of the 23rd Annual ACM Interaction Design and Children Conference10.1145/3628516.3655790(105-118)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3628516.3655790
Ibrahim AMcKee MSikos LJohnson N(2024)A Systematic Review of K-12 Cybersecurity Education Around the WorldIEEE Access10.1109/ACCESS.2024.339342512(59726-59738)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3393425
Briddick CBriggs PNicholson J(2024)Using Breach and Attack Demonstrations to Explain Spear Phishing Attacks to Young AdultsInformation Security Education - Challenges in the Digital Age10.1007/978-3-031-62918-1_5(65-80)Online publication date: 11-Jun-2024
https://doi.org/10.1007/978-3-031-62918-1_5
Show More Cited By

Recommendations

Understanding parents' perceptions of children's cybersecurity awareness in Norway
GoodIT '21: Proceedings of the Conference on Information Technology for Social Good

Children are increasingly using the internet nowadays. While internet use exposes children to various privacy and security risks, few studies have examined how parents perceive and address their children's cybersecurity risks. To address this gap, we ...
Survey results on adults and cybersecurity education

Cyberattacks and identity theft are common problems nowadays where researchers often say that humans are the weakest link the security chain. Therefore, this survey focused on analyzing the interest for adults for `cyber threat eduction seminars', e.g., ...
Cybersecurity, women and minorities: findings and recommendations from a preliminary investigation
ITiCSE -WGR '13: Proceedings of the ITiCSE working group reports conference on Innovation and technology in computer science education-working group reports

This paper presents the work done by the ACM ITiCSE, 2013 Conference Working Group (WG) on Cybersecurity, Women and Minorities: How to Succeed in the Career! The ITiCSE 2013 conference was held July 1-3, 2013, in Canterbury, United Kingdom. The overall ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

EuroUSEC '21: Proceedings of the 2021 European Symposium on Usable Security

October 2021

241 pages

ISBN:9781450384230

DOI:10.1145/3481357

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 December 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Engineering and Physical Sciences Research Council

Conference

EuroUSEC '21

EuroUSEC '21: European Symposium on Usable Security 2021

October 11 - 12, 2021

Karlsruhe, Germany

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
605
Total Downloads

Downloads (Last 12 months)207
Downloads (Last 6 weeks)12

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Currin FHourcade J(2024)Creating Personas of Parents of Young Children Based on Balancing PrioritiesProceedings of the 23rd Annual ACM Interaction Design and Children Conference10.1145/3628516.3655790(105-118)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3628516.3655790
Ibrahim AMcKee MSikos LJohnson N(2024)A Systematic Review of K-12 Cybersecurity Education Around the WorldIEEE Access10.1109/ACCESS.2024.339342512(59726-59738)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3393425
Briddick CBriggs PNicholson J(2024)Using Breach and Attack Demonstrations to Explain Spear Phishing Attacks to Young AdultsInformation Security Education - Challenges in the Digital Age10.1007/978-3-031-62918-1_5(65-80)Online publication date: 11-Jun-2024
https://doi.org/10.1007/978-3-031-62918-1_5
Williams OChoong YBuchanan KKelley PKapadia A(2023)Youth understandings of online privacy and securityProceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632208(399-416)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632208
Prior SRenaud K(2023)Who Is Best Placed to Support Cyber Responsibilized UK Parents?Children10.3390/children1007113010:7(1130)Online publication date: 29-Jun-2023
https://doi.org/10.3390/children10071130
Dixon MNicholson JBranley-Bell DBriggs PCoventry L(2022)Holding Your Hand on the Danger ButtonProceedings of the ACM on Human-Computer Interaction10.1145/35467306:MHCI(1-22)Online publication date: 20-Sep-2022
https://dl.acm.org/doi/10.1145/3546730
Prior SRenaud K(2022)The impact of financial deprivation on children’s cybersecurity knowledge & abilitiesEducation and Information Technologies10.1007/s10639-022-10908-w27:8(10563-10583)Online publication date: 1-Sep-2022
https://dl.acm.org/doi/10.1007/s10639-022-10908-w

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents