James Nicholson

Spreading cybersecurity best practice in communities

“A lot of individuals rely on others for cyber security support, but it tends to be a reactive way of seeking information. Proactive discussion is key.”

Summary

• People heavily rely on others for security information sharing and advice; in fact, many citizens do not have the privilege to learn about cyber security best practices at work, hence relying on others for sense-making. However, security and privacy are not typically discussed openly and proactively in a conversation.

• Instead of the expert-to-citizen approach, the CyberGuardian Initiative adopted a peer-to-peer information dissemination strategy. 14 CyberGuardians were trained about security topics on passwords, scams and protective software, which were then shared directly to 470 citizens. Opportunistic informal sharing seems to be the most effective way of sharing cyber security information with peers. Relatability and informality are the critical success of this initiative.

More about James

James is a Lecturer at the Department of Computer and Information Sciences at Northumbria University. His recent work focuses on improving the cybersecurity awareness and behaviours of communities through embedding knowledgeable peers to encourage open discussions around security and serve as behaviour change role models. James has also developed tools and methodologies for uncovering and understanding employees’ mental models of security threats with the aim of improving training programmes and/or organisational policies, as well as practical means for improving users’ protection against these security threats (e.g. phishing).