Technology used in exercise and lifestyle apps may hold the key to getting people to change their passwords and better protect their online privacy and data, according to research carried out by the University of Bath.
Over the past five years the cost of cyberattacks is reported to have risen by 67%, with the majority blamed on human error.
It is anticipated that three-quarters of businesses plan to address human factors in cyberattacks in the next three years in an attempt to mitigate this.
Taking inspiration from exercise and fitness apps that successfully nudge people to make behavioural change, researchers from the University of Bath and Goldsmiths, University of London are investigating whether a simple device that plugs in to a PC and signals when action is needed with gentle sound, lights or vibration could make the difference.
People routinely put off, ignore or forget cyber security measures such as changing passwords, updating privacy settings and locking computer screens.
And traditional cyber security training is failing to galvanise people to act on straightforward security measures.
University of Bath School of Management research associate Dr Emily Collins said: “Humans are the weak link in cyber security.
“We know that people feel overloaded with data breaches reported in the news and overwhelmed about what they should be doing to protect themselves. Many of us know we’re not on top of security, but translating that nagging worry into positive action just isn’t happening. It’s leaving us all open to serious security threats.”
The researchers hope the project, with funding from the Home Office via the National Cyber Security Programme, will help to build better habits through a subtle desktop reminder designed to gently nudge people into action without it becoming an annoyance or distraction.
Dr Collins added: “Work-based training on cybersecurity is generally very conventional, often just delivered as a one-off when people join an organisation. There’s scope to learn from health psychology to pinpoint what motivates people to take action to protect their cybersecurity. Our project recognises that people can respond to a gentle, well-timed nudge and is investigating the most effective way of doing that.”
The project, entitled Encouraging cyber security behaviour through gentle interventions: Can ambient displays support users in making more secure decisions? will use Adafruit Circuit Playgrounds boards, pictured above and left, which can be programmed to detect when people leave their desks for example and remind them to lock their screen through a sequence of lights, sounds or vibrations. 
The research team will create a working prototype with open-source code to be available to businesses later in the year. It could also be tailored for home use in the future.
Goldsmiths lecturer in computer science Dr Sarah Wiseman said: “The Adafruit Circuit Playgrounds are a fantastic opportunity to do some rapid prototyping with participants. The inbuilt functionality on the boards means that you don’t need much experience with electronics to take a concept from idea to reality.”
The research team, including Bath research associate Dr Joanne Hinds, pictured, right, with Dr Emily Collins, is inviting people to take part in a creative element of the study by drawing their cybersecurity concerns and solutions.
The findings will help the team to develop more innovative, creative ways to tackle cybersecurity problems. For more information, or to take part, visit https://tinyurl.com/yxluc6lf
