The need for security behavior change is driven by various contexts, which operate on both micro and macro levels. These contexts include economic, social, individual, and political factors, all of which influence how individuals and organizations approach security. Let’s delve into examples of how these contexts drive the need for security behavior change, referencing Coles-Kemp’s work, Inclusive Security: Digital Security Meets Web Science.
Economic Context
The economic context plays a significant role in driving security behavior. For example, in a business setting, the cost of a security breach can be devastating, leading to financial loss, legal penalties, and damage to reputation. Organizations may invest in security technologies and training to prevent such losses, driving the need for behavior change among employees. On an individual level, the affordability of security tools, such as antivirus software or password managers, can influence whether individuals adopt secure practices. Economic disparities may lead to different levels of security awareness and behavior, with wealthier individuals or organizations being more likely to invest in comprehensive security measures.
Example: In a low-income community, individuals may share devices due to financial constraints, leading to increased security risks. Behavior change campaigns in such contexts may focus on low-cost or free security solutions, encouraging safer online practices despite economic limitations.
Social Context
Social factors are deeply intertwined with security behavior. The norms, values, and practices within a society or community can significantly influence how security is perceived and practiced. Social contexts include the collective habits, peer influences, and cultural norms that shape individual behaviors. For instance, in a workplace where sharing passwords is common practice, changing this behavior requires addressing the underlying social norms that make this practice acceptable.
Example: In some cultures, sharing devices and passwords among family members is seen as a sign of trust. A behavior change campaign in this context would need to navigate these cultural values, promoting security without undermining the importance of trust within the family.
Individual Context
The individual context refers to personal beliefs, values, and motivations that drive security behavior. Each person has unique priorities based on what they value most, such as privacy, convenience, or protection of personal information. Security behavior change often requires aligning secure practices with these personal values. For example, an individual who prioritizes convenience may be resistant to using complex passwords, so an effective intervention would need to address this by offering secure solutions that are also convenient.
Example: A busy professional might prioritize efficiency over security, using simple passwords to save time. A behavior change intervention could highlight the personal risks of this practice, such as identity theft, and offer practical tips for creating strong but memorable passwords.
Political Context
The political context includes legislation, regulations, and government policies that influence security behavior. For instance, data protection laws such as the General Data Protection Regulation (GDPR) in the European Union create a legal framework that organizations must comply with, driving the need for changes in security practices. Political campaigns and public awareness initiatives also shape public perceptions of security, influencing behavior on a larger scale.
Example: In countries with strict data protection laws, organizations are compelled to implement comprehensive security measures, such as encrypting sensitive data and training employees on data protection practices. This legal requirement drives behavior change across the organization, ensuring compliance with the law.
Integration of Contexts in Behavior Change
These contexts do not operate in isolation; they interact and influence one another. For example, a political context that enforces strict data protection laws may lead to economic investments in security technologies, which in turn shapes the social practices within an organization. Understanding this interplay is crucial for designing effective behavior change interventions that are sensitive to the specific contexts in which individuals and organizations operate.
Reference
The ideas discussed here are based on Lizzie Coles-Kemp’s work in Inclusive Security: Digital Security Meets Web Science (Web Science, 7(2), pp. 88–241). Coles-Kemp explores how digital security intersects with broader social and economic issues, highlighting the importance of inclusive security practices that consider the diverse contexts in which users interact with technology.
This reading emphasizes the need to understand the macro-level contexts that shape security behaviors, and how these contexts must be considered in any effort to change security practices.
We love to share our knowledge on current technologies. Our motto is ‘Do our best so that we can’t blame ourselves for anything“.