Politeness in security directives

Numerous studies demonstrate the significant impact of human behaviour on the cybersecurity of a company or organization. The human aspect behind protecting security breaches cannot be overlooked. Humans often act as a firewall on the first line of defence in the computer network cybersecurity experts try to preserve, and hackers try to destroy. Therefore, training and instructions are directed towards employees to sensitize them towards proper behaviours. Although the goal is to increase the visibility of certain questionable behaviours and get employees to comply with directives, the increase in security breaches caused by humans appears to demonstrate significant shortcomings.

Researchers House and Giordano (2020) focus mainly on the human elements related to security communications and analyze the intention of users to comply or not with the directives given to them. Specifically, the study in question explores the effects of politeness and rudeness on the intention to comply with safety guidelines. The researchers experimented on guidelines for setting up a secure browser using different ways of communicating information to participants over the Internet. Participants (N = 224) were randomly assigned to various communications, receiving written communications/instructions via explanatory pictures or videos. Communications/directives were also divided between polite and rude to measure the effect. Different variables were linked to the questionnaires’ results: 1) the perception of media richness in the message 2) perception of the mental workload 3) the intention to comply 4) credibility.

Briefly, here are the results of the analyzes carried out:

The results emerging from the global model indicate that perceived media richness had a negative influence on perceived mental workload. On the other hand, mental workload appears to lead to a decrease in intention to comply with safety guidelines. Surprisingly, there were no significant differences between the groups who received polite and rude text and text/image directive/communication scripts. However, there was a significant difference between polite and rude groups for the groups that received the videos in the relationship between perceived media wealth and intention to comply with safety guidelines. Moreover, the richer communications seem to increase the perception of the amount of information transmitted, which appears to impact understanding and compliance.

To cite: House, D. et Giordano, G. (2020). Politeness in security directives: Insights in browser compliance for the human element. Computers & Security. https://doi.org/10.1016/j.cose.2020.102007