blackday - stock.adobe.com
Online safety message failing to get through to women
The security community could be doing a lot more to make its advice and guidance more accessible to women, according to a study
Despite being significantly more affected by discriminatory and hateful content or harassment online, cyber security and privacy advice is failing to cut through to women, with the end result that they tend to be less likely to take steps to protect themselves, according to research conducted at King’s College London (KCL) and the University of Westminster
Kovila Coopamootoo, a lecturer in computer science at KCL, and Madelene Ng, a lecturer in forensic psychology at the University of Westminster, found evidence of a significant gender gap in online safety advice and technology around how both men and woman seek out advice, and ultimately engage with security and privacy technology.
In their paper, Un-equal online safety? A gender analysis of security and privacy protection advice and behaviour patterns, they argue that current official digital safety advice and guidance available from the likes of Action Fraud or the National Cyber Security Centre (NCSC) tends not to be inclusive of women’s particular needs.
“Women make up over 50% of the population, yet they’re not able to effectively engage with digital safety advice, and security [and] privacy technologies,” said Coopamootoo.
“The stark gender gap in access and participation, evidenced in our research, highlights the gender norms at play in online safety and the role that gender identity plays in staying safe online.”
The researchers found a significant difference in how men and women access online safety advice. About 76% of woman said their go-to approach would be to seek guidance from family members or intimate social connections, compared with less than 24% of men, while 70% of men said they sought advice from online sources, versus only 38% of women.
While there is nothing inherently wrong or risky with seeking cyber security advice from family and friends, said the researchers, there is no guarantee that such advisors have any special knowledge or security skills themselves. They may, for example, inadvertently misinform, or resort to scaremongering or stereotypes.
Read more about the gender gap in IT
- Why should women in tech seek mentors, mentees and male allies – and avoid party planning? Some of the women at Splunk and its customers explained at .conf23.
- CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber.
- No single solution can increase diversity in the STEM sectors, says Science and Technology Committee, as it calls on government to take action.
Coopamootoo and Ng recommended that policymakers consider increasing their efforts towards ensuring the online advice ecosystem is inclusive of the various needs of women, above and beyond advice tailored for specific threat scenarios such as cyber abuse linked to controlling behaviour or domestic violence.
The design of such advice, they said, needs to be relevant to diverse women’s assessment and response to threats, and trustworthiness and a sense of emotional support need to be designed into digital advice, and even security and privacy technology – prior work has shown that communication that is preceded by emotional support is perceived as being of higher quality.
As an example, they said, the language used in online safety advice could be made more representative of the groups of women it is supposed to serve, as opposed to being overly technical.
Additionally, they said, online sources and priority advice should be standardised, and subject to a process of continuous revision, given the current threat landscape facing women.
Reliance on built-in protections
The study also found evidence that when they did use security and privacy-enhancing technologies, women expressed a tendency to rely on simple or built-in online protections, including privacy settings, security software updates and strong passwords, whereas men participating in the study tended to say they were more au fait with technologies such as firewalls, anti-spyware or anti-malware products, multi-factor authentication, VPNs, and web browsers such as Tor.
“We know from previous research in STEM that when it comes to technology, there are assumptions and stereotypes regarding gender,” said Coopamootoo. “Men are assumed to be more comfortable and fluent with tech, and therefore more skilled and knowledgeable, whereas women are thought to be less confident and more likely to need advice from those around them.
“This research stresses the need for a gender lens when it comes to assessing online safety opportunities, and whether they are configured for and serving the whole population, including women and girls,” she said.
“With online safety considered a social good and its equity advocated by international human rights organisations, we need action to bring about greater gender equity in online safety opportunities, access, participation and outcomes,” said Coopamootoo. “This requires re-envisaging the current models that don’t best serve women, so that we can make the online experience safer and fairer for everyone.”
The study’s findings were presented earlier in August at the 32nd Usenix Security Symposium in California, and the full paper and presentation slides are available to download on an Open Access basis.