Social Network Self-Protection Model: What Motivates Users to Self-Protect?
DOI:
https://doi.org/10.13052/2245-1439.844Keywords:
Self-protective behavior, social networks, privacy concerns, surveillance concerns, information sensitivity, regulation, perceived threats, vulnerability, severityAbstract
Social networks are an indispensable activity for billions of users making them an attractive target for cyberattacks. There is however only scarce research on self-protection of individuals outside the organizational context. This study aims to address this gap by explaining what motivates individuals to self-protect on social networks. A survey (N = 274) has been conducted among Slovenian Facebook users to test the proposed social network selfprotection model. The results show that privacy concerns and perceived threats significantly affect user’s intention to self-protect. Descriptive norm only affects intention indirectly through perceived threats appearing to contradict a large body of research on behavioral intentions. “If others protect themselves, there must be a serious threat.” On the other hand, it also helps to explain why the direct effect of descriptive norm on security-related behavior is relatively small in other studies. Surveillance concerns, regulation and information sensitivity all significantly affect privacy concerns.Although privacy concerns are currently high due to the recent high-profile privacy-related scandals (e.g., Cambridge Analytica, Facebook, Google+), it may not affect the motivation of users to self-protect as they dealt with issues far beyond their control. Nevertheless, users with higher levels of privacy concerns than their peers may be more motivated to self-protect.1
Downloads
References
Fujs, D., Vrhovec, S., and Mihelic, A. (2018). What drives the motivation to self-protect on social networks? The role of privacy concerns and perceived threats. In Proceedings of the Central European Cybersecurity Conference 2018 – CECC 2018 (p. a11). New York, NY, USA: ACM. https://doi.org/10.1145/3277570.3277581
M. Shahriari, S. Haefele, and R. Klamma, “Using Content to Identify Overlapping Communities in Question Answer Forums,” J. Univers. Comput. Sci., vol. 23, no. 9, pp. 907–931, 2017.
A. Krouska, C. Troussas, and M. Virvou, “Comparative evaluation of algorithms for sentiment analysis over social networking services,” J. Univers. Comput. Sci., vol. 23, no. 8, pp. 755–768, 2017.
R. Rupnik, “Oblacna integracijska platforma kot koncept integracije za aplikacije in sisteme v kmetijstvu,” Elektroteh. Vestn. /Electrotech. Rev., vol. 85, no. 4, pp. 212–216, 2018.
Facebook, “Company Info,” Facebook Newsroom, 2018. [Online]. Available: https://newsroom.fb.com/company-info/.
I. Bernik and G. Mesko, “Internet study of familiarity with cyber threats and fear of cybercrime,” Rev. za kriminalistiko kriminologijo, vol. 62, no. 3, pp. 242–252, 2011.
S. Vrhovec, “Safe mobile device use in the cyberspace/Varna uporaba mobilnih naprav v kibernetskem prostoru,” Elektroteh. Vestn./Electrotech. Rev., vol. 83, no. 3, pp. 144–147, 2016.
T. TomaZic and N. B. Vilela, “Ongoing Criminal Activities in Cyberspace: From the Protection of Minors to the Deep Web,” Rev. za Kriminalistiko Kriminologijo, vol. 68, no. 4, pp. 412–423, 2017.
B. Japelj, “Crime in Slovenia in 2017,” Rev. za kriminalistiko kriminologijo, vol. 69, no. 2, pp. 67–99, 2018.
S. Thielman, “Yahoo hack: 1bn accounts compromised by biggest data breach in history,” The Guardian, New York, 2016.
P. Wisniewski, H. Xu, M. B. Rosson, and J. M. Carroll, “Parents Just Don’t Understand: Why Teens Don’t Talk to Parents about Their Online Risk Experiences,” in Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing – CSCW ’17, 2017, pp. 523–540.
A. Mihelic and S. Vrhovec, “A model of self-protection in the cyberspace/Model samozascite v kibernetskem prostoru,” Elektroteh. Vestn./Electrotech. Rev., vol. 85, no. 1–2, pp. 13–22, 2018.
A. Mihelic and S. Vrhovec, “Explaining the employment of information security measures by individuals in organizations: The self-protection model,” in Advances in Cybersecurity 2017, I. Bernik, B. Markelj, and S. Vrhovec, Eds. Maribor, Slovenia: University of Maribor Press, 2017, pp. 23–34.
G Burger, M. Pogacnik, and J. Guna, “Študijaorodij za sledenje pogleda na primeru študije meritve uporabniške izkušnje mobilne aplikacije 1,2,3 Ljubljana,” Elektroteh. Vestn./Electrotech. Rev., vol. 84, no. 4, pp.173–180, 2017.
C. Zhang, J. Sun, X. Zhu, and Y. Fang, “Privacy and Security for Online Social Networks: Challenges and Opportunities,” IEEE Netw., vol. 24, no. 4, pp. 13–18, 2010.
L. van Zoonen, “Privacy concerns in smart cities,” Gov. Inf. Q., vol. 33, no. 3, pp. 472–480, Jul. 2016.
S. Livingstone, “Taking risky opportunities in youthful content creation: teenagers’ use of social networking sites for intimacy, privacy and self-expression,” New Media Soc., vol. 10, no. 3, pp. 393–411, Jun. 2008.
S. R. Boss, D. F. Galletta, P. B. Lowry, G. D. Moody, and P. Polak, “What Do Systems Users Have to Fear? Using FearAppeals to Engender Threats and Fear that Motivate Protective Security Behaviors,” MIS Q., vol. 39, no. 4, pp. 837–864, 2015.
G. D. Moody, M. Siponen, and S. Pahnila, “Toward a Unified Model of Information Security Policy Compliance,” MIS Q., vol. 42, no. 1, pp. 285–311, 2018.
T. Herath and H. R. Rao, “Protection motivation and deterrence: a framework for security policy compliance in organisations,” Eur. J. Inf. Syst., vol. 18, no. 2, pp. 106–125, Apr. 2009.
A. C. Johnston and M. Warkentin, “Fear Appeals and Information Security Behaviors: An Empirical Study,” MIS Q., vol. 34, no. 3, pp. 549–566, 2010.
S. L. R. Vrhovec, “Challenges of mobile device use in healthcare,” in 39th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO 2016), 2016.
J. E. Maddux and R. W. Rogers, “Protection motivation theory and self-efficacy: A revised theory of fear appeals and attitude change,” J. Exp. Soc. Psychol., vol. 19, no. 5, pp. 469–479, 1983.
H. Liang and Y. Xue, “Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective,” J. Assoc. Inf. Syst., vol. 11, no. 7, pp. 394–413, 2010.
Y. Chen and F. M. Zahedi, “Individuals’ Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and China,” MIS Q., vol. 40, no. 1, pp. 205–222, 2016.
N. Thompson, T. J. McGill, and X. Wang, “Security begins at home’: Determinants of home computer and mobile device security behavior,” Comput. Secur., vol. 70, pp. 376–391, Sep. 2017.
D. Lee, R. Larose, and N. Rifon, “Keeping our network safe: a model of online protection behaviour,” Behav. Inf. Technol., vol. 27, no. 5, pp. 445–454, 2008.
S. K. Wurtele and J. E. Maddux, “Relative Contributions of Protection in Motivation Theory Components Predicting Exercise Intentions Behavior,” Heal. Psychol., vol. 6, no. 5, pp. 453–466, 1987.
M. Workman, W. H. Bommer, and D. Straub, “Security lapses and the omission of information security measures: A threat control model and empirical test,” Comput. Human Behav., vol. 24, no. 6, pp. 2799–2816, 2008.
M. Anwar, W. He, I. Ash, X. Yuan, L. Li, and L. Xu, “Gender difference and employees’ cybersecurity behaviors,” Comput. Human Behav., vol. 69, pp. 437–443, Apr. 2017.
B. Bulgurcu, H. Cavusoglu, and I. Benbasat, “Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness,” MIS Q., vol. 34, no. 3, pp. 523–548, 2018.
C. K. Georgiadis, N. Polatidis, H. Mouratidis, and E. Pimenidis, “A Method for Privacy-preserving Collaborative Filtering Recommendations,” J. Univers. Comput. Sci., vol. 23, no. 2, pp. 146–166, 2017.
H. Krasnova, S. Spiekermann, K. Koroleva, and T. Hildebrand, “Online Social Networks: Why We Disclose,” J. Inf. Technol., vol. 25, no. 2, pp. 109–125, Jun. 2010.
X. Tan, L. Qin, Y. Kim, and J. Hsu, “Impact of privacy concern in social networking web sites,” Internet Res., vol. 22, no. 2, pp. 211–233, 2012.
H. J. Smith, T. Dinev, and H. Xu, “Information Privacy Research: An Interdisciplinary Review,” MIS Q., vol. 35, no. 4, pp. 989–1015, 2011.
W. Hong and J. Y. L. Thong, “Internet Privacy Concerns: An Integrated Conceptualization and Four Empirical Studies,” MIS Q., vol. 37, no. 1, pp. 275–298, 2013.
T. Buchanan, C. Paine, A. N. Joinson, and U.-D. Reips, “Development of measures of online privacy concern and protection for use on the Internet,” J. Am. Soc. Inf. Sci. Technol., vol. 58, no. 2, pp. 157–165, Jan. 2007.
M. Lwin, J. Wirtz, and J. D. Williams, “Consumer online privacy concerns and responses: A power-responsibility equilibrium perspective,” J. Acad. Mark. Sci., vol. 35, no. 4, pp. 572–585, 2007.
T. Nam, “Untangling the relationship between surveillance concerns and acceptability,” Int. J. Inf. Manage., vol. 38, no. 1, pp. 262–269, 2018.
J. Fogel and E. Nehmad, “Internet social network communities: Risk taking, trust, and privacy concerns,” Comput. Human Behav., vol. 25, no. 1,pp. 153–160, 2009.
T. Sommestad, H. Karlzén, and J. Hallberg, “The sufficiency of the theory of planned behavior for explaining information security policy compliance,” Inf. Comput. Secur., vol. 23, no. 2, pp. 200–217, 2015.
R. N. Rimal and K. Real, “Understanding the Influence of Perceived Norms on Behaviors,” Commun. Theory, vol. 13, no. 2, pp. 184–203, May 2003.
P. Sheeran and S. Orbell, “Augmenting the Theory of Planned Behavior: Roles for Anticipated Regret and Descriptive Norms,” J. Appl. Soc. Psychol., vol. 29, no. 10, pp. 2107–2142, Oct. 1999.
I. Ajzen, “The theory of planned behavior,” Organ. Behav. Hum. Decis. Process., vol. 50, no. 2, pp. 179–211, Dec. 1991.
G. Bansal, F. M. Zahedi, and D. Gefen, “The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online,” Decis. Support Syst., vol. 49, no. 2, pp. 138–150, May 2010.
A. J. Rohm and G. R. Milne, “Just what the doctor ordered – The role of information sensitivity and trust in reducing medical information privacy concern,” J. Bus. Res., vol. 57, no. 9, pp. 1000–1011, Sep. 2004.
J. Wirtz, M. O. Lwin, and J. D. Williams, “Causes and consequences of consumer online privacy concern,” Int. J. Serv. Ind. Manag., vol. 18, no. 3–4, pp. 326–348, Aug. 2007.
T. Dinev, P. Hart, and M. R. Mullen, “Internet privacy concerns and beliefs about government surveillance – An empirical investigation,” J. Strateg. Inf. Syst., vol. 17, no. 3, pp. 214–233, Sep. 2008.
P. Ifinedo, “Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory,” Comput. Secur., vol. 31, no. 1, pp. 83–95, 2012.
C. L. Anderson and R. Agarwal, “Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions,” MIS Q., vol. 34, no. 3, pp. 613–643, 2010.
C. Dwyer, S. R. Hiltz, and K. Passerini, “Trust and Privacy Concern Within Social Networking Sites: A Comparison of Facebook and MySpace,” in AMCIS 2007 Proceedings, 2007, p. Paper 339.
J. T. Tarigan and E. M. Zamzami, “Post Cambridge Analytica fallout: Observing Facebook users awareness regarding data security,” Int. J. Eng. Technol., vol. 7, no. 3.32, pp. 123–126, 2018.
D. MacMillan and R. McMillan, “Google Exposed User Data, Feared Repercussions of Disclosing to Public,” The Wall Street Journal, 2018. [Online]. Available: https://www.wsj.com/articles/google-exposed-user-data-feared-repercussions-of-disclosing-to-public-1539017194. [Accessed: 08-Jan-2018].
T. Romm and C. Timberg, “Google reveals new security bug affecting more than 52 million users,” The Washington Post, 2018. [Online].Available: https://www.washingtonpost.com/technology/2018/12/10/google-reveals-new-security-bug-affecting-more-than-million-users/. [Accessed: 08-Jan-2018].
M. Bergen and J. Surane, “Google and Mastercard Cut a Secret Ad Deal to Track Retail Sales,” Bloomberg Technology, 2018. [Online]. Available: https://www.bloomberg.com/news/articles/2018-08–30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales. [Accessed: 08-Jan-2019].
E. Glazer, D. Seetharaman, and A. Andriotis, “Facebook to Banks: Give Us Your Data, We’ll Give You Our Users,” The Wall Street Journal, 2018. [Online]. Available: https://www.wsj.com/articles/facebook-to-banks-give-us-your-data-well-give-you-our-users-1533564049. [Accessed: 08- Jan-2018].
A. Perrin, “Americans are changing their relationship with Facebook,” Pew Research Center, 2018. [Online]. Available: http://www.pewresearch.org/fact-tank/2018/09/05/americans-are-changing-their-relationship-with-facebook/. [Accessed: 08-Jan-2018].
A. Zavrsnik, “Algoritmicno nadzorstvo: veliko podatkovje, algoritmi in druZbeni nadzor,” Rev. za kriminalistiko kriminologijo, vol. 68, no. 2, pp.135–149, 2017.
B. C. Welsh and D. P. Farrington, “Public Area CCTV and Crime Prevention: An Updated Systematic Review and Meta-Analysis,” Justice Q., vol. 26, no. 4, pp. 716–745, Dec. 2009.
A. Kojic, T. Hovelja, and D. Vavpotic, “Ogrodje za izboljsanje pro- cesov razvoja informacijskih sistemov z uporabo hevristik za izboljsave splosnih poslovnih procesov,” Elektroteh. Vestn./Electrotech. Rev., vol. 83, no. 1–2, pp. 47–53, 2016.