SoS Musings - Cybersecurity for Underserved Populations

By grigby1 

The increasing prevalence of mobile devices has contributed to the reduction of the digital divide. However, as the use of digital services becomes more common, a new division has arisen between individuals who possess the ability to effectively handle and minimize cybersecurity risks and those who do not. Malicious cyber operations are growing in sophistication, scale, and frequency. They are also further compounding existing disparities in access to education, healthcare, economic opportunities, and democratic engagement. When these fundamental elements of society experience instability, both national and global communities suffer. Cyberattacks can cause significant consequences for vulnerable communities, including low-income families, communities of color, military veterans, individuals with disabilities, and immigrant communities.

The University of California, Berkeley (UC Berkeley) Center for Long-Term Cybersecurity (CLTC) published a paper titled "Improving Cybersecurity Awareness in Underserved Populations" that delves into the elevated vulnerability of certain groups in San Francisco, such as low-income residents, seniors, and foreign language speakers, to cyberattacks. Ahmad Sultan, a graduate of UC Berkeley's Goldman School of Public Policy, collaborated with San Francisco officials to explore cybersecurity awareness among underserved residents. The paper aims to help officials in other cities in gaining a better understanding of the vulnerability of underserved populations and to offer suggestions for city-led training programs and other initiatives that can effectively address this cybersecurity challenge. The study discovered that individuals in marginalized communities exhibit lower awareness regarding whether they have fallen victim to a cyberattack and possess less understanding of cybersecurity risks and practices. Consequently, they are also less inclined to utilize crucial online services, such as banking, health services, educational programs, and other resources, which may result in them experiencing economic setbacks. Online crime, phishing, computer or phone viruses, and anti-virus software were unfamiliar to 20 percent, 21 percent, 26 percent, and 31 percent of underserved residents, respectively. Underserved residents lack confidence in their online security-related abilities and just rely on technology companies to protect their data. Cyber scams have victimized many underserved residents, and many have been scammed multiple times. Many respondents could not comment on cybercrime effects because they did not understand cybersecurity. Those who claimed to be confident about their ability to protect themselves often do not take basic security precautions to justify their confidence. Many underserved foreign language speakers struggle to find cybersecurity resources in their language and do not know which ones to trust. Residents often get incomplete information from friends and family. Cyber hygiene questions showed they lack skill and motivation to follow best practices such as using complex passwords for online accounts and being cautious when reading and responding to emails.

Fawn Ngo, an associate professor at the University of South Florida (USF) College of Behavioral and Community Sciences, explored the availability and accessibility of cybersecurity information and resources for non-English speakers. The paper, "Cyber Hygiene and Cyber Victimization Among Limited English Proficiency (LEP) Internet Users: A Mixed-Method Study," is co-authored by Katherine Holman, a USF graduate student and former Georgia state prosecutor, and Anurag Agarwal, a professor of information systems, analytics, and supply chain at Florida Gulf Coast University. Their research focused on Spanish and Vietnamese speakers. LEP Internet users were found to be limited by a lack of culturally and linguistically appropriate resources, which also hinders the accurate collection of cyber victimization data from vulnerable populations. The most effective educational tools and reporting forms accessible online are only available in English. One example is the website for the Internet Crime Complaint Center (IC3), the Federal Bureau of Investigation's (FBI) primary tool for combating cybercrime. The study found that many well-intentioned LEP users still use unsecured networks, share passwords, and engage in other risky online behaviors. For example, only 29 percent of focus group participants avoided public Wi-Fi in the past 12 months, and only 17 percent had anti-virus software on their devices. Ngo's paper cited previous research showing that underserved populations have poorer cybersecurity knowledge and outcomes, including computer viruses and hacked social media accounts. Ngo also said that this is often due to a lack of awareness and understanding, not disinterest. She emphasized the importance of providing cyber hygiene information and resources in different formats, such as visual aids and audio guides, to accommodate LEP communities' diverse literacy levels. In one such effort, Ngo is developing a website with cybersecurity resources in multiple languages and a link to report incidents. There is a need for more research to close the security gap and ensure Internet users have equal access to cybersecurity resources.

The UC Berkeley CLTC report on the importance of improving cybersecurity awareness in underserved populations highlighted additional recommendations to help mitigate the cybersecurity challenge. City leaders should assess community cybersecurity awareness and provide targeted trainings. It is important to continue conducting surveys and informational workshops to understand what residents want to learn, where knowledge gaps exist, and what trainings are most effective. Leaders should work with low-income, LEP, senior, and other underserved community organizations. In addition to trainings, the report suggested creating self-teaching materials that are reliable and easy-to-understand. Leaders are advised to partner with security experts to create more cybersecurity advice websites and other online tools that can answer basic information security questions. Chatbots is one example of a tool suggested to answer core cybersecurity questions in multiple languages and provide step-by-step instructions based on best practices.

We must increase efforts to provide cybersecurity education, training, and other accessible materials to underserved communities and diverse populations with limited resources. Equity in cybersecurity knowledge and resources contributes to enhanced global cybersecurity. 

To see previous articles, please visit the Science of Security Musings Archive.

Submitted by Gregory Rigby on