"Why Computer Security Advice Is More Confusing Than It Should Be"
A new study identifies a key issue with developing computer security guidelines and outlines basic steps that would likely make computers safer. This research puts the computer security guidelines provided to employees by businesses and government agencies under the microscope. These guidelines are supposed to help employees protect personal and employer data as well as minimize the risks associated with threats such as malware and phishing. Brad Reaves, corresponding author of the new study and assistant professor of computer science at North Carolina State University, has observed that some of the online computer security advice he has read is confusing, misleading, or incorrect. The research looked into who is developing these guidelines, what they have based their guidance on, their process, and areas of improvement. Researchers conducted 21 in-depth interviews with professionals responsible for writing the computer security guidelines used by organizations. The main takeaway is that the people who develop these guidelines aim to provide as much information as possible, which is good in theory, but the writers do not prioritize the most crucial suggestions, or they do not deprioritize the less important points. This article continues to discuss key points and findings from the study of computer security advice.