Training and Embedding Cybersecurity Guardians in Older Communities

Inclusive Design

Collaborators Northumbria University, University of Sunderland

Abstract

This paper reports on an initiative which recruited, trained, and supported older adults to become community cybersecurity educators (CyberGuardians), tasked with promoting cybersecurity best practice.

Method

This initiative utilised an embedded peer-to-peer information dissemination strategy, rather than expert-to-citizen.

Takeaways

Through peer-to-peer learning over the course of nine month - 14 trained CyberGuardians went on to disseminate good quality cybersecurity information to approximately 820 people.

Older adults can struggle to access relevant community expertise when faced with new situations. One such situation is the number of cyberattacks they may face when interacting online. This paper reports on an initiative which recruited, trained, and supported older adults to become community cybersecurity educators (CyberGuardians), tasked with promoting cybersecurity best practice within their communities to prevent older adults falling victim to opportunistic cyberattacks.

This initiative utilised an embedded peer-to-peer information dissemination strategy, rather than expert-to-citizen, facilitating the inclusion of individuals who would ordinarily be unlikely to seek cybersecurity information and thus may be vulnerable to cyberattacks.

The training was a collection of interactive workshops with presentations, live demonstrations such as password cracking, and hands-on activities such as a phishing test. The main topics covered had been identified by the group themselves, as well as existing literature, and focused on password management, scam detection and protective software.

Informal advice was effective

People typically do not openly discuss cybersecurity, which ultimately leads to lower awareness and can facilitate attacks. The CyberGuardians were able to share their own changes in behaviour both as peers and as an authority simultaneously, which helped cybersecurity chat become normalised within these communities.

Informal opportunistic advice was common as a way of sharing cybersecurity best practice into the community – both young and old. This approach increases the likelihood of reaching older citizens who would otherwise not have access to this information – i.e. those that are less inclined to attend training sessions.

Peer-to-peer learning

The CyberGuardians discussed cybersecurity advice and information with approximately 470 unique citizens. Additionally, the citizens who spoke with the CyberGuardians reported discussing this advice and information with a further 350 people. In total, this means the 14 CyberGuardians disseminated good quality cybersecurity information to approximately 820 people in nine months.

Cybersecurity awareness does not guarantee protection from cyber attacks, however many of the citizens improved their password and phishing behaviours (this data is still to be properly analysed) and there was evidence of open communications between citizens and the CyberGuardians. Being open about scams and security means that citizens have peers who they can turn to for help if needed, but perhaps more importantly they can be aware of potential threats that they wouldn’t be otherwise.