If you were approaching a cliff edge, or baiting a particularly volatile sibling, you wouldn’t ignore the warning signs (rocks tumbling into the abyss, your sister’s pupils dilating as she lunges for the nearest sharp object etc.). When it comes to visiting dodgy sites though, why do a shocking number of users ignore internet security warnings, even though it could put their personal information and businesses at risk?
SSL warnings pop up in your browser when you try to navigate to a site that doesn’t have great encryption, or if there’s a problem with the certificate authentication (i.e. the site might not be what it says it is). You’ve probably seen them and – statistically – you’ve probably ignored them. And unfortunately, these are not situations you want to find yourself in.
Despite this, a recent study from Google showed that 70% of Chrome users don’t pay any attention to the warnings that pop up in their browser. Firefox users, on the other hand, apparently are the other way round, with 70% sticking to the warnings – perhaps because traditionally Firefox is thought of as a browser for more security conscious users. Either way, with Chrome as one of the most popular systems – and a still concerning 30% of Firefox users ignoring warnings – it’s important to try and understand what’s happened.
The problem seems to be that we’re already so overloaded with info, that we don’t understand the information the warnings are telling us, and that they get in the way of writing emails/browsing crafts made by serial killers on Etsy/generally living our lives. To try and overcome this, Google found – with the help of a study from Carnegie Mellon University – that the way that information is presented is key.
Obviously, communicating the info in a clear, relatable way is important (when users are baffled by words like certificate authentication they’re more likely to go ‘I’ll deal with that later’ – which is code for ‘I’ll deal with that never’). The report suggested several things that warnings should do.
These included describing the risk and the effects it has, but also being concise and not too technical; if a user is going to see this as more than a distraction, it needs to have clear and immediate value to their life. The report says that it should also offer clear options. So, for example, “Continuing could result in your bank details being exposed – go back to safety”, is clear, concise and highlights the safest option.
Chrome 37 incorporated these rules into their pop ups, but didn’t find as big an improvement as expected. Instead, they found that what worked best in the end was changing the design elements rather than the text itself.
By steering users toward the safest option – like highlighting the safer choice in a bright colour, and making the unsafe choice hidden behind ‘advanced’ options etc. – they nearly doubled compliance. However, it’s still not getting everyone.
With new victims succumbing to threats every second, understanding how easy it is to fall prey to attackers is vital. It’s about team work – users need to educate themselves, and organisations also need to get the threats across in an easy-to-understand way. We now need to aim for 100% compliance, so that we’ll all be safer from the falling rocks and sharp objects that are threatening our online safety.
What do you think – what can organisations do to make sure users pay attention to the warning signs?
For more information on UKFast’s security solutions take a look at our website or give us a call on 0208 045 4945.