Abstract
Accessing public Wi-Fi networks can be as dangerous as it is convenient. People who access a public Wi-Fi network should engage in self-protective behaviors to keep their data safe from malicious actors on the same network as well as persons looking over their shoulder, literally and proverbially. Using two independent research designs, we examined under what circumstances were people more likely to access an unsecured Wi-Fi network and engage in risky behavior on these networks. Findings from the first study, based on survey data, reveal that people who are more situationally aware are less likely to access personal accounts on public Wi-Fi and more likely to cover their screen to prevent others from viewing personal information. Additionally, findings show that people with higher computer proficiencies are less likely to engage with public Wi-Fi. For the second study, our research team designed and deployed honeypot Wi-Fi networks. We found that people are more likely to access these unsecured, rogue networks in establishments with fewer on-duty employees and that do not offer legitimate public Wi-Fi. Additionally, the number of on-duty employees is associated with an increase in physical security behaviors, such as concealing a screen. We conclude by discussing how these findings can aid in reducing susceptibility to online victimization.
Similar content being viewed by others
References
Anderson, Catherine L., and Ritu Agarwal. 2010. Practicing safe computing: A multimedia empirical examination of home computer user security behavioral intentions. MIS Quarterly 34 (3): 613–643. https://doi.org/10.2307/25750694.
Bachman, Ronet, Linda E. Saltzman, Martie P. Thompson, and Dianne C. Carmody. 2002. Disentangling the effects of self-protective behaviors on the risk of injury in assaults against women. Journal of Quantitative Criminology 18 (2): 135–157. https://doi.org/10.1023/A:1015254631767.
Balebako, Rebecca, Pedro G. Leon, Hazim Almuhimedi, Patrick Gage Kelley, Jonathan Mugan, Alessandro Acquisti, Lorrie Faith Cranor, and Norman Sadeh. 2011. Nudging users towards privacy on mobile devices. In Proceedings of CHI 2011 Workshop on Persuasion, Nudge, Influence and Coercion, Lincoln UK, July 2015. https://doi.org/10.1145/2783446.2783588.
Burruss, George, Christian Jordan Howell, Adam Bossler, and Thomas J. Holt. 2019. Self-perceptions of English and Welsh constables and sergeants preparedness for online crime. Policing: An International Journal 43 (1): 105–119. https://doi.org/10.1108/PIJPSM-08-2019-0142.
Brudy, Frederik, David Ledo, Saul Greenberg, and Andreas Butz. 2014. Is anyone looking? mitigating shoulder surfing on public displays through awareness and protection. In Proceedings of The international symposium on pervasive displays, Copenhagen DK, June 2014. https://doi.org/10.1145/2611009.2611028.
Chen, Yan, and Fatemeh Mariam Zahedi. 2016. Individuals’ internet security perceptions and behaviors: Polycontextual contrasts between the United States and China. MIS Quarterly 40 (1): 205–222. https://doi.org/10.25300/MISQ/2016/40.1.09.
Clarke, Ronald V. 1983. Situational crime prevention: Its theoretical basis and practical scope. Crime and Justice 4: 225–256. https://doi.org/10.1086/449090.
Clarke, Ronald V. 1995. Situational crime prevention. Crime and Justice 19: 91–150. https://doi.org/10.1086/449230.
Clarke, Ronald V. 1980. Situational crime prevention: Theory and practice. The British Journal of Criminology 20 (2): 136–147. https://doi.org/10.1093/oxfordjournals.bjc.a047153.
Clarke, Ronald. 1997. Situational crime prevention. Guilderland, NY: Harrow and Heston Publishing.
Clarke, Ronald, and Ross Homel. 1997. A revised classification of situational crime prevention techniques. In Crime prevention at a crossroads, ed. S.P. Lab. Cincinnati, OH: Anderson Publishing.
Cockerill, Aaron. 2015. Surprising new research: three-quarters of IT leaders have experienced a mobile data breach. Lookout, Oct 5. https://blog.lookout.com/mobile-data-breach-report.
Cohen, Lawrence E., and Marcus Felson. 1979. Social change and crime rate trends: A routine activity approach. American Sociological Review 44 (4): 588–608. https://doi.org/10.2307/2094589.
Conti, Mauro, Nicola Dragoni, and Viktor Lesyk. 2016. A survey of man in the middle attacks. IEEE Communications Surveys & Tutorials 18 (3): 2027–2051. https://doi.org/10.1109/COMST.2016.2548426.
Cukier, Michel. 2007. Study: Hackers attack every 39 seconds. https://eng.umd.edu/news/story/study-hackers-attack-every-39-seconds.
Douglas, Stephen, and Brandon C. Welsh. 2020. Place managers for crime prevention: The theoretical and empirical status of a neglected situational crime prevention technique. Crime Prevention and Community Safety. https://doi.org/10.1057/s41300-020-00089-4.
Eiband, Malin, Mohamed Khamis, Emanuel Von Zezschwitz, Heinrich Hussmann, and Florian Alt. 2017. Understanding shoulder surfing in the wild: Stories from users and observers. In Proceedings of the 2017 CHI conference on human factors in computing systems, Denver CO, May 2017. https://doi.org/10.1145/3025453.3025636.
Endsley, Mica R. 1995. Toward a theory of situation awareness in dynamic systems. Human Factors 37 (1): 32–64. https://doi.org/10.1518/001872095779049543.
Fissel, Erica R. 2018. The reporting and help-seeking behaviors of cyberstalking victims. Journal of Interpersonal Violence. https://doi.org/10.1177%2F0886260518801942.
Guerette, Rob T., and Shannon A. Santana. 2010. Explaining victim self-protective behavior effects on crime incident outcomes: A test of opportunity theory. Crime & Delinquency 56 (2): 198–226. https://doi.org/10.1177/0011128707311644.
Halpern, David. 2015. Nudging for good—David Halpern and Owain Service. https://www.bi.team/blogs/nudging-for-good-david-halpern-and-owain-service/
Herath, Tejaswini, and H. Raghav Rao. 2009. Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems 18 (2): 106–125. https://doi.org/10.1057/ejis.2009.6.
Holt, Thomas J., and Adam M. Bossler. 2014. An assessment of the current state of cybercrime scholarship. Deviant Behavior 35 (1): 20–40. https://doi.org/10.1080/01639625.2013.822209.
Howell, Christian J., David Maimon, John K. Cochran, Hattie M. Jones, and Ráchael. A. Powers. 2017. System trespasser behavior after exposure to warning messages at a Chinese computer network: An examination. International Journal of Cyber Criminology 11 (1): 63–77.
Honan, Brian. 2012. Visual Data security white paper. https://multimedia.3m.com/mws/media/950026O/secure-white-paper.pdf.
Jacques, Scott. 2019. Which source possesses the best data on the empirical aspects of criminal events? A theory of opportunity and necessary conditions. Deviant Behavior 40 (12): 1543–1552. https://doi.org/10.1080/01639625.2018.1559635.
Klasnja, Predrag, Sunny Consolvo, Jaeyeon Jung, Benjamin M. Greenstein, Louis LeGrand, Pauline Powledge, and David Wetherall. 2009. "When I am on Wi-Fi, I am fearless" privacy concerns & practices in eeryday Wi-Fi use. In Proceedings of the SIGCHI conference on human factors in computing systems, Boston MA, April 2009. https://doi.org/10.1145/1518701.1519004.
Klein, Gary A. 1989. Recognition primed decisions. In Advances in man-machine system research, ed. W.B. Rouse, 47–92. Greenwich, CT: JAI Press.
Krebs, Brian. 2012. FBI: Updates over public 'Net Access = Bad Idea. Retrieved from https://krebsonsecurity.com/2012/05/fbi-updates-over-public-net-access-bad-idea/.
Maimon, David, Mariel Alper, Bertrand Sobesto, and Michel Cukier. 2014. Restrictive deterrent effects of a warning banner in an attacked computer system. Criminology 52 (1): 33–59. https://doi.org/10.1111/1745-9125.12028.
Madensen, Tamar D. 2007. Bar management and crime: Toward a dynamic theory of place management and crime hotspots. Dissertation. Cincinnati, OH: University of Cincinnati.
Marron, Donald. 2015. Obama's nudge brigade: White House embraces behavioral sciences to improve government. https://www.forbes.com/sites/beltway/2015/09/16/obama-nudge-government/#745d3fbc2c99.
Newman, Graeme, and Ronald Clarke. 2003. Superhighway robbery: Preventing e-commerce crime. Devon, UK: Willan Publishing. https://doi.org/10.4324/9781843924876.
Nobles, Matt R., Bradford W. Reyns, Kathleen A. Fox, and Bonnie S. Fisher. 2014. Protection against pursuit: A conceptual and empirical comparison of cyberstalking and stalking victimization among a national sample. Justice Quarterly 31 (6): 986–1014. https://doi.org/10.1080/07418825.2012.723030.
Norton. 2017. Norton WiFi risk report: Report of online survey results in 15 global markets, Mountain View, California: Symantec. https://www.primo-europe.eu/wp-content/uploads/2017/07/2017-norton-wifi-risk-report-global-results-summary-en.pdf.
Raudenbush, Stephen W., and Anthony S. Bryk. 2002. Hierarchical linear models: Applications and data analysis methods. Thousand Oaks: Sage Publication.
Reyns, Bradford W. 2010. A situational crime prevention approach to cyberstalking victimization: Preventive tactics for Internet users and online place managers. Crime Prevention and Community Safety 12 (2): 99–118. https://doi.org/10.1057/cpcs.2009.22.
Rouge, Phoebe. 2017. Researchers find bug in Wi-Fi network encryption. https://www.ftc.gov/tips-advice/business-center/privacy-and-security/data-security.
Rozee, Patricia D., and Mary P. Koss. 2001. Rape: A century of resistance. Psychology of Women Quarterly 25 (4): 295–311. https://doi.org/10.1111/1471-6402.00030.
Sheridan, Lorraine P., and Tim Grant. 2007. Is cyberstalking different? Psychology, Crime & Law 13 (6): 627–640. https://doi.org/10.1080/10683160701340528.
Smith, Kip, and Peter A. Hancock. 1995. Situation awareness is adaptive, externally directed consciousness. Human Factors 37 (1): 137–148. https://doi.org/10.1518/001872095779049444.
Ullman, Sarah E. 1997. Review and critique of empirical studies of rape avoidance. Criminal Justice and Behavior 24 (2): 177–204. https://doi.org/10.1177/0093854897024002003.
Ullman, Sarah E. 2007. A 10-year update of “review and critique of empirical studies of rape avoidance.” Criminal Justice and Behavior 34 (3): 411–429. https://doi.org/10.1177%2F0093854806297117.
Watts, Steve. 2016. Secure authentication is the only solution for vulnerable public wifi. Computer Fraud & Security 2016 (1): 18–20. https://doi.org/10.1016/S1361-3723(16)30009-4.
Welsh, Brandon C., Mark E. Mudge, and David P. Farrington. 2010. Reconceptualizing public area surveillance and crime prevention: Security guards, place managers and defensible space. Security Journal 23 (4): 299–319. https://doi.org/10.1057/sj.2008.22.
Worsley, Joanne D., Jacqueline M. Wheatcroft, Emma Short, and Rhiannon Corcoran. 2016. Victim’s voices: Understanding the emotional impact of cyberstalking and individual’s coping responses. Sage Open. https://doi.org/10.1177%2F2158244017710292.
Wright, Ryan T., Matthew L. Jensen, Jason Bennett Thatcher, Michael Dinger, and Kent Marett. 2014. Research note—Influence techniques in phishing attacks: An examination of vulnerability and resistance. Information Systems Research 25 (2): 385–400. https://doi.org/10.1287/isre.2014.0522.
Wright, Ryan T., and Kent Marett. 2010. The influence of experiential and dispositional factors in phishing: An empirical investigation of the deceived. Journal of Management Information Systems 27 (1): 273–303. https://doi.org/10.2753/MIS0742-1222270111.
Xiao, Bo., and Izak Benbasat. 2011. Product-related deception in e-commerce: A theoretical perspective. MIS Quarterly 35 (1): 169–196. https://doi.org/10.2307/23043494.
Zafft, Andrew, and Emmanuel Agu. 2012. Malicious WiFi networks: A first look. In 37th annual IEEE conference on local computer networks-workshops, Clearwater FL, October 2012. https://doi.org/10.1109/LCNW.2012.6424041
Ziegenhagen, Eduard A., and Dolores Brosnan. 1985. Victim responses to robbery and crime control policy. Criminology 23 (4): 675–695. https://doi.org/10.1111/j.1745-9125.1985.tb00369.x.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Maimon, D., Howell, C.J., Jacques, S. et al. Situational awareness and public Wi-Fi users’ self-protective behaviors. Secur J 35, 154–174 (2022). https://doi.org/10.1057/s41284-020-00270-2
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1057/s41284-020-00270-2