Skip navigation links

May 20, 2015

Online safety: If you want something done right, do it yourself

When it comes to keeping online information safe from hackers and other criminals, it’s up to the individual user to keep his or her data secure.

Unfortunately, many Internet users don’t take that responsibility seriously, thinking that’s the job of the Internet provider or even the company that manufactured their computer.

The end-user is often the “weakest link” in the Internet safety chain, said Saleem Alhabash, a Michigan State University faculty member who is part of a team that researches ways of making the Web safer for its users.

The team’s conclusion: Internet users have to take personal responsibility for their safety and security. This includes taking the necessary steps to learn how it can be done.

“If somebody can say, ‘yeah, it’s my responsibility, no one is going to do it for me,’ then they are more likely to be more motivated to try and do it,” Alhabash said.

Another problem is many people are leery of the technology and feel they don’t have the know-how to enact safety features.

"What's interesting is those who said they didn't know much about online safety were willing to learn and be more careful,” said Ruth Shillair, a doctoral student in the Department of Media and Information who is lead author of a recently published paper by the College of Communication Arts and Sciences’ Online Security Team. "Many of those who said they knew a lot about online safety actually had poor safety habits, taking needless risks. "

But can someone be taught personal responsibility? “It isn’t something you can easily teach,” said Nora Rifon, a professor of advertising and public relations and a member of the research team. “It’s an attitude that needs to be encouraged.”

People need to realize, the researchers said, that their actions, or inactions, can affect more than just themselves but the entire corporation or institution for which they work.

Organizations can help by providing the proper training for its staff. This includes offering employees what they call “vicarious” learning experiences.

“Using this method, a person not only watches someone else do it, they try it themselves,” Rifon said. “They also have to tailor the intervention to the level of knowledge and responsibility of the person.”

It’s estimated that global Internet security breaches result in losses of more than $400 billion a year.

This research was published in the journal Computers in Human Behavior. For a copy of the paper, please visit


By: Tom Oswald

Media Contacts