Skip to main content
SpringerLink
Log in

An Examination of Gain- and Loss-Framed Messaging on Smart Home Security Training Programs

  • Published:
Information Systems Frontiers Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) has gained popularity among home consumers due to its characteristics related to automation, information gathering, and purported physical security benefits. In an effort to capitalize on an expanding market, IoT developers have rushed products to market without proper due diligence regarding device cybersecurity. By being more focused on the utility and convenience of IoT devices without being concerned about their devices’ inherent security flaws, consumers may be unwittingly putting themselves at risk. Gain- and loss-framed messaging has been an extensively studied form of persuasive communication in other research fields but has not been previously examined in the context of information security research. Using an experimental design, we assess the efficacy of applying gain- and loss-framed principles to a security education training and awareness (SETA) program designed to bolster IoT users’ concerns related to pertinent IoT-based threats and provide information about their corresponding countermeasures. We found that for consumers with low initial IoT security concerns, loss-framed messaging is more effective in increasing security concerns. For consumers with higher initial concerns, messages focusing on desirable outcomes, regardless of an overall gain- or loss-framed message valence, are effective at increasing IoT security concerns.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. https://www.statista.com/statistics/682204/global-smart-home-market-size/, accessed on September 9, 2018

  2. https://www.cpomagazine.com/cyber-security/new-study-highlights-iot-security-and-privacy-flaws-in-popular-off-the-shelf-devices/, accessed on May 26, 2019

  3. https://www.symantec.com/connect/blogs/mirai-what-you-need-know-about-botnet-behind-recent-major-ddos-attacks, accessed on June 11, 2019

References

  • Alam, M. R., Reaz, M. B. I., & Ali, M. A. M. (2012). A review of smart homes – Past, present, and future. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 42(6), 1190–1203.

    Article  Google Scholar 

  • Ali, B., & Awad, A. (2018). Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors, 18(3), 817.

    Article  Google Scholar 

  • Anderson, C. L., & Agarwal, R. (2010). Practicing safe computing: A multimedia empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34(3), 613–643.

    Article  Google Scholar 

  • Anderson, M., & Olmstead, K. (2017). Many smartphone owners don’t take steps to secure their devices. Retrieved September 9, 2018, from http://www.pewresearch.org/fact-tank/2017/03/15/many-smartphone-owners-dont-take-steps-to-secure-their-devices/

  • Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304–312.

    Article  Google Scholar 

  • Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.

    Article  Google Scholar 

  • Balta-Ozkan, N., Davidson, R., Bicket, M., & Whitmarsh, L. (2013). Social barriers to the adoption of smart homes. Energy Policy, 63, 363–374.

    Article  Google Scholar 

  • Bandura, A. (1986). Social foundations thought and behaviour: Social cognitive theory. Englewood-Cliffs: Prentice-Hall.

    Google Scholar 

  • Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90–101.

    Article  Google Scholar 

  • Crump, M. J., McDonnell, J. V., & Gureckis, T. M. (2013). Evaluating Amazon’s Mechanical Turk as a tool for experimental behavioral research. PloS One, 8(3), e57410.

    Article  Google Scholar 

  • Dhillon, G. (1999). Managing and controlling computer misuse. Information Management & Computer Security, 7(4), 171–175.

    Article  Google Scholar 

  • Dillard, J. P., & Marshall, L. J. (2003). Persuasion as a social skill. In Handbook of communication and social interaction skills (pp. 479–513). Mahwah: Lawrence Erlbaum Associates Publishers.

  • Dorsemaine, B., Gaulier, J.-P., Wary, J.-P., Kheir, N., & Urien, P. (2015). Internet of things: A definition & taxonomy. 2015 9th international conference on Next Generation Mobile Applications, Services and Technologies (pp. 72–77). Cambridge: IEEE.

  • Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications, 111(7),1–7.

  • Folk, C., Hurley, D. C., Kaplow, W. K., & Payne, J. F. (2015). The security implications of the internet of things. Fairfax: AFCEA International Cyber Committee.

    Google Scholar 

  • Furnell, S., Bryant, P., & Phippen, A. D. (2007). Assessing the security perceptions of personal internet users. Computers & Security, 26(5), 410–417.

    Article  Google Scholar 

  • Geels, F. W. (2005). Processes and patterns in transitions and system innovations: Refining the co-evolutionary multi-level perspective. Technological Forecasting and Social Change, 72(6), 681–696.

    Article  Google Scholar 

  • Gerend, M. A., & Sias, T. (2009). Message framing and color priming: How subtle threat cues affect persuasion. Journal of Experimental Social Psychology, 45(4), 999–1002.

    Article  Google Scholar 

  • Giusto, D. (2010). In A. Lera, G. Morabito, & L. Atzori (Eds.), The internet of things. New York City: Springer.

  • Guttman, B., & Roback, E. A. (1995). An introduction to computer security: The NIST handbook. DIANE Publishing(NIST SP) - 800-12. Available at: https://www.nist.gov/publications/introduction-computer-security-nist-handbook. Accessed 12 Dec 2019.

  • Intelligence, S. C. B. (2008). Disruptive civil technologies–six technologies with potential impacts on us interests out to 2025 Cr 2008-07.–34 S., 1 Abb., 6 Tab., 6 Anh. Washington, DC: National Intelligence Council.

    Google Scholar 

  • Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34, 549–566.

    Article  Google Scholar 

  • Johnston, A. C., Warkentin, M., & Siponen, M. T. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113–134.

    Article  Google Scholar 

  • Kopetz, H. (2011). Internet of things, Real-time systems. Springer (pp. 307–323). New York City: Springer.

  • Kritzinger, E., & von Solms, S. H. (2010). Cyber security for home users: A new way of protection through awareness enforcement. Computers & Security, 29(8), 840–847.

    Article  Google Scholar 

  • Landers, R. N., & Behrend, T. S. (2015). An inconvenient truth: Arbitrary distinctions between organizational, Mechanical Turk, and other convenience samples. Industrial and Organizational Psychology, 8(2), 142–164.

    Article  Google Scholar 

  • Laszka, A., Johnson, B., Schöttle, P., Grossklags, J., and Böhme, R. (2013). Managing the weakest link, Computer security–Esorics 2013. Springer, pp. 273–290.

  • Maddux, J. E., & Rogers, R. W. (1983). Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology, 19(5), 469–479.

    Article  Google Scholar 

  • Mahmoud, R., Yousuf, T., Aloul, F., & Zualkernan, I. (2015). Internet of things (IoT) security: Current status, challenges and prospective measures. In 2015 10th international conference for Internet Technology and Secured Transactions (ICITST) (pp. 336–341). IEEE.

  • McGuire, W. J. (1981). Behavioral medicine, public health and communication theories. Health Education, 12(3), 8–13.

    Article  Google Scholar 

  • McGuire, W. J., Rice, R., & Atkin, C. (2001). Input and output variables currently promising for constructing persuasive communications. Public Communication Campaigns, 3, 22–48.

    Article  Google Scholar 

  • Menard, P., Bott, G. J., & Crossler, R. E. (2017). User motivations in protecting information security: Protection motivation theory versus self-determination theory. Journal of Management Information Systems, 34(4), 1203–1230.

    Article  Google Scholar 

  • Michie, S., Atkins, L., & West, R. (2014). The behaviour change wheel. In A guide to designing interventions (1st ed., pp. 1003–1010). Great Britain: Silverback Publishing.

    Google Scholar 

  • O’Keefe, D. J., & Jensen, J. D. (2007). The relative persuasiveness of gain-framed loss-framed messages for encouraging disease prevention behaviors: A meta-analytic review. Journal of Health Communication, 12(7), 623–644.

    Article  Google Scholar 

  • O’Keefe, D. J., & Jensen, J. D. (2008). Do loss-framed persuasive messages engender greater message processing than do gain-framed messages? A meta-analytic review. Communication Studies, 59(1), 51–67.

    Article  Google Scholar 

  • Parker, D. B. (1998). Fighting computer crime: A new framework for protecting information. New York: Wiley.

    Google Scholar 

  • Patton, M., Gross, E., Chinn, R., Forbis, S., Walker, L., & Chen, H. (2014). Uninvited connections: A study of vulnerable devices on the internet of things (IoT). In 2014 IEEE joint intelligence and security informatics conference (pp. 232–235). IEEE.

  • Petty, R. E., & Cacioppo, J. T. (1986). The elaboration likelihood model of persuasion. Advances in Experimental Social Psychology, 19, 123–205.

    Article  Google Scholar 

  • Plachkinova, M., Vo, A., & Alluhaidan, A. (2016). Emerging trends in smart home security, privacy, and digital forensics. In: Proceedings of 22nd Americas Conference on Information Systems (AMCIS), Aug 11-14, 2015, San Diego.

  • Poeter, D. (2014). Survey: IoT, wearables market set for explosive growth. PCmag.com

  • Puhakainen, P., & Siponen, M. (2010). Improving Employees’ compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757–778.

    Article  Google Scholar 

  • Rayome, A. D. (2017). Ddos attacks increased 91% in 2017 thanks to IoT. https://www.techrepublic.com/article/ddos-attacks-increased-91-in-2017-thanks-to-iot/

  • Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change1. The Journal of Psychology, 91(1), 93–114.

    Article  Google Scholar 

  • Rogers, E. M. (2010). Diffusion of innovations. New York City: Simon and Schuster.

  • Rothman, A. J., & Salovey, P. (1997). Shaping perceptions to motivate healthy behavior: The role of message framing. Psychological Bulletin, 121(1), 3.

    Article  Google Scholar 

  • Sasse, M. A., Brostoff, S., & Weirich, D. (2001). Transforming the ‘weakest link’ – A human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3), 122–131.

    Article  Google Scholar 

  • Schot, J., & Rip, A. (1997). The past and future of constructive technology assessment. Technological Forecasting and Social Change, 54(2), 251–268.

    Article  Google Scholar 

  • Shropshire, J. D., Warkentin, M., & Johnston, A. C. (2010). Impact of negative message framing on security adoption. Journal of Computer Information Systems, 51(1), 41–51.

    Google Scholar 

  • Siponen, M. T. (2000). A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8(1), 31–41.

    Article  Google Scholar 

  • Sivaraman, V., Gharakheili, H. H., Vishwanath, A., Boreli, R., and Mehani, O. 2015. "Network-level security and privacy control for smart-home IoT devices," Wireless and Mobile Computing, Networking and Communications (WiMob), 2015 IEEE 11th International Conference on, pp. 163-167.

  • Smith, N. A., Sabat, I. E., Martinez, L. R., Weaver, K., & Xu, S. (2015). A convenient solution: Using MTurk to sample from hard-to-reach populations. Industrial and Organizational Psychology, 8(2), 220–228.

    Article  Google Scholar 

  • Solove, D. J. (2008).Understanding privacy. Obtained from: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1127888. Accessed 12 Dec 2019.

  • Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security: Principles and practice. Upper Saddle River: Pearson Education.

    Google Scholar 

  • Steelman, Z. R., Hammer, B. I., & Limayem, M. (2014). Data collection in the digital age: Innovative alternatives to student samples. Journal of Consumer Psychology, 23(2), 212–219.

    Google Scholar 

  • Weber, R. H. (2010). Internet of things – New security and privacy challenges. Computer Law and Security Review, 26(1), 23–30.

    Article  Google Scholar 

  • Wendzel, S., Zwanger, V., Meier, M., and Szlosarczyk, S. (2014). Envisioning smart building botnets. In Proc. GI Sicherheit, LNI 228, pp. 319–329, GI. Obtained from: https://dl.gi.de/bitstream/handle/20.500.12116/20053/319.pdf?sequence=1. Accessed 12 Dec 2019.

  • Whitman, M. E. (2004). In defense of the realm: Understanding the threats to information security. International Journal of Information Management, 24(1), 43–57.

    Article  Google Scholar 

  • Wilson, D. K., Purdon, S. E., & Wallston, K. A. (1988). Compliance to health recommendations: A theoretical overview of message framing. Health Education Research, 3(2), 161–171.

    Article  Google Scholar 

  • Zeng, E., Mare, S., & Roesner, F. (2017). End user security and privacy concerns with smart homes. In Thirteenth Symposium on Usable Privacy and Security (SOUPS), July 12–14, 2017, Santa Clara, (pp. 65–80).

  • Zheng, S., Apthorpe, N., Chetty, M., & Feamster, N. (2018). User perceptions of smart home IoT privacy. Proceedings of the ACM on Human-Computer Interaction (2:CSCW), p. 200.

Download references

Author information

Authors and Affiliations

  1. Department of Information and Technology Management, Sykes College of Business, University of Tampa, 401 W Kennedy Blvd, Tampa, FL, 33606, USA

    Miloslava Plachkinova

  2. Department of Information Systems and Cyber Security, College of Business, University of Texas at San Antonio, San Antonio, TX, 78249, USA

    Philip Menard

Authors
  1. Miloslava Plachkinova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Philip Menard
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Miloslava Plachkinova.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendices

Training Scripts by Topic and Treatment

1.1 Overall IoT Awareness

Gain-Framed (Undesirable Outcome Avoided – Hackers unable to compromise a vulnerability in home IoT environment):

Today there are more devices online than people, everything from the devices in your pocket, to the objects in your home, to the car you drive, can transmit information about your life. This ecosystem is known as the Internet of Things (IoT). Just remember, it goes both ways. When you’re connected to everything, everything is connected to you. When you use the security features of your network and your devices, hackers are less likely to find vulnerabilities in your network.

Gain-Framed (Desirable Outcome Obtained – IoT environment and the data that pass through it are protected):

Today there are more devices online than people, everything from the devices in your pocket, to the objects in your home, to the car you drive, can transmit information about your life. This ecosystem is known as the Internet of Things (IoT). Just remember, it goes both ways. When you’re connected to everything, everything is connected to you. When you use the security features of your network and your devices, the data that passes through your network, including your personal information, is protected from malicious activity.

Loss-Framed (Undesirable Outcome Obtained – Hackers allowed to compromise a vulnerability in home IoT environment):

Today there are more devices online than people, everything from the devices in your pocket, to the objects in your home, to the car you drive, can transmit information about your life. This ecosystem is known as the Internet of Things (IoT). Just remember, it goes both ways. When you’re connected to everything, everything is connected to you. If the security features of your network and your devices are disabled, hackers are more likely to find vulnerabilities in your network.

Loss-Framed (Desirable Outcome Avoided – IoT environment and the data that pass through it are unprotected):

Today there are more devices online than people, everything from the devices in your pocket, to the objects in your home, to the car you drive, can transmit information about your life. This ecosystem is known as the Internet of Things (IoT). Just remember, it goes both ways. When you’re connected to everything, everything is connected to you. If the security features of your network and your devices are disabled, the data that passes through your network, including your personal information, remains unprotected from malicious activity.

1.2 WPA2

Gain-Framed (Undesirable Outcome Avoided – Hackers prevented from spying):

Because Wi-Fi broadcasts data over freely accessible radio waves, it is important to prevent hackers from being able to spy on the information being transmitted over your network. Wi-Fi Protected Access version 2 (WPA2) is a type of encryption used to secure the vast majority of Wi-Fi networks. Think of encryption as a secret code that can only be deciphered if you have the “key,” and a vital technology that helps keep digital data away from intruders and identity thieves. WPA2 is the current acceptable security standard and should be implemented on your home network. Wired Equivalent Privacy (WEP) should be avoided, and WPA (version 1) should be used with caution.

Gain-Framed (Desirable Outcome Obtained – Data is protected):

Because Wi-Fi broadcasts data over freely accessible radio waves, it is important to protect the information that is transmitted over your network. Wi-Fi Protected Access version 2 (WPA2) is a type of encryption used to secure the vast majority of Wi-Fi networks. Think of encryption as a secret code that can only be deciphered if you have the “key,” and a vital technology that helps keep digital data away from intruders and identity thieves. WPA2 is the current acceptable security standard and should be implemented on your home network. Wired Equivalent Privacy (WEP) should be avoided, and WPA (version 1) should be used with caution.

Loss-Framed (Undesirable Outcome Obtained – Hackers successfully capturing data):

Because Wi-Fi broadcasts data over freely accessible radio waves, hackers may spy on the information being transmitted over your network. Wi-Fi Protected Access version 2 (WPA2) is a type of encryption used to secure the vast majority of Wi-Fi networks. Think of encryption as a secret code that can only be deciphered if you have the “key,” and a vital technology that helps keep digital data away from intruders and identity thieves. WPA2 is the current acceptable security standard and should be implemented on your home network. Wired Equivalent Privacy (WEP) should be avoided, and WPA (version 1) should be used with caution.

Loss-Framed (Desirable Outcome Avoided – Data is left unprotected):

Because Wi-Fi broadcasts data over freely accessible radio waves, your information is unprotected as it is transmitted over your network. Wi-Fi Protected Access version 2 (WPA2) is a type of encryption used to secure the vast majority of Wi-Fi networks. Think of encryption as a secret code that can only be deciphered if you have the “key,” and a vital technology that helps keep digital data away from intruders and identity thieves. WPA2 is the current acceptable security standard and should be implemented on your home network. Wired Equivalent Privacy (WEP) should be avoided, and WPA (version 1) should be used with caution.

1.3 Router Firewall

Gain-Framed (Undesirable Outcome Avoided – Malicious activity is kept out of network):

A firewall is a security tool that prevents traffic from entering and/or leaving your network. This keeps malicious activity outside of your network. Firewalls are sometimes considered highly technical, but most routers have a built-in firewall. And many are very easy to install or activate. Your router likely has a firewall as well, and we recommend that you use it.

Here’s how to you can check to see if your router has a firewall:

  1. 1.

    Open an Internet browser and log into your router’s administrative page. You can do this by typing in the router’s IP address. If you are unsure about what your router’s IP address might be, here is a list of commonly used IP addresses based on the router manufacturer (however, be sure to consult your user’s manual, just to make sure):

    • Apple - 10.0.1.1.

    • Buffalo - 192.168.11.1.

    • DLink - 192.168.0.1 or 10.0.0.1.

    • Linksys - 192.168.1.1 or 192.168.0.1.

    • Netgear - 192.168.0.1 or 192.168.0.227.

  2. 2.

    Look for a configuration page labeled “Security” or “Firewall”. This indicates that your router has a built-in firewall as one of its features. You may have to click on an “Advanced” link in your router’s configuration page to access its security features.

  3. 3.

    Once you’ve located the Security or Firewall page, look for an “enable” button or checkbox. Once you’ve enabled it, you’ll have to click either a “Save” or “Apply” button to save your changes. Your router may need to reboot to fully apply your changes.

Gain-Framed (Desirable Outcome Obtained – Network is protected):

A firewall is a security tool that prevents traffic from entering and/or leaving your network. This keeps your private information from accidentally leaking out. Firewalls are sometimes considered highly technical, but most routers have a built-in firewall. And many are very easy to install or activate. Your router likely has a firewall as well, and we recommend that you use it.

Here’s how to you can check to see if your router has a firewall:

  1. 1.

    Open an Internet browser and log into your router’s administrative page. You can do this by typing in the router’s IP address. If you are unsure about what your router’s IP address might be, here is a list of commonly used IP addresses based on the router manufacturer (however, be sure to consult your user’s manual, just to make sure):

    • Apple - 10.0.1.1.

    • Buffalo - 192.168.11.1.

    • DLink - 192.168.0.1 or 10.0.0.1.

    • Linksys - 192.168.1.1 or 192.168.0.1.

    • Netgear - 192.168.0.1 or 192.168.0.227.

  2. 2.

    Look for a configuration page labeled “Security” or “Firewall”. This indicates that your router has a built-in firewall as one of its features. You may have to click on an “Advanced” link in your router’s configuration page to access its security features.

  3. 3.

    Once you’ve located the Security or Firewall page, look for an “enable” button or checkbox. Once you’ve enabled it, you’ll have to click either a “Save” or “Apply” button to save your changes. Your router may need to reboot to fully apply your changes.

Loss-Framed (Undesirable Outcome Obtained – Hackers allowed into home network):

A firewall is a security tool that prevents traffic from entering and/or leaving your network. Without a firewall, malicious activity can be allowed into your home network. Firewalls are sometimes considered highly technical, but most routers have a built-in firewall. And many are very easy to install or activate. Your router likely has a firewall as well, and we recommend that you use it.

Here’s how to you can check to see if your router has a firewall:

  1. 1.

    Open an Internet browser and log into your router’s administrative page. You can do this by typing in the router’s IP address. If you are unsure about what your router’s IP address might be, here is a list of commonly used IP addresses based on the router manufacturer (however, be sure to consult your user’s manual, just to make sure):

    • Apple - 10.0.1.1.

    • Buffalo - 192.168.11.1.

    • DLink - 192.168.0.1 or 10.0.0.1.

    • Linksys - 192.168.1.1 or 192.168.0.1.

    • Netgear - 192.168.0.1 or 192.168.0.227.

  2. 2.

    Look for a configuration page labeled “Security” or “Firewall”. This indicates that your router has a built-in firewall as one of its features. You may have to click on an “Advanced” link in your router’s configuration page to access its security features.

  3. 3.

    Once you’ve located the Security or Firewall page, look for an “enable” button or checkbox. Once you’ve enabled it, you’ll have to click either a “Save” or “Apply” button to save your changes. Your router may need to reboot to fully apply your changes.

Loss-Framed (Desirable Outcome Avoided – Network is left unprotected):

A firewall is a security tool that prevents traffic from entering and/or leaving your network. Without a firewall, your network, and the information you transmit across it, are left unprotected. Firewalls are sometimes considered highly technical, but most routers have a built-in firewall. And many are very easy to install or activate. Your router likely has a firewall as well, and we recommend that you use it.

Here’s how to you can check to see if your router has a firewall:

  1. 1.

    Open an Internet browser and log into your router’s administrative page. You can do this by typing in the router’s IP address. If you are unsure about what your router’s IP address might be, here is a list of commonly used IP addresses based on the router manufacturer (however, be sure to consult your user’s manual, just to make sure):

  • Apple - 10.0.1.1.

  • Buffalo - 192.168.11.1.

  • DLink - 192.168.0.1 or 10.0.0.1.

  • Linksys - 192.168.1.1 or 192.168.0.1.

  • Netgear - 192.168.0.1 or 192.168.0.227.

  1. 2.

    Look for a configuration page labeled “Security” or “Firewall”. This indicates that your router has a built-in firewall as one of its features. You may have to click on an “Advanced” link in your router’s configuration page to access its security features.

  2. 3.

    Once you’ve located the Security or Firewall page, look for an “enable” button or checkbox. Once you’ve enabled it, you’ll have to click either a “Save” or “Apply” button to save your changes. Your router may need to reboot to fully apply your changes.

1.4 Separate/Guest Network

Gain-Framed (Undesirable Outcome Avoided – Hackers prevented from compromising personal devices and data):

Many Wi-Fi routers support guest networking so that visitors can connect to your network without gaining access to shared files or networked devices. Even though all your home networking traffic passes through your router, configuring a separate guest network means that guests can still access commonly used resources like the Internet but are prevented from accessing anything on your main network. This kind of separation also works well for Internet of Things or “smart” devices that have questionable security.

Gain-Framed (Desirable Outcome Obtained – Personal devices and their data are protected):

Many Wi-Fi routers support guest networking so that visitors can connect to your network. Even though all your home networking traffic passes through your router, configuring a separate guest network means that guests can still access commonly used resources like the Internet but the sensitive data on your personal computers, smartphones, or other devices remain protected from unauthorized access. This kind of separation also works well for Internet of Things or “smart” devices that have questionable security.

Loss-Framed (Undesirable Outcome Obtained – Hackers infiltrate personal devices through IoT attack):

Many Wi-Fi routers support guest networking so that visitors can connect to your network. Even though all your home networking traffic passes through your router, configuring a separate guest network means that guests can still access commonly used resources like the Internet. Without a guest network, visitors (or potentially hackers) could access anything on your network, like personal computers, smartphones, or other devices that contain personally identifiable or sensitive information. This kind of separation also works well for Internet of Things or “smart” devices that have questionable security.

Loss-Framed (Desirable Outcome Avoided – Personal devices and their data are vulnerable):

Many Wi-Fi routers support guest networking so that visitors can connect to your network. Even though all your home networking traffic passes through your router, configuring a separate guest network means that guests can still access commonly used resources like the Internet. Without a guest network, the personal information on your computers, smartphones, or other devices could be unnecessarily exposed. This kind of separation also works well for Internet of Things or “smart” devices that have questionable security.

1.5 Smartphone Passcode

Gain-Framed (Undesirable Outcome Avoided – Hackers prevented from compromising IoT):

Your smartphone is a multipurpose pocket computer that stays connected to the Internet at all times and is with you wherever you go. With this device, you generate an enormous amount of personal information, like pictures and videos, web browsing habits, GPS locations, financial information, and even health information. This information is stored locally on your device, but it’s also recorded onto third-party cloud storage systems where large businesses can learn more about their users. Protecting your smartphone with an authorization mechanism, like either a 4-digit passcode or biometrics, can keep your information and the data being collected by your IoT devices out of the hands of people with malicious intentions.

Gain-Framed (Desirable Outcome Obtained – Smartphone’s data and IoT access are protected):

Your smartphone is a multipurpose pocket computer that stays connected to the Internet at all times and is with you wherever you go. With this device, you generate an enormous amount of personal information, like pictures and videos, web browsing habits, GPS locations, financial information, and even health information. This information is stored locally on your device, but it’s also recorded onto third-party cloud storage systems where large businesses can learn more about their users. Protecting your smartphone with an authorization mechanism, like either a 4-digit passcode or biometrics, can help ensure that you control the access to your information and the data being collected by your IoT devices.

Loss-Framed (Undesirable Outcome Obtained – Hackers able to compromise IoT):

Your smartphone is a multipurpose pocket computer that stays connected to the Internet at all times and is with you wherever you go. With this device, you generate an enormous amount of personal information, like pictures and videos, web browsing habits, GPS locations, financial information, and even health information. This information is stored locally on your device, but it’s also recorded onto third-party cloud storage systems where large businesses can learn more about their users. Your privacy can be jeopardized as cloud platforms have been prone to security attacks. If your smartphone does not have an authorization mechanism, like either a 4-digit passcode or biometrics, people with malicious intentions could gain access to your information and the data being collected by your IoT devices.

Loss-Framed (Desirable Outcome Avoided – Smartphone’s data and IoT access are unprotected):

Your smartphone is a multipurpose pocket computer that stays connected to the Internet at all times and is with you wherever you go. With this device, you generate an enormous amount of personal information, like pictures and videos, web browsing habits, GPS locations, financial information, and even health information. This information is stored locally on your device, but it’s also recorded onto third-party cloud storage systems where large businesses can learn more about their users. Your privacy can be jeopardized as cloud platforms have been prone to security attacks. Without an authorization mechanism on your smartphone, like either a 4-digit passcode or biometrics, you cannot ensure that you control the access to your information and the data being collected by your IoT devices.

1.6 IoT Device Security

Gain-Framed (Undesirable Outcome Avoided – Hackers unable to compromise a vulnerability):

Internet of Things (IoT) represents “smart” devices that you might use throughout your home. When you install an IoT device in your home, it’s important to enable any available security features on each device. When you use your device’s security features, hackers are less likely to find vulnerabilities in your network. Not all IoT devices come with security features, but you should check the user manual for each of your devices to see which features are available.

  • If the device can be password protected, make sure to set a strong password (at least 8 characters with a mix of letters, numbers, and special characters).

  • If you have multiple IoT devices, make sure that each has a unique password (don’t use the same password across all devices).

  • Make sure that the firmware for each of your devices is up to date. You can download the most recent firmware from the manufacturer’s website.

  • Set up a guest network for your IoT devices, separating them from other important devices in your home network.

Gain-Framed (Desirable Outcome Obtained – Individual IoT devices and the data that pass through them are protected):

Internet of Things (IoT) represents “smart” devices that you might use throughout your home. When you install an IoT device in your home, it’s important to enable any available security features on each device. When you use your device’s security features, the data that passes through your network, including your personal information, is protected from malicious activity. Not all IoT devices come with security features, but you should check the user manual for each of your devices to see which features are available.

  • If the device can be password protected, make sure to set a strong password (at least 8 characters with a mix of letters, numbers, and special characters).

  • If you have multiple IoT devices, make sure that each has a unique password (don’t use the same password across all devices).

  • Make sure that the firmware for each of your devices is up to date. You can download the most recent firmware from the manufacturer’s website.

  • Set up a guest network for your IoT devices, separating them from other important devices in your home network.

Loss-Framed (Undesirable Outcome Obtained – Hackers allowed to compromise a vulnerability):

Internet of Things (IoT) represents “smart” devices that you might use throughout your home. When you install an IoT device in your home, it’s important to enable any available security features on each device. If your device’s security features are disabled, hackers are more likely to find vulnerabilities in your network. Not all IoT devices come with security features, but you should check the user manual for each of your devices to see which features are available.

  • If the device can be password protected, make sure to set a strong password (at least 8 characters with a mix of letters, numbers, and special characters).

  • If you have multiple IoT devices, make sure that each has a unique password (don’t use the same password across all devices).

  • Make sure that the firmware for each of your devices is up to date. You can download the most recent firmware from the manufacturer’s website.

  • Set up a guest network for your IoT devices, separating them from other important devices in your home network.

Loss-Framed (Desirable Outcome Avoided – Individual IoT devices and the data that pass through them are unprotected):

Internet of Things (IoT) represents “smart” devices that you might use throughout your home. When you install an IoT device in your home, it’s important to enable any available security features on each device. If your device’s security features are disabled, the data that passes through your network, including your personal information, remains unprotected from malicious activity. Not all IoT devices come with security features, but you should check the user manual for each of your devices to see which features are available.

  • If the device can be password protected, make sure to set a strong password (at least 8 characters with a mix of letters, numbers, and special characters).

  • If you have multiple IoT devices, make sure that each has a unique password (don’t use the same password across all devices).

  • Make sure that the firmware for each of your devices is up to date. You can download the most recent firmware from the manufacturer’s website.

  • Set up a guest network for your IoT devices, separating them from other important devices in your home network.

Descriptive Statistics Split by Low or High Pre-training Concerns

Table 6 Respondent Demographics – Low Pre-Training Security Concerns Subset
Full size table
Table 7 Respondent Demographics – High Pre-Training Security Concerns Subset
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Plachkinova, M., Menard, P. An Examination of Gain- and Loss-Framed Messaging on Smart Home Security Training Programs. Inf Syst Front 24, 1395–1416 (2022). https://doi.org/10.1007/s10796-019-09970-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10796-019-09970-6

Keywords

Search

Navigation