The Center for Long-Term Cybersecurity at the University of California-Berkeley released a report on April 15 discussing the importance of improving cybersecurity awareness in underserved populations, which face “higher-than-average risks of being victims of cyberattacks.”
“This cybersecurity gap is a new ‘digital divide’ that needs to be addressed – with urgency – by the public and private sectors alike,” said the paper’s author Ahmad Sultan, associate director for Research, Advocacy and Technology and Policy at the Anti-Defamation League’s Center for Technology and Society. “The report is intended to help city leaders understand how they could better understand this issue in their own cities, and how they might forge public-private partnerships to address cybersecurity concerns at the system level.”
The paper, which uses underserved residents – meaning low-income residents, seniors, and foreign language speakers – of San Francisco as a quasi-case study, was developed in partnership between Sultan and officials from the City and County of San Francisco with the goal of helping officials in other cities “better understand how underserved populations may be at risk, and provides recommendations for city-led training programs and other initiatives that could help mitigate the cybersecurity challenge.”
Lack of Awareness
Based on a survey of more than 150 San Francisco residents, the paper found that underserved populations are less likely to be aware that they are victims of a cyberattack and have a lower awareness of cybersecurity risks. When asked about their knowledge of “core cybersecurity concepts,” 20 percent of respondents didn’t know about online crime, 21 percent were unaware of spam emails, and 26 percent were unaware of computer or mobile viruses. Unsurprisingly, 31 percent didn’t know that anti-virus software existed. The report also found that among respondents who said they were “confident” in their ability to protect themselves online many weren’t taking basic cybersecurity steps that could justify their confidence.
“Underserved residents generally suffer from low levels of confidence in their ability to protect themselves online and have low trust in technology companies to secure their data,” the report explained. “As a result, they are deterred from using online services, such as banking or social services, that can bring important economic and social benefits.”
Digital Divide Meets Language Barrier
Further complicating the process of closing the digital divide is a language barrier that often exists in underserved populations.
“Underserved citizens whose primary language is not English often struggle to find resources on cybersecurity in their own language, and many do not know what resources to trust,” the report explained. “Residents often turn to friends or relatives and receive partially accurate information at best.”
The report said city leaders should understand their community’s cybersecurity awareness and use that information to provide “targeted trainings.” The paper suggested conducting surveys and informational workshops to understand what residents are interested in learning and where knowledge gaps may exist, as well as what types of trainings would be most effective. The report also encouraged city leaders to partner with community organizations that serve low-income residents, English language learners, and senior citizens.
In addition to providing trainings, the report also suggested creating materials for self-teaching, such as “reliable online resources that are easy to interpret and access.” Additionally, the report encouraged cities to develop a cybersecurity advice website and suggested partnering with the private sector to achieve that goal.
“Cities can work with private technology firms to develop reliable websites that provide cybersecurity advice,” the report said. “It may be feasible to develop a phone chatbot that can help residents with basic information security questions. Such chatbots can be designed to communicate in several languages, and provide clearly defined answers on core cybersecurity knowledge questions, as well as offer step-by-step instructions based upon best practices.”
On top of partnering with the private sector, cities should also work collaboratively with other localities to develop initiatives and share best practices.
“Cities have opportunities to work together to develop joint cybersecurity initiatives, including digital literacy trainings to improve cybersecurity outcomes, while also creating strong, sustainable, and actionable partnerships with private-technology firms to address system-level cybersecurity concerns,” Sultan said.