Managing Access to Confidential Documents: A Case Study of an Email Security Tool-Reference-Cited by-同舟云学术

Managing Access to Confidential Documents: A Case Study of an Email Security Tool

Published:2023-10-28 Issue:11 Volume:15 Page:356
ISSN:1999-5903
Container-title:Future Internet
language:en
Short-container-title:Future Internet

Author:

Al Qahtani Elham¹,Javed Yousra²^ORCID,Tabassum Sarah³,Sahoo Lipsarani³,Shehab Mohamed³

Affiliation:

1. Department of Software Engineering, University of Jeddah, Makkah 23445, Saudi Arabia

2. School of Information Technology, Illinois State University, Normal, IL 61761, USA

3. Department of Software Information Systems, University of North Carolina, Charlotte, NC 28223, USA

Abstract

User adoption and usage of end-to-end encryption tools is an ongoing research topic. A subset of such tools allows users to encrypt confidential emails, as well as manage their access control using features such as the expiration time, disabling forwarding, persistent protection, and watermarking. Previous studies have suggested that protective attitudes and behaviors could improve the adoption of new security technologies. Therefore, we conducted a user study on 19 participants to understand their perceptions of an email security tool and how they use it to manage access control to confidential information such as medical, tax, and employee information if sent via email. Our results showed that the participants’ first impression upon receiving an end-to-end encrypted email was that it looked suspicious, especially when received from an unknown person. After the participants were informed about the importance of the investigated tool, they were comfortable sharing medical, tax, and employee information via this tool. Regarding access control management of the three types of confidential information, the expiration time and disabling forwarding were most useful for the participants in preventing unauthorized and continued access. While the participants did not understand how the persistent protection feature worked, many still chose to use it, assuming it provided some extra layer of protection to confidential information and prevented unauthorized access. Watermarking was the least useful feature for the participants, as many were unsure of its usage. Our participants were concerned about data leaks from recipients’ devices if they set a longer expiration date, such as a year. We provide the practical implications of our findings.

Funder

Illinois State University

Publisher

MDPI AG

Subject

Computer Networks and Communications

Link

https://www.mdpi.com/1999-5903/15/11/356/pdf

Reference46 articles.

1. (2023, February 06). How Much Sensitive Data Is Your Organization Sharing?—Virtru—virtru.com. Available online: https://www.virtru.com/blog/data-sharing-risk-calculator.

2. Stokel-Walker, C. (2023, February 06). Almost No One Encrypts Their Emails Because It Is Too Much of a Hassle. Available online: https://www.newscientist.com/article/2289747-almost-no-one-encrypts-their-emails-because-it-is-too-much-of-a-hassle/.

3. Warford, N., Munyendo, C.W., Mediratta, A., Aviv, A.J., and Mazurek, M.L. (2021, January 11–13). Strategies and perceived risks of sending sensitive documents. Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), Virtual.

4. Sjouwerman, S. (2023, February 06). 91 blog.knowbe4.com. Available online: https://blog.knowbe4.com/bid/252429/91-of-cyberattacks-begin-with-spear-phishing-email.

5. I’ve got nothing to hide and other misunderstandings of privacy;Solove;San Diego L. Rev.,2007