International research has shown that users arecomplacent when it comes to smartphone security behaviour.This is contradictory, as users perceive data stored on the'smart' devices to be private and worth protecting. Traditionallyless attention is paid to human factors compared to technicalsecurity controls (such as firewalls and antivirus), but there is acrucial need to analyse human aspects as technology alone cannotdeliver complete security solutions. Increasing a user's knowledgecan improve compliance with good security practices, but fortrainers and educators to create meaningful security awarenessmaterials they must have a thorough understanding of users'existing behaviours, misconceptions and general attitude towardssmartphone security.
The primary purpose of this research was to assess thelevel of smartphone security awareness displayed by the public,determining whether a general level of security complacencyexists amongst smartphone users. The study was undertaken ina South African context (a multi-cultural developing nation) andincluded demographics as a variable in assessing any differencesin smartphone security awareness between population groups. Amodified version of the instrument developed by [1) was used.
A survey of 619 South African users examined trust ofsmartphone application repositories, users' considerations wheninstalling new applications and their use of protection mechanisms (security controls). The sample proved complacent intheir smartphone security behaviours with users displaying highlevels of trust towards smartphone application repositories, rarelyconsidering privacy and security considerations when installingnew applications and also not adequately protecting themselvesthrough adopting smartphone protection mechanisms (controls).The research did not find any conclusive associations to suggestthat a user's home language impacts their information securitybehaviour or trust. However, an association between IT expertiseand the adoption of smartphone security controls was found.
|Title of host publication||2014 Information Security for South Africa|
|Subtitle of host publication||proceedings of the ISSA 2014 conference|
|Editors||Hein S Venter, Marianne Loock, Marijke Coetzee, Mariki M Eloff|
|Number of pages||7|
|ISBN (Electronic)||9781479933846, 9781479933839|
|Publication status||Published - 14 Nov 2014|
|Event||13th Annual Conference on Information Security for South Africa - Radisson Blu Gautrain Hotel, Johannesburg, South Africa|
Duration: 13 Aug 2014 → 14 Aug 2014
Conference number: 13th
|Conference||13th Annual Conference on Information Security for South Africa|
|Abbreviated title||ISSA 2014|
|Period||13/08/14 → 14/08/14|
- Awareness and training in security
- Mobile computing security