Smartphone owners need security advice. How can we ensure they get it?

Karen Renaud; Renette Blignaut; Isabella Venter

Smartphone owners need security advice. How can we ensure they get it?

Karen Renaud, Renette Blignaut, Isabella Venter

Research output: Contribution to conference › Paper

Abstract

Computer users often behave insecurely, and do not take the precautions they ought to. One reads almost daily about people not protecting their devices, not making backups and falling for phishing messages. This impacts all of society since people increasingly carry a computer in their pockets: their smartphones. It could be that smartphone owners simply do not know enough about security threats or precautions. To address this, many official bodies publish advice online. For such a broadcast-type educational approach to work, two assumptions must be satisfied. The first is that people will deliberately seek out security-related information and the second is that they will consult official sources to satisfy their information needs. Assumptions such as these ought to be verified, especially with the numbers of cyber attacks on the rise.

It was decided to explore the validity of these assumptions by surveying students at a South African university, including both Computer Science and Non-Computer Science students. The
intention was to explore levels of awareness of Smartphone security practice, the sources of advice the students used, and the impact of a Computer Science education on awareness and
information seeking behaviours. Awareness, it was found, was variable across the board but poorer amongst students without a formal computing education. Moreover, it became clear that students often found Facebook more helpful than public media, in terms of obtaining security advice.

The implications of these findings are that the broadcast strategy needs rethinking. If people prefer to learn from their peers it is necessary to focus on empowering those within the
community who can act as advisors, and not to expect people automatically to seek out information from official sources. Published guidelines are unlikely to reach the man and woman
in the street with the required level of efficacy. Our study makes it clear that only by satisfying the community needs at the social level can society at large be made more resilient to cyber attack.

Original language	English
Number of pages	11
Publication status	Published - 19 May 2016
Externally published	Yes
Event	2016 International Conference on Information Resources Management: Digital Emancipation in a Networked Society - Protea Hotel Breakwater Lodge, The Waterfront, Cape Town, South Africa Duration: 18 May 2016 → 20 May 2016 http://conf-irm2016.uct.ac.za/index.php

Conference

Conference	2016 International Conference on Information Resources Management
Abbreviated title	CONF-IRM
Country	South Africa
City	Cape Town
Period	18/05/16 → 20/05/16
Internet address	http://conf-irm2016.uct.ac.za/index.php

Fingerprint Dive into the research topics of 'Smartphone owners need security advice. How can we ensure they get it?'. Together they form a unique fingerprint.

Cite this

Renaud, K., Blignaut, R., & Venter, I. (2016). Smartphone owners need security advice. How can we ensure they get it?. Paper presented at 2016 International Conference on Information Resources Management, Cape Town, South Africa.

@conference{c6ecf75c42d94921a0a3f5d993dfdb76,

title = "Smartphone owners need security advice. How can we ensure they get it?",

abstract = "Computer users often behave insecurely, and do not take the precautions they ought to. One reads almost daily about people not protecting their devices, not making backups and falling for phishing messages. This impacts all of society since people increasingly carry a computer in their pockets: their smartphones. It could be that smartphone owners simply do not know enough about security threats or precautions. To address this, many official bodies publish advice online. For such a broadcast-type educational approach to work, two assumptions must be satisfied. The first is that people will deliberately seek out security-related information and the second is that they will consult official sources to satisfy their information needs. Assumptions such as these ought to be verified, especially with the numbers of cyber attacks on the rise.It was decided to explore the validity of these assumptions by surveying students at a South African university, including both Computer Science and Non-Computer Science students. Theintention was to explore levels of awareness of Smartphone security practice, the sources of advice the students used, and the impact of a Computer Science education on awareness andinformation seeking behaviours. Awareness, it was found, was variable across the board but poorer amongst students without a formal computing education. Moreover, it became clear that students often found Facebook more helpful than public media, in terms of obtaining security advice.The implications of these findings are that the broadcast strategy needs rethinking. If people prefer to learn from their peers it is necessary to focus on empowering those within thecommunity who can act as advisors, and not to expect people automatically to seek out information from official sources. Published guidelines are unlikely to reach the man and womanin the street with the required level of efficacy. Our study makes it clear that only by satisfying the community needs at the social level can society at large be made more resilient to cyber attack.",

author = "Karen Renaud and Renette Blignaut and Isabella Venter",

year = "2016",

month = may,

day = "19",

language = "English",

note = "2016 International Conference on Information Resources Management : Digital Emancipation in a Networked Society, CONF-IRM ; Conference date: 18-05-2016 Through 20-05-2016",