Smartphone owners need security advice. How can we ensure they get it?

Karen Renaud, Renette Blignaut, Isabella Venter

Research output: Contribution to conferencePaper

Abstract

Computer users often behave insecurely, and do not take the precautions they ought to. One reads almost daily about people not protecting their devices, not making backups and falling for phishing messages. This impacts all of society since people increasingly carry a computer in their pockets: their smartphones. It could be that smartphone owners simply do not know enough about security threats or precautions. To address this, many official bodies publish advice online. For such a broadcast-type educational approach to work, two assumptions must be satisfied. The first is that people will deliberately seek out security-related information and the second is that they will consult official sources to satisfy their information needs. Assumptions such as these ought to be verified, especially with the numbers of cyber attacks on the rise.

It was decided to explore the validity of these assumptions by surveying students at a South African university, including both Computer Science and Non-Computer Science students. The
intention was to explore levels of awareness of Smartphone security practice, the sources of advice the students used, and the impact of a Computer Science education on awareness and
information seeking behaviours. Awareness, it was found, was variable across the board but poorer amongst students without a formal computing education. Moreover, it became clear that students often found Facebook more helpful than public media, in terms of obtaining security advice.

The implications of these findings are that the broadcast strategy needs rethinking. If people prefer to learn from their peers it is necessary to focus on empowering those within the
community who can act as advisors, and not to expect people automatically to seek out information from official sources. Published guidelines are unlikely to reach the man and woman
in the street with the required level of efficacy. Our study makes it clear that only by satisfying the community needs at the social level can society at large be made more resilient to cyber attack.
Original languageEnglish
Number of pages11
Publication statusPublished - 19 May 2016
Externally publishedYes
Event2016 International Conference on Information Resources Management: Digital Emancipation in a Networked Society - Protea Hotel Breakwater Lodge, The Waterfront, Cape Town, South Africa
Duration: 18 May 201620 May 2016
http://conf-irm2016.uct.ac.za/index.php

Conference

Conference2016 International Conference on Information Resources Management
Abbreviated titleCONF-IRM
CountrySouth Africa
CityCape Town
Period18/05/1620/05/16
Internet address

Fingerprint

computer science
student
broadcast type
facebook
broadcast
education
threat
university
community
Society

Cite this

Renaud, K., Blignaut, R., & Venter, I. (2016). Smartphone owners need security advice. How can we ensure they get it?. Paper presented at 2016 International Conference on Information Resources Management, Cape Town, South Africa.
Renaud, Karen ; Blignaut, Renette ; Venter, Isabella. / Smartphone owners need security advice. How can we ensure they get it?. Paper presented at 2016 International Conference on Information Resources Management, Cape Town, South Africa.11 p.
@conference{c6ecf75c42d94921a0a3f5d993dfdb76,
title = "Smartphone owners need security advice. How can we ensure they get it?",
abstract = "Computer users often behave insecurely, and do not take the precautions they ought to. One reads almost daily about people not protecting their devices, not making backups and falling for phishing messages. This impacts all of society since people increasingly carry a computer in their pockets: their smartphones. It could be that smartphone owners simply do not know enough about security threats or precautions. To address this, many official bodies publish advice online. For such a broadcast-type educational approach to work, two assumptions must be satisfied. The first is that people will deliberately seek out security-related information and the second is that they will consult official sources to satisfy their information needs. Assumptions such as these ought to be verified, especially with the numbers of cyber attacks on the rise.It was decided to explore the validity of these assumptions by surveying students at a South African university, including both Computer Science and Non-Computer Science students. Theintention was to explore levels of awareness of Smartphone security practice, the sources of advice the students used, and the impact of a Computer Science education on awareness andinformation seeking behaviours. Awareness, it was found, was variable across the board but poorer amongst students without a formal computing education. Moreover, it became clear that students often found Facebook more helpful than public media, in terms of obtaining security advice.The implications of these findings are that the broadcast strategy needs rethinking. If people prefer to learn from their peers it is necessary to focus on empowering those within thecommunity who can act as advisors, and not to expect people automatically to seek out information from official sources. Published guidelines are unlikely to reach the man and womanin the street with the required level of efficacy. Our study makes it clear that only by satisfying the community needs at the social level can society at large be made more resilient to cyber attack.",
author = "Karen Renaud and Renette Blignaut and Isabella Venter",
year = "2016",
month = "5",
day = "19",
language = "English",
note = "2016 International Conference on Information Resources Management : Digital Emancipation in a Networked Society, CONF-IRM ; Conference date: 18-05-2016 Through 20-05-2016",
url = "http://conf-irm2016.uct.ac.za/index.php",

}

Renaud, K, Blignaut, R & Venter, I 2016, 'Smartphone owners need security advice. How can we ensure they get it?', Paper presented at 2016 International Conference on Information Resources Management, Cape Town, South Africa, 18/05/16 - 20/05/16.

Smartphone owners need security advice. How can we ensure they get it? / Renaud, Karen; Blignaut, Renette; Venter, Isabella.

2016. Paper presented at 2016 International Conference on Information Resources Management, Cape Town, South Africa.

Research output: Contribution to conferencePaper

TY - CONF

T1 - Smartphone owners need security advice. How can we ensure they get it?

AU - Renaud, Karen

AU - Blignaut, Renette

AU - Venter, Isabella

PY - 2016/5/19

Y1 - 2016/5/19

N2 - Computer users often behave insecurely, and do not take the precautions they ought to. One reads almost daily about people not protecting their devices, not making backups and falling for phishing messages. This impacts all of society since people increasingly carry a computer in their pockets: their smartphones. It could be that smartphone owners simply do not know enough about security threats or precautions. To address this, many official bodies publish advice online. For such a broadcast-type educational approach to work, two assumptions must be satisfied. The first is that people will deliberately seek out security-related information and the second is that they will consult official sources to satisfy their information needs. Assumptions such as these ought to be verified, especially with the numbers of cyber attacks on the rise.It was decided to explore the validity of these assumptions by surveying students at a South African university, including both Computer Science and Non-Computer Science students. Theintention was to explore levels of awareness of Smartphone security practice, the sources of advice the students used, and the impact of a Computer Science education on awareness andinformation seeking behaviours. Awareness, it was found, was variable across the board but poorer amongst students without a formal computing education. Moreover, it became clear that students often found Facebook more helpful than public media, in terms of obtaining security advice.The implications of these findings are that the broadcast strategy needs rethinking. If people prefer to learn from their peers it is necessary to focus on empowering those within thecommunity who can act as advisors, and not to expect people automatically to seek out information from official sources. Published guidelines are unlikely to reach the man and womanin the street with the required level of efficacy. Our study makes it clear that only by satisfying the community needs at the social level can society at large be made more resilient to cyber attack.

AB - Computer users often behave insecurely, and do not take the precautions they ought to. One reads almost daily about people not protecting their devices, not making backups and falling for phishing messages. This impacts all of society since people increasingly carry a computer in their pockets: their smartphones. It could be that smartphone owners simply do not know enough about security threats or precautions. To address this, many official bodies publish advice online. For such a broadcast-type educational approach to work, two assumptions must be satisfied. The first is that people will deliberately seek out security-related information and the second is that they will consult official sources to satisfy their information needs. Assumptions such as these ought to be verified, especially with the numbers of cyber attacks on the rise.It was decided to explore the validity of these assumptions by surveying students at a South African university, including both Computer Science and Non-Computer Science students. Theintention was to explore levels of awareness of Smartphone security practice, the sources of advice the students used, and the impact of a Computer Science education on awareness andinformation seeking behaviours. Awareness, it was found, was variable across the board but poorer amongst students without a formal computing education. Moreover, it became clear that students often found Facebook more helpful than public media, in terms of obtaining security advice.The implications of these findings are that the broadcast strategy needs rethinking. If people prefer to learn from their peers it is necessary to focus on empowering those within thecommunity who can act as advisors, and not to expect people automatically to seek out information from official sources. Published guidelines are unlikely to reach the man and womanin the street with the required level of efficacy. Our study makes it clear that only by satisfying the community needs at the social level can society at large be made more resilient to cyber attack.

M3 - Paper

ER -

Renaud K, Blignaut R, Venter I. Smartphone owners need security advice. How can we ensure they get it?. 2016. Paper presented at 2016 International Conference on Information Resources Management, Cape Town, South Africa.