Computer users often behave insecurely, and do not take the precautions they ought to. One reads almost daily about people not protecting their devices, not making backups and falling for phishing messages. This impacts all of society since people increasingly carry a computer in their pockets: their smartphones. It could be that smartphone owners simply do not know enough about security threats or precautions. To address this, many official bodies publish advice online. For such a broadcast-type educational approach to work, two assumptions must be satisfied. The first is that people will deliberately seek out security-related information and the second is that they will consult official sources to satisfy their information needs. Assumptions such as these ought to be verified, especially with the numbers of cyber attacks on the rise. It was decided to explore the validity of these assumptions by surveying students at a South African university, including both Computer Science and Non-Computer Science students. The intention was to explore levels of awareness of Smartphone security practice, the sources of advice the students used, and the impact of a Computer Science education on awareness and information seeking behaviours. Awareness, it was found, was variable across the board but poorer amongst students without a formal computing education. Moreover, it became clear that students often found Facebook more helpful than public media, in terms of obtaining security advice. The implications of these findings are that the broadcast strategy needs rethinking. If people prefer to learn from their peers it is necessary to focus on empowering those within the community who can act as advisors, and not to expect people automatically to seek out information from official sources. Published guidelines are unlikely to reach the man and woman in the street with the required level of efficacy. Our study makes it clear that only by satisfying the community needs at the social level can society at large be made more resilient to cyber attack.
Renaud, Karen; Blignaut, Rénette; and Venter, Isabella, "Smartphone Owners Need Security Advice. How Can We Ensure They Get it?" (2016). CONF-IRM 2016 Proceedings. 20.