Research in the International Journal of Business Information Systems investigates user perception of mobile device security and offers several recommendations for users and manufacturers of such devices.
Nelson Tochukwu Agu, Joshua Ebere Chukwuere, and Tlhalitshi Volition Montshiwa of North-West University in Mahikeng, South Africa, offer several alarming insights into awareness of mobile security issues among students in the region. Their primary finding from a survey of 142 students at NWU is that some students mistakenly believe that mobile phones are inherently secure and others do not realise that such devices can be less secure than traditional desktop or laptop computers. The work suggests that there is a need for increased vigilance and education regarding mobile device security.
The team also found that while most users have a basic understanding of mobile device security, many of them lack knowledge of even common threats such as viruses, worms, Trojans, and phishing attacks. The researchers believe that this knowledge gap is particularly troubling, as it implies a lack of vigilance in safeguarding mobile devices against these various threats. Many such threats could detrimentally affect the individuals involved, but many have much broader implications allowing the spread of malware to other users and for malicious third parties to compromise devices and so build networks, botnets, under their control for illicit purposes, such as distributed denial of service (DDOS) attacks on organisational and governmental networks, for instance.
The team also found that even those users who understand password protection, many of them neglect additional security measures such as encryption, PINs, patterns, or biometric authentication. They point out that users are happy to engage in risky behaviour, such as ignoring system security warnings, clicking on links or downloading attachments from unknown sources, as well as over-sharing personal information on social media platforms, which might be useful to a third-party hoping to carry an identity theft or in fraudulent activity, based on social engineering in which a confidence trick is played out on an individual or member of an organisation rather than an attack being technological in nature, such as hacking or cracking to break into and compromise a computer system.
The researchers suggest that education of users is critical to bolster mobile phone security, but they insist that device manufacturers should also bear responsibility in addressing this issue and should be proactive in this educational process.
Agu, N.T., Chukwuere, J.E. and Montshiwa, T.V. (2023) ‘Understanding users’ perceptions of security in mobile devices using the two-step cluster analysis’, Int. J. Business Information Systems, Vol. 44, No. 1, pp.81–101.