Security behaviors of smartphone users

Purpose – This paper aims to report on the information security behaviors of smartphone users in an affluent economy of the Middle East. Design/methodology/approach – A model based on prior research, synthesized from a thorough literature review, is tested using survey data from 500 smartphone users representing three major mobile operating systems. Findings – The overall level of security behaviors is low. Regression coefficients indicate that the efficacy of security measures and the cost of adopting them are the main factors influencing smartphone security behaviors. At present, smartphone users are more worried about malware and data leakage than targeted information theft. Research limitations/implications – Threats and counter-measures co-evolve over time, and our findings, which describe the state of smartphone security at the current time, will need to be updated in the future. Practical implications – Measures to improve security practices of smartphone users are needed urgently. The findings ind...

[1]  Yajiong Xue,et al.  Avoidance of Information Technology Threats: A Theoretical Perspective , 2009, MIS Q..

[2]  Boas Shamir,et al.  Security-related behavior of PC users in organizations , 1991, Inf. Manag..

[3]  Wu He,et al.  A survey of security risks of mobile social media through blog mining and an extensive literature search , 2013, Inf. Manag. Comput. Secur..

[4]  Stefan Fenz,et al.  Current challenges in information security risk management , 2014, Inf. Manag. Comput. Secur..

[5]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[6]  Jung P. Shim,et al.  Current Status, Issues, and Future of Bring Your Own Device (BYOD) , 2014, Commun. Assoc. Inf. Syst..

[7]  Younghwa Lee,et al.  Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware software , 2009, Eur. J. Inf. Syst..

[8]  Mark A. Harris,et al.  Mobile device security considerations for small- and medium-sized enterprise business mobility , 2014, Inf. Manag. Comput. Secur..

[9]  Gwenda R. Greene Assessing the Impact of Security Culture and the Employee-Organization Relationship on IS Security Compliance I , 2010 .

[10]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[11]  Omar F. El-Gayar,et al.  Security Policy Compliance: User Acceptance Perspective , 2012, 2012 45th Hawaii International Conference on System Sciences.

[12]  Christopher J. Carpenter,et al.  A Meta-Analysis of the Effectiveness of Health Belief Model Variables in Predicting Behavior , 2010, Health communication.

[13]  Dimitris Gritzalis,et al.  Delegate the smartphone user? Security awareness in smartphone platforms , 2013, Comput. Secur..

[14]  Cynthia M. Jones,et al.  Utilizing the Technology Acceptance Model to Assess the Employee Adoption of Information Systems Security Measures , 2010 .

[15]  R. Friedrich In Defense of Multiplicative Terms In Multiple Regression Equations , 1982 .

[16]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[17]  Stefan Kraxberger,et al.  Android Security Permissions - Can We Trust Them? , 2011, MobiSec.

[18]  Young U. Ryu,et al.  Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..

[19]  Mo Adam Mahmood,et al.  Compliance with Information Security Policies: An Empirical Investigation , 2010, Computer.

[20]  J. Sinacore Multiple regression: Testing and interpreting interactions , 1993 .

[21]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[22]  Min Wu,et al.  Propagation model of smartphone worms based on semi-Markov process and social relationship graph , 2014, Comput. Secur..

[23]  Yajiong Xue,et al.  Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective , 2010, J. Assoc. Inf. Syst..

[24]  Ken H. Guo Security-related behavior in using information systems in the workplace: A review and synthesis , 2013, Comput. Secur..

[25]  Princely Ifinedo,et al.  Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory , 2012, Comput. Secur..

[26]  Stephen Flowerday,et al.  Smartphone information security awareness: A victim of operational pressures , 2014, Comput. Secur..

[27]  Mo Adam Mahmood,et al.  Employees' Behavior towards IS Security Policy Compliance , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[28]  Jung P. Shim,et al.  Bring Your Own Device (BYOD): Current Status, Issues, and Future Directions , 2013, AMCIS.

[29]  M. Angela Sasse,et al.  The compliance budget: managing security behaviour in organisations , 2009, NSPW '08.

[30]  Karin Hedström,et al.  Social action theory for understanding information security non-compliance in hospitals: The importance of user rationale , 2013, Inf. Manag. Comput. Secur..

[31]  Robert P. Minch,et al.  Application of Protection Motivation Theory to Adoption of Protective Technologies , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[32]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[33]  Steven Furnell Handheld hazards: The rise of malware on mobile devices , 2005 .

[34]  Margaret Tan,et al.  An investigation of students' perception of Bluetooth security , 2012, Inf. Manag. Comput. Secur..

[35]  Steven Furnell,et al.  From culture to disobedience: Recognising the varying user acceptance of IT security , 2009 .

[36]  G. Charness,et al.  Strong Evidence for Gender Differences in Risk Taking , 2012 .

[37]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[38]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[39]  Elizabeth Sillence,et al.  It won't happen to me: Promoting secure behaviour among internet users , 2010, Comput. Hum. Behav..

[40]  Ayako Komatsu,et al.  Human aspects of information security: An empirical study of intentional versus actual behavior , 2013, Inf. Manag. Comput. Secur..

[41]  Christian Damsgaard Jensen,et al.  The role of trust in computer security , 2012, 2012 Tenth Annual International Conference on Privacy, Security and Trust.

[42]  Rachel T. A. Croson,et al.  Gender Differences in Preferences , 2009 .

[43]  Atreyi Kankanhalli,et al.  Studying users' computer security behavior: A health belief perspective , 2009, Decis. Support Syst..

[44]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[45]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[46]  Yingjiu Li,et al.  Permission based Android security: Issues and countermeasures , 2014, Comput. Secur..

[47]  Robert LaRose,et al.  Keeping our network safe: a model of online protection behaviour , 2008, Behav. Inf. Technol..

[48]  R. W. Rogers,et al.  A Protection Motivation Theory of Fear Appeals and Attitude Change1. , 1975, The Journal of psychology.

[49]  I. Rosenstock Why people use health services. , 1966, The Milbank Memorial Fund quarterly.

[50]  Dieter Gollmann,et al.  Why Trust is Bad for Security , 2006, Electron. Notes Theor. Comput. Sci..

[51]  Andrea Back,et al.  Information security: Critical review and future directions for research , 2014, Inf. Manag. Comput. Secur..

[52]  Teodor Sommestad,et al.  Variables influencing information security policy compliance: A systematic review of quantitative studies , 2014, Inf. Manag. Comput. Secur..

[53]  Mohammad Rahim,et al.  A Socio-Behavioral Study of Home Computer Users' Intention to Practice Security , 2005, PACIS.