Search results
1 – 10 of over 7000
This study aims to investigate the differences in security-conscious (group A) and regular (group B) users’ behaviors and practices on mobile devices.
Abstract
Purpose
This study aims to investigate the differences in security-conscious (group A) and regular (group B) users’ behaviors and practices on mobile devices.
Design/methodology/approach
A survey was used to investigate the differences in behaviors and practices of security-conscious users (group A) and regular users (group B) on mobile devices. Each group will have 50 participants for a total of 100.
Findings
The analysis revealed differences in the behaviors and practices of security-conscious and regular users. The results indicated that security-conscious users engage in behaviors and practices that are more secure on mobile devices when compared with regular users.
Research limitations/implications
The results will help recommend the best behaviors and practices for mobile device users, increasing mobile device security.
Social implications
The results will help society to be more aware of security behaviors and practices on mobile devices.
Originality/value
This study answers the call for addressing the weaknesses and vulnerabilities in mobile device security. It develops a research instrument to measure the differences in behaviors and practices of security-conscious and regular mobile device users.
Details
Keywords
Mark A. Harris and Karen P. Patten
This paper's purpose is to identify and accentuate the dilemma faced by small- to medium-sized enterprises (SMEs) who use mobile devices as part of their mobility business…
Abstract
Purpose
This paper's purpose is to identify and accentuate the dilemma faced by small- to medium-sized enterprises (SMEs) who use mobile devices as part of their mobility business strategy. While large enterprises have the resources to implement emerging security recommendations for mobile devices, such as smartphones and tablets, SMEs often lack the IT resources and capabilities needed. The SME mobile device business dilemma is to invest in more expensive maximum security technologies, invest in less expensive minimum security technologies with increased risk, or postpone the business mobility strategy in order to protect enterprise and customer data and information. This paper investigates mobile device security and the implications of security recommendations for SMEs.
Design/methodology/approach
This conceptual paper reviews mobile device security research, identifies increased security risks, and recommends security practices for SMEs.
Findings
This paper identifies emerging mobile device security risks and provides a set of minimum mobile device security recommendations practical for SMEs. However, SMEs would still have increased security risks versus large enterprises who can implement maximum mobile device security recommendations. SMEs are faced with a dilemma: embrace the mobility business strategy and adopt and invest in the necessary security technology, implement minimum precautions with increased risk, or give up their mobility business strategy.
Practical implications
This paper develops a practical list of minimum mobile device security recommendations for SMEs. It also increases the awareness of potential security risks for SMEs from mobile devices.
Originality/value
This paper expands previous research investigating SME adoption of computers, broadband internet-based services, and Wi-Fi by adding mobile devices. It describes the SME competitive advantages from adopting mobile devices for enterprise business mobility, while accentuating the increased business risks and implications for SMEs.
Details
Keywords
Ramaraj Palanisamy and Yang Wu
This study/ paper aims to empirically examine the user attitude on perceived security of enterprise systems (ES) mobility. Organizations are adopting mobile technologies for…
Abstract
Purpose
This study/ paper aims to empirically examine the user attitude on perceived security of enterprise systems (ES) mobility. Organizations are adopting mobile technologies for various business applications including ES to increase the flexibility and to gain sustainable competitive advantage. At the same time, end-users are exposed to security issues when using mobile technologies. The ES have seen breaches and malicious intrusions thereby more sophisticated recreational and commercial cybercrimes have been witnessed. ES have seen data breaches and malicious intrusions leading to more sophisticated cybercrimes. Considering the significance of security in ES mobility, the research questions in this study are: What are the security issues of ES mobility? What are the influences of users’ attitude towards those security issues? What is the impact of users’ attitude towards security issues on perceived security of ES mobility?
Design/methodology/approach
These questions are addressed by empirically testing a security model of mobile ES by collecting data from users of ES mobile systems. Hypotheses were evolved and tested by data collected through a survey questionnaire. The questionnaire survey was administered to 331 users from Chinese small and medium-sized enterprises (SME). The data was statistically analysed by tools such as correlation, factor analysis, regression and the study built a structural equation model (SEM) to examine the interactions between the variables.
Findings
The study results have identified the following security issues: users’ attitude towards mobile device security issues; users’ attitude towards wireless network security issues; users’ attitude towards cloud computing security issues; users’ attitude towards application-level security issues; users’ attitude towards data (access) level security issues; and users’ attitude towards enterprise-level security issues.
Research limitations/implications
The study results are based on a sample of users from Chinese SMEs. The findings may lack generalizability. Therefore, researchers are encouraged to examine the model in a different context. The issues requiring further investigation are the role of gender and type of device on perceived security of ES mobile systems.
Practical implications
The results show that the key security issues are related to a mobile device, wireless network, cloud computing, applications, data and enterprise. By understanding these issues and the best practices, organizations can maintain a high level of security of their mobile ES.
Social implications
Apart from understanding the best practices and the key issues, the authors suggest management and end-users to work collaboratively to achieve a high level of security of the mobile ES.
Originality/value
This is an empirical study conducted from the users’ perspective for validating the set of research hypotheses related to key security issues on the perceived security of mobile ES.
Details
Keywords
Anthony Duke Giwah, Ling Wang, Yair Levy and Inkyoung Hur
The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user…
Abstract
Purpose
The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobile technology.
Design/methodology/approach
This study was an empirical study that gathered survey data from 390 mobile users. Delphi study and pilot study were conducted prior to the main survey study. Partial Least Square Structural Equation Modeling was used to analyze the survey data after conducting pre-analysis data screening.
Findings
This study shows that information security training programs must be designed by practitioners to target the mobile self-efficacy (MSE) of device users. It also reveals that practitioners must design mobile device management systems along with processes and procedures that guides users to take practical steps at protecting their devices. This study shows the high impact of MSE on users’ protection motivation (PM) to protect their mobile devices. Additionally, this study reveals that the PM of users influences their usage of mobile device security.
Originality/value
This study makes theoretical contributions to the existing information security literature. It confirms PM theory’s power to predict user behavior within the context of mobile device security usage. Additionally, this study investigates mobile users’ actual security usage. Thus, it goes beyond users’ intention.
Details
Keywords
Recently, the spread of malicious IT has been causing serious privacy threats to mobile device users, which hampers the efficient use of mobile devices for individual and…
Abstract
Purpose
Recently, the spread of malicious IT has been causing serious privacy threats to mobile device users, which hampers the efficient use of mobile devices for individual and business. To understand the privacy security assurance behavior of mobile device users, this study aims to develop a theoretical model based on technology threat avoidance theory (TTAT), to capture motivation factors in predicting mobile device user’s voluntary adoption of security defensive software.
Design/methodology/approach
A survey is conducted to validate the proposed research model. A total of 284 valid survey data are collected and partial least square (PLS)-based structural equation modeling is used to test the model.
Findings
Results highlight that both privacy concern and coping appraisal have a significant impact on the intention to adopt the security defensive software. Meanwhile, privacy security awareness is a crucial determinant to stimulate mobile device user’s threat and coping appraisal processes in the voluntary context. The results indicate that emotional-based coping appraisal of anticipated regret is also imperative to arouse personal intention to adopt the security tool.
Practical implications
This result should be of interest to practitioners. Information security awareness training and education programs should be developed in a variety of forms to intensify personal security knowledge and skills. Besides, emotion-based warnings can be designed to arouse users’ protection behavior.
Originality/value
This paper embeds TTAT theory within the mobile security context. The authors extent TTAT by taking anticipated regret into consideration to capture emotional-based coping appraisal, and information security awareness is employed as the antecedent factor. The extent offers a useful starting point for the further empirical study of emotion elements in the information security context.
Details
Keywords
Currently, one of the most significant challenges organizations face is that corporate data is being delivered to mobile devices that are not managed by the information technology…
Abstract
Purpose
Currently, one of the most significant challenges organizations face is that corporate data is being delivered to mobile devices that are not managed by the information technology department. This has security implications regarding knowledge leakage, data theft, and regulatory compliance. With these unmanaged devices, companies have less control and visibility, and fewer mitigation options when protecting against the risks of cyber-attacks. Therefore, the purpose of this study is to investigate how millennials' use of personal mobile devices for work contributes to increased exposure to cyber-attacks and, consequently, security and knowledge leakage risks.
Design/methodology/approach
This research used a mixed-method approach by using survey questionnaires to elicit the views of millennials regarding the cybersecurity risks associated with bring your own device policies and practices. Interviews were done with security personnel. Data analysis consisted of descriptive analysis and open coding.
Findings
The results indicate that millennials expect to have ready access to technology and social media at all times, irrespective of security and privacy concerns. Companies also need to improve and enforce bring your own device policies and practices to mitigate against knowledge leakage and security risks. Millennials increasingly see the use of personal devices as a right and not a convenience. They are expecting security measures to be more seamless within the full user experience.
Originality/value
This paper can help organizations and millennials to understand the security risks entering the workforce if the threats of using privately owned devices on the job are ignored and to improve organizational performance.
Details
Keywords
Fatih Erdoğdu, Seyfullah Gökoğlu and Mehmet Kara
The current study aimed to develop and validate Mobile Information Security Awareness Scale (MISAS) based on the prototype model for measuring information security awareness and…
Abstract
Purpose
The current study aimed to develop and validate Mobile Information Security Awareness Scale (MISAS) based on the prototype model for measuring information security awareness and the relevant literature.
Design/methodology/approach
The scale was developed and validated with the participation of 562 students from four universities. The construct validity of the scale was tested through exploratory factor analysis and confirmatory factor analysis.
Findings
The reliability of the scale was tested through corrected item-total correlations and Cronbach alpha. The MISAS includes six factors and 17 items. The identified factors were labeled as backup, instant messaging and navigation, password protection, update, access permission and using others' devices.
Research limitations/implications
The scale included only the human aspects of mobile information security. The technical aspects are not within the scope of this study. For this reason, future studies might develop and validate a different scale focusing on the technical aspects of mobile information security.
Originality/value
The developed scale contributes to the literature on the human aspects of mobile information security.
Details
Keywords
The purpose of this paper is to rank the users’ attitude on major components of mobile cloud computing (MCC) security and investigate the degree of impact of these components on…
Abstract
Purpose
The purpose of this paper is to rank the users’ attitude on major components of mobile cloud computing (MCC) security and investigate the degree of impact of these components on MCC security as a whole.
Design/methodology/approach
Hypotheses were evolved and tested by data collected through an online survey-questionnaire. The survey was administered to 363 users from Chinese organizations. Statistical analysis was carried out and structural equation model was built to validate the interactions.
Findings
The eight components of MCC security in the order of importance are as follows: mobile device related, user identity related, deployment model related, application-level security issues, data related, virtualization related, network related and service delivery related. The empirical analysis validates that these security issues are having significant impact on perceived security of MCC.
Practical implications
Constant vigilance on these eight issues and improving the level of user awareness on these issues enhance the overall security.
Social implications
These issues can be used for designing and developing secured MCC system.
Originality/value
While several previous research has studied various security factors in the MCC security domain, a consolidated understanding on the different components of MCC security is missing. This empirical research has identified and ranked the major components of MCC security. The degree of impact of each of these components on overall MCC security is identified. This provides a different perspective for managing MCC security by explaining what components are most important.
Details
Keywords
Ever since Mark Weiser coined the term “ubiquitous computing” (ubicomp) in 1988, there has been a general interest in proposing various solutions that would support his vision…
Abstract
Purpose
Ever since Mark Weiser coined the term “ubiquitous computing” (ubicomp) in 1988, there has been a general interest in proposing various solutions that would support his vision. However, attacks targeting devices and services of a ubicomp environment have demonstrated not only different privacy issues, but also a risk of endangering user’s life (e.g. by modifying medical sensor readings). Thus, the aim of this paper is to provide a comprehensive overview of security challenges of ubicomp environments and the corresponding countermeasures proposed over the past decade.
Design/methodology/approach
The results of this paper are based on a literature review method originally used in evidence-based medicine called systematic literature review (SLR), which identifies, filters, classifies and summarizes the findings.
Findings
Starting from the bibliometric results that clearly show an increasing interest in the topic of ubicomp security worldwide, the findings reveal specific types of attacks and vulnerabilities that have motivated the research over the past decade. This review describes most commonly proposed countermeasures – context-aware access control and authentication mechanisms, cryptographic protocols that account for device’s resource constraints, privacy-preserving mechanisms, and trust mechanisms for wireless ad hoc and sensor networks.
Originality/value
To the best of our knowledge, this is the first SLR on security challenges in ubicomp. The findings should serve as a reference to an extensive list of scientific contributions, as well as a guiding point for the researchers’ novel to the security research in ubicomp.
Details
Keywords
For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence less…
Abstract
Purpose
For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence less experience in handling security threats like malware as compared to users of other countries who have gone through the learning curve of handling such security threats using other Internet-enabled devices such as laptop and desktop. Because of this, the inexperienced Indian smartphone user may be vulnerable to Internet-related security breaches, as compared to the citizens of developed economies. Hence, it is essential to understand the attitude, behaviour and security practices of smartphone users in India. Limited research is available about the security behaviour of smartphone users in India as the majority of research in this domain is done outside India.
Design/methodology/approach
In this empirical study, the researchers identified 28 cybersecurity behaviours and practices through a survey of relevant literature. An online survey of identified cybersecurity behaviours and practices was administered to 300 smartphone users. Frequency analysis of the respondent data was done to understand the adoption of recommended cybersecurity behaviours and practices. Pearson’s chi-square with 5% level of significance has been used to test the hypotheses. Post hoc analysis with Bonferroni correction was conducted for statistically significant associations.
Findings
Overall, the respondents did not exhibit good cybersecurity behaviour. Respondents have adopted some of the most popular security features of the smartphone such as the use of screen lock. However, respondents have not adopted or are not aware of the technical security controls such as encryption and remote wipe. Statistically significant differences were found between the cybersecurity behaviour and practices and independent variables such as gender, age, mobile operating system (OS) and mother tongue. Respondents reported high level of motivation to protect their device and data, whereas they reported moderate level of threat awareness and the ability to protect to their device and data. Results of the comparative analysis with a similar study in China and the USA are also reported in this study.
Research limitations/implications
The main limitations of this study are as follows: the respondents' perceptions about their cybersecurity behaviours and practices were measured as opposed to their actual behaviours and practices and the generalizability of the study is limited because the sample size is small as compared to the total number of smartphone users in India.
Practical implications
The findings of this study may be useful for the design of effective cybersecurity prevention and intervention programs for general smartphone users of India.
Originality/value
This study provides an insight about cybersecurity behaviour of smartphone users in India. To the knowledge of the researchers, this is the first study to collect such quantitative data of smartphone users in India for a better understanding of the cybersecurity behaviours and practices. This study identified 28 cybersecurity behaviours and practices, which smartphone users should follow to improve cybersecurity.
Details