On Cell Phones and Punishment: Encouraging Secure Mobile Behavior Through Morality
pdf
ABSTRACT
With an increasing number of organizations allowing personal smart phones onto the networks of the organization, considerable security risk is introduced to the organization. The security risk is exacerabted by the tremendous heterogeneity of the personal mobile devices and in their respective installed pool of applications. Furthermore, by virture of the devices not being owned by the organization, the ability to authoritatively enforce organizational security policies is complicated. As a result, a critical part of organizational security is the ability to drive user security behavior either through on device mechanisms or security awareness programs. In this paper, we establish a baseline for user security behavior from a population of over one hundred fifty smart phone users. We then systematically evaluate the ability to drive behavioral change via messaging centered on morality, deterrence, and incentive. Our finding show that while a significant portion of users are securing their devices without prior intervention, it is difficult to influence change in those who do not.
Award ID: 0915775
Submitted by Katie Dey
on
ABSTRACT
With an increasing number of organizations allowing personal smart phones onto the networks of the organization, considerable security risk is introduced to the organization. The security risk is exacerabted by the tremendous heterogeneity of the personal mobile devices and in their respective installed pool of applications. Furthermore, by virture of the devices not being owned by the organization, the ability to authoritatively enforce organizational security policies is complicated. As a result, a critical part of organizational security is the ability to drive user security behavior either through on device mechanisms or security awareness programs. In this paper, we establish a baseline for user security behavior from a population of over one hundred fifty smart phone users. We then systematically evaluate the ability to drive behavioral change via messaging centered on morality, deterrence, and incentive. Our finding show that while a significant portion of users are securing their devices without prior intervention, it is difficult to influence change in those who do not.
Award ID: 0915775