Security Awareness Level of Smartphone Users: An

Exploratory Case Study

Murat Koyuncu 1 and Tolga Pusatli 2

1. Overview of the company or companies involved

The survey is conducted in a popular shopping center in Ankara by the

pollster in a week’s period in summer 2018. It aimed to include a wide range of
participants for demographic variables as it is possible to find people from
different ages, education level, and professions in such a location. Volunteer
participant’s filled out the survey forms with the help of the pollster.
IT professionals dealing with the new influx of devices on their networks
need to properly manage mobile device security.
This investigates the awareness level of smartphone users from different
perspectives including age, education level, and cyber security.
The overall awareness level of the participants is not at a satisfactory level
and needs improvement. In terms of age, the oldest group (>50) has the lowest
awareness level followed by the youngest group (<21). *e group having BS or
higher education degrees has a better awareness level, which can be considered
as an indication of the importance of education for cyber security. *The group
having IT security training has the highest awareness level, which is another
indication for the importance of training for cyber security.

2. Overview of the marketing management issues

Studies done in previous years pointed out low security awareness levels
among smartphone users[20, 21, 23]. *e results of the current study indicate that
risky behavior among users continues, and there is no clear improvement on
their securityawareness level.
 Everyone owning a mobile device should consider the basic security
recommendations listed below.
Companies allowing mobile devices on their networks would also be safer
if all employees followed these basic recommendations.

1. Use encryption to protect data on the device

2. Review and understand application permissions
3. Passcode or password protect the device
4. Install antivirus protection
5. Install firewall protection
6. Do not jailbreak or root the device
7. Avoid unknown wireless networks
8. Use VPNs over Wi-Fi
9. When using configurable Wi-Fi, use 20+ character passphrases with WPA2
10. Perform timely software updates 11. Do not install illegal or unauthorized
software
12. Do not install software from untrustworthy
13. Back-up data
14. Avoid clicking on unknown links
15. Setup remote data wipe if the device is lost or stolen
16. Avoid storing usernames and passwords on the device or in the browser

In 2013, people will purchase 1.2 billion mobile devices, surpassing PC’s
as the most common method for accessing the Internet. Mobile devices,
including smartphones and tablets, have rapidly developed in the last 5 years to
the point where they can no longer be ignored by organizations.
In computer history, the market share of smartphones overtook the
leadership of desktops in 2016, and mobiles, desktops, and tablets had 52.52%,
43.63%, and 3.85% of the market share as of June 2018, respectively. On the
one hand, there are many advantages in using smartphones, but on the other
hand, there are many security threats as well.
3. Discuss the root causes of the mistake or the reasons for the success

Managing mobile device security is no simple task and is not being

handled adequately in many organizations. Most of the survey respondents
reported that mobile devices are a security threat to their business, however 67%
reported that their companies either have no policies or controls for mobile
device usage on their network or that employees ignored the existing mobile
device usage policies.
Part of the solution is for organizations to create mobile device security
awareness and training and give it to all new and current employees on a
minimum annual basis. Such training would make users aware of antivirus,
firewall, and data wipe software, all available for free or inexpensively. Users
would also be made aware of malware and 3rd party markets. They would
understand the implications of jail breaking or rooting their devices and how their
actions affect their personal data as well as company data.

4. Discuss what can be learned from the case

To prevent such undesired events, smartphone users should be aware of

existing threats and countermeasures to be taken against them. Therefore, user
awareness is a critical factor for smartphone security.

In general, the awareness level of participants is fairly low, which needs

considerable improvement.
1. Being Aware of Developers of the Applications and their Repositories.
2. Being Aware of Smartphone User Responsibilities.
3. Being Aware of Risks of Uncontrolled Internet Connections.
4. Being Aware of Risks of Storing Credentials on Smartphone.
5. Being Aware of Technical Measures.
 In terms of age, the oldest group has the lowest level followed by the
youngest group. Education level, in general, has a positive effect on the
awareness level. Having knowledge about IT is another factor increasing the
security awareness level of smartphone users.

Submitted By:
WINLEN F. MALAPOTE
MSIT