Information security issues make the news regularly with stories detailing the breach of one database or another that put someone’s personal information at risk.
Those breaches always pique the interest of Lynn Heinrichs, an associate professor of computing sciences and business administration, whose research focuses on data security and privacy.
A few years ago, when smartphones started gaining popularity, Heinrichs along with Beth Jones, a colleague from Western Carolina University, started surveying business students about security practices while using cell phones.
“Smartphone security is a hot topic right now,” Heinrichs says. “Smartphones are replacing computers for younger audiences. People use them for financial transactions and storing sensitive information. Organizations are adopting BYOD (bring your own device) policies in the workplace so unsecured smartphones are risky for individuals as well as organizations.”
In 2011, their survey found that only about one third of the students questioned owned smartphones. A year later, they followed up with the same survey but expanded the number of people to undergraduate students in general. They asked the same questions both times and found that the number of students using smartphones increased dramatically but only a few used security measures to protect their information.
“In a lot of cases, people weren’t even using the simplest security techniques such as setting a passcode,” Heinrichs says. “That’s not a complicated thing to do. Most people know how to do it but for some reason, they were not doing it.”
In the early survey, there weren’t a lot of people who used their phones for financial transactions. That changed over time. In 2012, more students used their smartphones for online banking but most didn’t take steps to protect their information. Both surveys revealed that men tended to use riskier security behaviors than women. These results were included in a research paper—“Do Business Students Practice Smartphone Security?”—published in the Journal of Computer Information Systems.
“The thing that surprised us is that there wasn’t any difference between those who used their phones for financial transactions and those who didn’t with respect to security practices,” Heinrichs says. “We were expecting people who used phones for financial transactions to employ a lot of security.”
Smartphone use has exploded in the last two years and when it comes to technology, that kind of rapid growth often leads to unexpected consequences, which is why Heinrichs now plans to study people’s security practices over longer periods of time. She wants to know if people will change their habits the more they use smartphone applications that potentially put data at risk.
“What we don’t know is why they don’t use a particular feature,” Heinrich says. “We know that a little more than half use a passcode or a pattern of some sort in order to access their phone. We don’t know why others don’t.”
As a result of the research, Heinrichs is in the process of developing training materials for use in the classroom so students will become more aware of safe security practices—information she expects they will eventually take into the workplace. Heinrichs and Jones have written “Tools and Tips for Teaching Smartphone Security” that will be published in Issues in Information Systems in October 2013.
As the use of smartphones and other mobile devices continues to grow, many companies are developing security policies in order to protect valuable data. Heinrichs says students need to know how to protect a company’s information and their own.
“It’s a great time to introduce the concept of security to help people understand what features they have that can help them and what behaviors they should be careful about engaging in,” she says.
Heinrichs has developed and taught several computer information systems courses since joining Elon’s faculty in 2003. She earned her bachelor’s and master’s degrees from the University of Illinois at Urbana and a doctor of education in business education with a concentration in management information system from Northern Illinois University. Throughout her career, she has secured several teaching-related grants, developed curriculum, led student research projects and been published in multiple peer-reviewed publications.