Computer users often behave insecurely, and do not take the precautions they ought to. One reads
almost daily about people not protecting their devices, not making backups and falling for
phishing messages. This impacts all of society since people increasingly carry a computer in their
pockets: their smartphones. It could be that smartphone owners simply do not know enough about
security threats or precautions. To address this, many official bodies publish advice online. For
such a broadcast-type educational approach to work, two assumptions must be satisfied. The first
is that people will deliberately seek out security-related information and the second is that they
will consult official sources to satisfy their information needs. Assumptions such as these ought to
be verified, especially with the numbers of cyber attacks on the rise.
It was decided to explore the validity of these assumptions by surveying students at a South
African university, including both Computer Science and Non-Computer Science students. The
intention was to explore levels of awareness of Smartphone security practice, the sources of
advice the students used, and the impact of a Computer Science education on awareness and
information seeking behaviours. Awareness, it was found, was variable across the board but
poorer amongst students without a formal computing education. Moreover, it became clear that
students often found Facebook more helpful than public media, in terms of obtaining security
advice
