Search results
1 – 10 of over 3000Tuğçe Karayel, Bahadır Aktaş and Adem Akbıyık
The purpose of this paper is to investigate the cyber hygiene practices of remote workers.
Abstract
Purpose
The purpose of this paper is to investigate the cyber hygiene practices of remote workers.
Design/methodology/approach
This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory, developed within this paper’s context, to evaluate the cybersecurity measures adopted by organizations for remote workers. It was conducted on remote workers to examine their information security practices. The instrument was administered to a sample of 442 employees reached via the LinkedIn platform. Analyses were performed with SPSS v26, Python programming language and Seaborn library.
Findings
The findings indicate a significant correlation between the security measures implemented by companies and their employees’ cyber hygiene practices. A sector comparison revealed a significant difference in cyber hygiene levels between public and private sector workers.
Research limitations/implications
This paper aims to provide policymakers with suggestions for enhancing the cyber hygiene of remote workers to facilitate compliance with corporate security protocols.
Originality/value
This paper’s conclusions highlight the importance of companies increasing their cybersecurity investments as remote work becomes more prevalent. This should consider not only corporate-level factors but also employees' information and computer security behaviors.
Details
Keywords
Binh Huu Nguyen and Huong Nguyen Quynh Le
This study aims to investigate the moderating role of sociodemographic factors, specifically age and education level, in the knowledge-attitude-behavior (KAB) model concerning…
Abstract
Purpose
This study aims to investigate the moderating role of sociodemographic factors, specifically age and education level, in the knowledge-attitude-behavior (KAB) model concerning information security awareness (ISA) amid growing technological threats.
Design/methodology/approach
This study uses a survey methodology, collecting data from 400 working individuals in Vietnam, to test the applicability of the KAB model and evaluate the moderating effects of age and education on the model’s established relationships. In addition, the theoretical model and hypotheses were evaluated using the partial least squares structural equation model (PLS-SEM) approach.
Findings
This research confirms the relationships posited in the KAB model. Notably, it shows that younger employees showcase a more positive attitude and behavior toward information security compared with their older counterparts. In addition, higher education levels strengthen the positive association between information security knowledge and attitude. The findings underscore the imperative for organizations to consider sociodemographic variables when formulating strategies to enhance ISA.
Originality/value
This study extends the KAB model by exploring the impact of sociodemographic factors, focusing on age and education in ISA. Overcoming the oversight in current literature, particularly in the context of technological threats, the research uses PLS-SEM and targets a specific demographic in Vietnam.
Details
Keywords
This investigation serves a dual purpose: providing preliminary results and serving as a pilot study to confirm the viability of the hypotheses advanced towards a full-scale…
Abstract
Purpose
This investigation serves a dual purpose: providing preliminary results and serving as a pilot study to confirm the viability of the hypotheses advanced towards a full-scale study. This paper aims to present the preliminary findings of an investigation that explored the constructs of personality traits and situational crime prevention theory (SCPT) as antecedents to social cognitive determinants (attitude, perceived behavioural control and subjective norms using the theory of planned behaviour [TPB] framing) and how these elements subsequently estimate compliant information security behaviour. Moreover, this paper delves into the contrasting influences of light and dark personality traits on insider information security compliance.
Design/methodology/approach
A cross-sectional survey was conducted to study SCPT measures and the personality factors dyad using a diverse but limited sample (n = 82).
Findings
There were ten significant direct relationships between SCPT factors and personality traits related to the components of the TPB. Seventeen hypotheses were not supported. However, these findings highlight the complexity of the topic under study.
Practical implications
Understanding individual differences within the compliance model could be used for custom training protocols, employee selection, assignment and specific types of information security interventions.
Originality/value
There is a scarcity of studies considering the effects of situational and personality factors, specifically the dark versus light triad of personality traits within the information security domain. Therefore, this preliminary result provides early insight that could guide further studies. This research could have important implications for organisations at risk of insider attacks.
Details
Keywords
Despite the growing concern about security breaches and risks emerging from Shadow IT usage, a type of information security violation committed by organizational insiders, this…
Abstract
Purpose
Despite the growing concern about security breaches and risks emerging from Shadow IT usage, a type of information security violation committed by organizational insiders, this phenomenon has received little scholarly attention. By integrating the dual-factor theory, unified theory of acceptance and use of technology (UTAUT) and social control theory, this research aims to examine facilitating and deterring factors of Shadow IT usage intention.
Design/methodology/approach
An online survey was performed to obtain data. As this study aims at investigating the behavior of organizational insiders, LinkedIn, an employment-oriented network site, was chosen as the main site to reach the potential respondents.
Findings
The results show that while performance expectancy, effort expectancy and subjective norms considerably impact intention to use Shadow IT, personal norms and sanctions-related factors exert no influence. Besides, an organizational factor of ethical work climate is found to significantly increase individual perceptions of informal controls and formal controls.
Originality/value
This work is the first attempt to extend the generalizability of the dual-factor theory and UTAUT model, which primarily has been utilized in the context of system usage, to the new context of information security. This study is also one of few studies that simultaneously take both organizational and individual factors into consideration and identify its impacts on user's behaviors in the information security context.
Details
Keywords
Hassan Jamil, Tanveer Zia, Tahmid Nayeem, Monica T. Whitty and Steven D'Alessandro
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However…
Abstract
Purpose
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.
Design/methodology/approach
The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.
Findings
The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.
Originality/value
The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.
Details
Keywords
Yong Sun, Ya-Feng Zhang, Yalin Wang and Sihui Zhang
This paper aims to investigate the cooperative governance mechanisms for personal information security, which can help enrich digital governance research and provide a reference…
Abstract
Purpose
This paper aims to investigate the cooperative governance mechanisms for personal information security, which can help enrich digital governance research and provide a reference for the formulation of protection policies for personal information security.
Design/methodology/approach
This paper constructs an evolutionary game model consisting of regulators, digital enterprises and consumers, which is combined with the simulation method to examine the influence of different factors on personal information protection and governance.
Findings
The results reveal seven stable equilibrium strategies for personal information security within the cooperative governance game system. The non-compliant processing of personal information by digital enterprises can damage the rights and interests of consumers. However, the combination of regulatory measures implemented by supervisory authorities and the rights protection measures enacted by consumers can effectively promote the self-regulation of digital enterprises. The reputation mechanism exerts a restricting effect on the opportunistic behaviour of the participants.
Research limitations/implications
The authors focus on the regulation of digital enterprises and do not consider the involvement of malicious actors such as hackers, and the authors will continue to focus on the game when assessing the governance of malicious actors in subsequent research.
Practical implications
This study's results enhance digital governance research and offer a reference for developing policies that protect personal information security.
Originality/value
This paper builds an analytical framework for cooperative governance for personal information security, which helps to understand the decision-making behaviour and motivation of different subjects and to better address issues in the governance for personal information security.
Details
Keywords
Effective information security management (ISM) contributes to building a healthy organizational digital ecology. However, few studies have built an analysis framework for…
Abstract
Purpose
Effective information security management (ISM) contributes to building a healthy organizational digital ecology. However, few studies have built an analysis framework for critical influencing factors to discuss the combined influence mechanism of multiple factors on ISM performance (ISMP). This study aims to explore the critical success factors and understand how these factors contribute to ISMP.
Design/methodology/approach
This study used a mixed-method approach to achieve this study’s research goals. In Study 1, the authors conducted a qualitative analysis to take a series of International Organization for Standardization/International Electrotechnical Commission standard documents as the basis to refine the critical factors that may influence organizations’ ISMP. In Study 2, the authors built a research model based on the organizational control perspective and used the survey-based partial least squares-based structural equation modeling (PLS-SEM) approach to understand the relationships between these factors in promoting ISMP. In Study 3, the authors used the fuzzy set qualitative comparative analysis (fsQCA) method to empirically analyze the complex mechanisms of how the combinations of the factors affect ISMP.
Findings
The following three research findings are obtained. First, based on the text-based qualitative analysis, the authors refined the critical success factors that may increase ISMP, including information security policies (ISP), top management support (TMS), alignment (ALI), information security risk assessment (IRA), information security awareness (ISA) and information security culture (ISC). Second, the PLS-SEM testing results confirmed TMS is the antecedent variable motivating organization’s formation (ISP) and information control (ISC) approaches; these two types of organization control approaches increase IRA, ISA and ALI and then promote ISMP directly and indirectly. Third, the fsQCA testing results found two configurations that can achieve high ISMP and one driving path that leads to non-high ISMP.
Originality/value
This study extends knowledge by exploring configuration factors to improve or impede the performances of organizations’ ISM. To the best of the authors’ knowledge, this study is one of the first to explore the use of the fsQCA approach in information security studies, and the results not only revealed causal associations between single factors but also highlighted the critical role of configuration factors in developing organizational ISMP. This study calls attention to information security managers of an organization should highlight the combined effect between the factors and reasonably allocate organizational resources to achieve high ISMP.
Details
Keywords
Tim Wright, Zainab Ruhwanya and Jacques Ophoff
The COVID-19 pandemic necessitated a significant shift in how employees executed their professional responsibilities. Concurrently, the incidence of cybercrime experienced a…
Abstract
Purpose
The COVID-19 pandemic necessitated a significant shift in how employees executed their professional responsibilities. Concurrently, the incidence of cybercrime experienced a noteworthy surge due to the increased utilisation of cyberspace. The abrupt transition to telecommuting altered the interpersonal dynamics inherent in traditional work environments. This paper aims to examine the impact of interpersonal factors on the cybercrime preventative measures adopted by telecommuting employees.
Design/methodology/approach
A conceptual model, grounded in the Theory of Interpersonal Behaviour, is evaluated through an online survey. The data set comprises responses from 209 employees in South Africa, and the analysis uses partial least squares structural equation modelling.
Findings
The results reveal substantial predictive power to explain cybercrime preventative behaviours. Notably, the study underscores the significant influence of habit and affect on intention and subsequent behaviour.
Practical implications
The results suggest that practitioners should give due attention to emotional dimensions (affect) as a catalyst for information security behaviour. The formulation of employees’ information security responsibilities should be pragmatic, fostering subconscious compliance to establish routine behaviour (habit).
Originality/value
This research underscores the pivotal roles played by habit and emotions in shaping behavioural patterns related to information security. Furthermore, it provides researchers with an illustrative model for operationalising these constructs within the realm of security. The results contribute additional perspectives on the repercussions of the COVID-19 pandemic on cybercrime preventative behaviours.
Details
Keywords
Shiu-Wan Hung, Min-Jhih Cheng and Yu-Jou Tung
The adoption of mobile payment remains low in certain regions, highlighting the need to identify the factors that enable and inhibit its adoption. This study aims to address this…
Abstract
Purpose
The adoption of mobile payment remains low in certain regions, highlighting the need to identify the factors that enable and inhibit its adoption. This study aims to address this gap by investigating the role of information security, loss aversion and the moderating influence of the herd effect on Inertia and behavioral intentions in the adoption of mobile payment systems.
Design/methodology/approach
A structural equation model was developed and tested with 332 valid questionnaires to examine the proposed hypotheses.
Findings
The empirical results reveal that information security plays a significant role as an enabler, while loss aversion acts as an inhibitor of mobile payment adoption. Furthermore, the study uncovers the moderating influence of the herd effect on the relationship between Inertia and behavioral intentions.
Research limitations/implications
This study was conducted in a specific region and may not be generalizable to other regions. Future studies could expand the sample size and scope to enhance the external validity of the findings.
Practical implications
This study offers practical implications for mobile payment service providers. Understanding the key enabling and inhibiting factors identified in this study can guide providers in designing and improving their services. Strengthening information security measures can help build trust among potential adopters, while offering incentives can mitigate the impact of loss aversion and encourage early adoption.
Social implications
The findings of this study have social implications as they contribute to promoting the adoption of mobile payment systems. Increased adoption can enhance financial inclusion and stimulate economic development.
Originality/value
This study provides novel insights into the enabling and inhibiting factors of mobile payment adoption and highlights the moderating role of the herd effect. By shedding light on the influence of social norms on individual behavior in the context of mobile payment adoption, this study contributes to the existing literature and advances our understanding of this phenomenon.
Details
Keywords
Rebecca Dei Mensah, Stephen Tetteh, Jacinta Martina Annan, Raphael Papa Kweku Andoh and Elijah Osafo Amoako
The purpose of this study was to investigate the roles of employee experience and top management commitment in the relationship between human resource (HR) records management…
Abstract
Purpose
The purpose of this study was to investigate the roles of employee experience and top management commitment in the relationship between human resource (HR) records management culture and HR records privacy control in organisations in Ghana.
Design/methodology/approach
Structural equation modelling was used in analysing the data. Following the specification of the model, three main types of analyses were carried out. They were reflective measurement model analyses to test reliability and validity; formative measurement model analyses to test redundancy, collinearity, significance and relevance of the lower-order constructs; and structural model analyses to ascertain the explanatory and predictive powers of the model, significance of the hypotheses and their effect sizes.
Findings
The study confirmed that communication, privacy awareness and training and risk assessment are dimensions of HR records management culture. Concerning the hypotheses, it was established that HR records management culture is related to HR records privacy control. Also, the study showed that employee experience positively moderated the relationship HR records management culture has with HR records privacy control. However, top management commitment negatively moderated the relationship HR records management culture has with HR records privacy control.
Practical implications
Organisations committed to the privacy control of HR records need to ensure the retention of their employees, as the longer they stay with the organisation, the more they embody the HR records management culture which improves the privacy control of HR records. For top management commitment, it should be restricted to providing strategic direction for HR records privacy control, as the day-to-day influence of top management commitment on the HR records management culture does not improve the privacy control of HR records.
Originality/value
This study demonstrates that communication, privacy awareness and training and risk assessment are dimensions of HR record management culture. Also, the extent of employee experience and top management commitment required in the relationship between HR records management culture and HR records privacy control is revealed.
Details