A longitudinal study on improving employee information protective knowledge and behaviors. Issue 116 (May 2022)
- Record Type:
- Journal Article
- Title:
- A longitudinal study on improving employee information protective knowledge and behaviors. Issue 116 (May 2022)
- Main Title:
- A longitudinal study on improving employee information protective knowledge and behaviors
- Authors:
- Bélanger, France
Maier, Jürgen
Maier, Michaela - Abstract:
- Highlights: Repeated, mandatory exposure to security and privacy news increases knowledge. Knowledge has greater impact on information protective behavior than motivation. Measuring behavior, not intentions, and actual knowledge is crucial. Firms need holistic employee compliance programs with repeated information exposure. Consider storytelling to make security training more relevant. Abstract: Research shows it is challenging to ensure that individuals use information protective behaviors (e.g., secure passwords, turning off tracking features), especially on smartphones. Concurrently, employees increasingly use their own devices for work (BYOD), but with limited compliance with BYOD policies. This research studies the role of knowledge in increasing employees' use of information protective settings, and explores how exposure to security and privacy news can increase such knowledge. A 10-month field intervention with 826 corporate trainees who received daily newspapers covering privacy and security articles. Our findings show that it is possible to increase employee knowledge of security and privacy, and in turn positively affect their usage of information protective settings over time through repeated, perceived-to-be-mandatory information exposure. The study contributes to a better understanding of the importance of measuring actual knowledge in studies of employee behavioral actions towards protection of organizational information. The results suggest organizations needHighlights: Repeated, mandatory exposure to security and privacy news increases knowledge. Knowledge has greater impact on information protective behavior than motivation. Measuring behavior, not intentions, and actual knowledge is crucial. Firms need holistic employee compliance programs with repeated information exposure. Consider storytelling to make security training more relevant. Abstract: Research shows it is challenging to ensure that individuals use information protective behaviors (e.g., secure passwords, turning off tracking features), especially on smartphones. Concurrently, employees increasingly use their own devices for work (BYOD), but with limited compliance with BYOD policies. This research studies the role of knowledge in increasing employees' use of information protective settings, and explores how exposure to security and privacy news can increase such knowledge. A 10-month field intervention with 826 corporate trainees who received daily newspapers covering privacy and security articles. Our findings show that it is possible to increase employee knowledge of security and privacy, and in turn positively affect their usage of information protective settings over time through repeated, perceived-to-be-mandatory information exposure. The study contributes to a better understanding of the importance of measuring actual knowledge in studies of employee behavioral actions towards protection of organizational information. The results suggest organizations need holistic employee compliance programs, where in addition to developing policies, as well as compliance testing and sanctions, they provide repeated information exposure. Graphical abstract: Image, graphical abstract … (more)
- Is Part Of:
- Computers & security. Issue 116(2022)
- Journal:
- Computers & security
- Issue:
- Issue 116(2022)
- Issue Display:
- Volume 116, Issue 116 (2022)
- Year:
- 2022
- Volume:
- 116
- Issue:
- 116
- Issue Sort Value:
- 2022-0116-0116-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-05
- Subjects:
- Knowledge -- Information protective behavior -- Motivation -- Longitudinal study -- Information security and privacy
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2022.102641 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 21278.xml