Securing the human: Employee security vulnerability risk in organizational settings
Journal of the American Society for Information Science and Technology
Published online on June 22, 2017
Abstract
As organizational security breaches increase, so too does the need to fully understand the human factors that lead to these breaches and take the necessary steps to minimize threats. The present study evaluates how three sets of employee characteristics (demographic, company‐specific, and skills‐based) predict an employee's likelihood of becoming a security breach victim. In order to move beyond traditional evaluations of security threats, which generally consider security threats individually, analyses in this paper approach security vulnerability from a more holistic approach to analyze four risk categories concurrently: phishing, passwords, bring your own device (BYOD), and company‐supplied laptops. Findings from a survey of 250 employees at a medium‐sized American information technology (IT) consulting firm identify higher‐risk employees across the four risk areas and provide new insights into the challenges organizations face when trying to ensure the protection of company data.