Coping Strategies and Paradoxes Related to BYOD Information Security Threats in France

Coping Strategies and Paradoxes Related to BYOD Information Security Threats in France

Paméla Baillette (University of Bordeaux, Bordeaux, France) and Yves Barlette (Montpellier Business School, Montpellier, France)
Copyright: © 2020 |Pages: 28
DOI: 10.4018/JGIM.2020040101

Abstract

Bring Your Own Device (BYOD) refers to the provision and use of personal mobile devices by employees for both private and business purposes. Although there has been research on BYOD, little attention has been paid to employees' perception of threats to their personal information security (ISS) when using a BYOD, especially in a professional context. This article investigates employee coping strategies related to BYOD ISS threats in France. The results of a survey of 223 employees indicate that while perceived behavioral control exerts only direct effects on problem-focused (i.e., disturbance handling) and emotion-focused (i.e., self-preservation) coping strategies, ISS concern exhibits significant direct and moderating influences. Several security paradoxes could be identified, namely, discrepancies between the respondents' ISS concern and the adopted coping strategies. This article offers the first insights into the French context and can serve as a basis for comparisons in future research and to help improve employees' personal ISS in the professional context.
Article Preview
Top

Introduction

Bring Your Own Device (BYOD) refers to the provision and use of personal mobile devices (smartphones, tablets or laptops) by employees for both private and business purposes. This phenomenon reflects a growing “consumerization” trend in information technology (IT), i.e., the adoption in a work context of consumer market technologies (Harris et al., 2012; Jarrahi et al., 2017). An increasing number of companies around the world are being confronted with BYOD, as the worldwide market could represent $318 billion by 2022 (Research and Markets, 2017). Thus, BYOD is of particular interest in that it is said to increase employees’ motivation, satisfaction, innovation, levels of comfort, and performance (Harris et al., 2012), offering new productivity gains at the organizational level (Köffer et al., 2015) while reducing technological costs (Singh, 2012). However, this phenomenon also raises technical, security and legal problems (Harris et al., 2012) and entails actual risks for the information security (ISS) of end users’ data and devices.

Several studies have investigated security and privacy issues related to mobile device use in a leisure context (Keith et al., 2013, Wottricht et al., 2018). In a professional context, from the organizational point of view, previous research has investigated BYOD adoption and practices by employees (Fujimoto et al., 2016; Lee et al., 2017). The dangers that BYOD poses for organizations have also been investigated (Dang-Pham & Pittayachawan, 2015). However, despite the significant personal ISS concerns expressed by BYOD users (Garba et al., 2017), to the best of the authors’ knowledge, no study has addressed employees’ protective behaviors related to their own information and tools in the professional context of BYOD, which is the primary and most important knowledge gap addressed by this paper.

In the context of ISS, numerous studies have examined employees’ protective behavior (i.e., problem-focused coping strategies), which is separated into two streams: ISS policy compliance (Moody et al., 2018) and the implementation of ISS protective measures (Barlette et al., 2017). Previous studies were focused on the determinants of these problem-focused strategies. However, none explained what happens when an individual does not act and adopts an emotion-focused strategy (i.e., passive) nor provided insight into the determinants of problem-focused (i.e., active) vs. emotion-focused strategies. To fill this second gap, this paper uses the coping model of user adaptation (CMUA). The CMUA has been created to explore behaviors related to the perception of IT events (Beaudry & Pinsonneault, 2005). In the case of threatening IT events, it postulates that individuals can adopt two distinct coping strategies, which are based on the individual’s perceived control over this threatening situation. In the case of high control, the adopted coping strategy is problem-focused (i.e., conducting threat-reducing actions); when no behavior alternative is perceived as reliable, the adopted coping strategy is emotion-focused (i.e., denial or passive acceptance) (Beaudry & Pinsonneault, 2005; Moser et al., 2011). Therefore, through the use of the CMUA, adapted to BYOD and ISS contexts, this paper aims to better understand the problem-focused and emotion-focused coping strategies that stem from employees’ perceived threats concerning the ISS of their personal data and mobile tools.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 29: 4 Issues (2021): 3 Released, 1 Forthcoming
Volume 28: 4 Issues (2020): 3 Released, 1 Forthcoming
Volume 27: 4 Issues (2019)
Volume 26: 4 Issues (2018)
Volume 25: 4 Issues (2017)
Volume 24: 4 Issues (2016)
Volume 23: 4 Issues (2015)
Volume 22: 4 Issues (2014)
Volume 21: 4 Issues (2013)
Volume 20: 4 Issues (2012)
Volume 19: 4 Issues (2011)
Volume 18: 4 Issues (2010)
Volume 17: 4 Issues (2009)
Volume 16: 4 Issues (2008)
Volume 15: 4 Issues (2007)
Volume 14: 4 Issues (2006)
Volume 13: 4 Issues (2005)
Volume 12: 4 Issues (2004)
Volume 11: 4 Issues (2003)
Volume 10: 4 Issues (2002)
Volume 9: 4 Issues (2001)
Volume 8: 4 Issues (2000)
Volume 7: 4 Issues (1999)
Volume 6: 4 Issues (1998)
Volume 5: 4 Issues (1997)
Volume 4: 4 Issues (1996)
Volume 3: 4 Issues (1995)
Volume 2: 4 Issues (1994)
Volume 1: 4 Issues (1993)
View Complete Journal Contents Listing