Article Preview
TopIntroduction
Bring Your Own Device (BYOD) refers to the provision and use of personal mobile devices (smartphones, tablets or laptops) by employees for both private and business purposes. This phenomenon reflects a growing “consumerization” trend in information technology (IT), i.e., the adoption in a work context of consumer market technologies (Harris et al., 2012; Jarrahi et al., 2017). An increasing number of companies around the world are being confronted with BYOD, as the worldwide market could represent $318 billion by 2022 (Research and Markets, 2017). Thus, BYOD is of particular interest in that it is said to increase employees’ motivation, satisfaction, innovation, levels of comfort, and performance (Harris et al., 2012), offering new productivity gains at the organizational level (Köffer et al., 2015) while reducing technological costs (Singh, 2012). However, this phenomenon also raises technical, security and legal problems (Harris et al., 2012) and entails actual risks for the information security (ISS) of end users’ data and devices.
Several studies have investigated security and privacy issues related to mobile device use in a leisure context (Keith et al., 2013, Wottricht et al., 2018). In a professional context, from the organizational point of view, previous research has investigated BYOD adoption and practices by employees (Fujimoto et al., 2016; Lee et al., 2017). The dangers that BYOD poses for organizations have also been investigated (Dang-Pham & Pittayachawan, 2015). However, despite the significant personal ISS concerns expressed by BYOD users (Garba et al., 2017), to the best of the authors’ knowledge, no study has addressed employees’ protective behaviors related to their own information and tools in the professional context of BYOD, which is the primary and most important knowledge gap addressed by this paper.
In the context of ISS, numerous studies have examined employees’ protective behavior (i.e., problem-focused coping strategies), which is separated into two streams: ISS policy compliance (Moody et al., 2018) and the implementation of ISS protective measures (Barlette et al., 2017). Previous studies were focused on the determinants of these problem-focused strategies. However, none explained what happens when an individual does not act and adopts an emotion-focused strategy (i.e., passive) nor provided insight into the determinants of problem-focused (i.e., active) vs. emotion-focused strategies. To fill this second gap, this paper uses the coping model of user adaptation (CMUA). The CMUA has been created to explore behaviors related to the perception of IT events (Beaudry & Pinsonneault, 2005). In the case of threatening IT events, it postulates that individuals can adopt two distinct coping strategies, which are based on the individual’s perceived control over this threatening situation. In the case of high control, the adopted coping strategy is problem-focused (i.e., conducting threat-reducing actions); when no behavior alternative is perceived as reliable, the adopted coping strategy is emotion-focused (i.e., denial or passive acceptance) (Beaudry & Pinsonneault, 2005; Moser et al., 2011). Therefore, through the use of the CMUA, adapted to BYOD and ISS contexts, this paper aims to better understand the problem-focused and emotion-focused coping strategies that stem from employees’ perceived threats concerning the ISS of their personal data and mobile tools.