Enterprise Information Security Awareness and Behavior as an Element of Security Culture During Remote Work

Enterprise Information Security Awareness and Behavior as an Element of Security Culture During Remote Work

Nur Sena Tanriverdi (Bogazici University, Turkey) and Bilgin Metin (Bogazici University, Turkey)
DOI: 10.4018/978-1-7998-7513-0.ch008
OnDemand PDF Download:
Available
$37.50
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

It's the first time that many users are operating their work from home. There is not only the tension of the uncertainty around the COVID-19 pandemic but also a time for adjusting people to their remote working habits considering ever-increasing cyber-attacks. When employees work in an office, there is an IT team working with them closely for their information security problems. However, it is difficult to provide sufficient information security protection that can compensate for human errors in remote working. Information security familiarity, information security awareness, and information security behavior are critical concepts to consider again during the pandemic as the new normal. In this chapter, a literature review will be conducted for information security awareness and information security familiarity concepts. Analysis of the context of these concepts is the aim of this chapter. This study can give insight to understand, evaluate, and determine the information security behavior of employees during new remote working conditions.
Chapter Preview
Top

Introduction

It's the first time that many users are operating their work from home. There is not only the tension of the uncertainty around the COVID-19 pandemic but also a time for adjusting people to their remote working habits. The top management has already understood how difficult to keep information security in an office environment where information security culture is not a part of the community. It is now extra complicated to make sure workers uphold their security safe activities and habits for remote working environments. Top management should develop a particular information security protection culture for remote employees to assist the IT department and security leaders and personnel in this transition phase.

When people work in an office building, security awareness as a part of security culture (AlKalbani, Deng, & Kam, 2015) was high on the list. However, when their information security practices also alter as people change their work routines. Therefore, in this chapter, information security awareness that plays a much more critical role in remote work will be examined.

Finding more sophisticated and practical solutions to protect data and information systems against advanced security threats is essential in both theory and practice. Technologies and laws are evolving in order to have more useful, robust and smarter protection methods. Also, researchers investigate the human element of information security so as to measure the behavior and security awareness level of people.

In practice, security technology is continuously improved to protect systems better. Some disciplines are helping this improvement, such as machine learning and artificial intelligence. Security systems become more useful, robust and smarter to protect information systems. In today's world, laws and regulations are also developing, such as European Union General Data Protection Regulation (Eugdpr.org, n.d.) to constitute a base for a risky security environment.

On the other hand, in recent studies, researchers investigate different dimensions of security. They have a common aim which is better protection. One of the main focuses of these studies is people. Because of that, people involve information systems. People are part of an information oriented world in the end. Their behavior in a workplace which has a great potential to threaten information systems is the main focus of studies in this area. To understand people's behavior, there are various approaches that have been measured in different levels, such as organizational, individual and socio-environmental (Haeussinger & Kranz, 2017; Jaeger, Ament, & Eckhardt, 2017). Understanding the human factor in information security is one of the most important approaches to change people's behavior and security awareness. Factors that affect behavior and/or information security awareness of people are usually investigated to improve security habit, behavior, and awareness level of them.

These developments become more critical in digital transformation, which is necessary for all companies in new working conditions caused by Covid-19. An example of digital transformation using cloud services can be considered. According to the results of an information security survey conducted globally by PricewaterhouseCoopers (PwC), 63 percent of respondents claimed that their companies run their information technology (IT) function in the cloud. The 36 percent of respondents are running their operation function in the cloud, while the percentage of customer service is 36, market and sales is 34 and finance function is 32 in the cloud (2016). With the effect of digitalization, information security becomes more and more important. According to 59 percent of the global information security survey respondents, digitalization leads companies to increase spending on security. Additionally, people become more involved in the information-oriented world and more integrated with information security systems. Thus, the skills of employees should be adapted to the new conditions.

Whether employees can be a part of information security protection in their companies has become more crucial in this new working condition. To understand, determine, guess their behavior and guide them have become vital. Information security familiarity, information security awareness, information security incident awareness, information security behavior are critical concepts to consider again during the new normal. It is more significant to improve employees' behavior without any distinction between professions as well as information security awareness education and training programs.

Key Terms in this Chapter

Remote Work: A style of working that enables employees to work from outside of the office.

Information Security Awareness: An awareness in information security area.

Information Security Behavior: A behavior affects information security that represents how one person behaves while using or interacting information asset of a company like information systems or data.

Information Security Familiarity: A familiarity in information security area.

Complete Chapter List

Search this Book:
Reset