Remote work security: Scared workers are prepared workers, study shows
Remote workers fear what could go wrong when it comes to their employer's information technology security, and this fear is the greatest motivator for them to protect it, according to a recent study published in Computers & Security. The study, conducted by researchers at Washington State University, the University of North Texas, and Oklahoma State University, provides valuable insights for employers on how to keep their information safe as millions of Americans continue to work remotely.
The study compared two approaches for motivating security compliance behaviors in remote work situations. The first approach, known as protection motivation theory, relies on fear appeals, threat messages, and promoting self-efficacy to encourage secure behaviors. This approach often involves surveillance to monitor employee actions and has been used effectively in the past to deter risky behaviors at work or discourage unhealthy practices like smoking or unsafe sex.
The second approach, known as stewardship theory, focuses on motivating employees through a sense of moral responsibility rather than fear. It encourages employees to buy into the organization's overall vision and provides them with organizational support to act independently when faced with a security threat.
READ MORE | How to get more women in cybersecurity
The study surveyed 339 employees who worked at companies with IT security policies and presented them with scenario-based surveys related to common policy violations in remote work situations. The findings revealed that while stewardship theory aligns more with the concept of working from home, the approach that relied on fear and threats emphasized in protection motivation theory was more effective at preventing employees from violating security policies.
However, the researchers also found that integrating factors of both theories, particularly promoting a sense of collectivism from stewardship theory that emphasizes the mutual benefits of good behavior for both the employee and the employer, increased the efficacy of protection motivation theory-based methods.
Robert Crossler, corresponding author for the study and associate professor in the Carson College of Business at Washington State University, explained, "The more workers felt that their organization's resources were their own, the more likely they were to respond in the desired way. Instilling a sense of collectivism in employees is only going to help enhance people's likelihood of protecting security policies."
READ MORE | Protect your payroll! Global risks in the coming years
Interestingly, the study also revealed that in some cases, a protection motivation theory approach to IT security could backfire and result in security misbehaviors. The authors of the study recommend that companies should consider removing or reducing surveillance practices that are commonly associated with protection motivation theory. Where removal is not feasible, providing employees with contextual reasons for monitoring may be beneficial.
"This is really the first study that brings stewardship theory and protection motivation theory together in the context of IT security for people working from home," Crossler noted. "While stewardship theory did not work as well as protection motivation, our results suggest that managerial decisions informed by a stewardship perspective can help to provide a further understanding of security policy violations that motivates employees to make the right decision."
As remote work continues to be a prevalent trend in the modern workforce, employers can use these insights to effectively motivate their employees to prioritize information technology security and safeguard their valuable data. After all, in the era of remote work, protecting against potential security threats is no longer just an IT department's responsibility but requires the collective effort of all employees.