Data breaches cost companies millions of dollars and untold costs to reputation and customer loyalty.
More than 50 percent of such information security incidents have been attributed to organizations’ current and former employees, says Bauer Ph.D. candidate Vanessa Durner, leading her to pursue dissertation research that highlights specific steps organizations can take to encourage employees to perform protective behavior, such as using secure passwords.
Among her findings:
- Employees are more likely to act on security concerns (create better passwords, etc.) if they understand the ramifications of their negligent behavior. Fear-based messages that emphasize the individual cost and likelihood of information security threats can motivate employees to take action to protect themselves and their organizations.
- Organizations should stress appropriate security behaviors, such as keeping passwords confidential and avoiding password reuse, as a company or business-wide norm.
- Individuals tend to think their passwords are more secure than they actually are. Offering specific information about how to perform appropriate security behavior (such as how to create a secure password) is more effective than general admonitions about the importance of such behavior.
Prior to pursuing a Ph.D. in management information systems in the Department of Decision & Information Sciences at Bauer, Durner earned a B.S. in human and organizational development from Vanderbilt University and a M.S. in software engineering from UH-Clear Lake.
By Julie Bonnin