A qualitative investigation of bank employee experiences of information security and phishing

Dan Conway, Ronnie Taib, Mitch Harris, Kun Yu, Shlomo Berkovsky, Fang Chen

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

Abstract

Staff behaviour is increasingly understood to be an important determinant of an organisations' vulnerability to information security breaches. In parallel to the HCI and CSCW literature, models drawn from cognitive and health psychology have suggested a number of mental variables that predict staff response to security threats. This study began with these models, but engaged in a broader, discovery-orientated, qualitative investigation of how these variables were experienced, interacted subjectively, and what further variables might be of relevance. We conducted in-depth, semi-structured interviews consisting of open and closed questions with staff from a financial services institution under conditions of strict anonymity. Results include a number of findings such as a possible association between highly visible security procedures and low perceptions of vulnerability leading to poor security practices. We also found self-efficacy was a strong determinant of staff sharing stories of negative experiences and variances in the number of non-relevant emails that they process. These findings lead to a richer, deeper understanding of staff experiences in relation to information security and phishing.
Original languageEnglish
Title of host publicationProceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017)
Place of PublicationUnited States
PublisherUSENIX Association
Pages115-129
Number of pages15
ISBN (Electronic)9781931971393
Publication statusPublished - 2017
Externally publishedYes
EventThirteenth Symposium on Usable Privacy and Security (SOUPS 2017) - Santa Clara, United States
Duration: 12 Jul 201714 Jul 2017

Conference

ConferenceThirteenth Symposium on Usable Privacy and Security (SOUPS 2017)
CountryUnited States
CitySanta Clara
Period12/07/1714/07/17

Fingerprint

Dive into the research topics of 'A qualitative investigation of bank employee experiences of information security and phishing'. Together they form a unique fingerprint.

Cite this