In today’s always-connected world, people frequently use personal electronic devices to complete work-related tasks, a phenomenon called “Bring Your Own Device” (BYOD).
“Employees generally prefer the convenience of being able to use their own devices to work from any location, increasing efficiency, productivity and flexibility,” said Tina Loraas, Taylor Associate Professor in the School of Accountancy at the Harbert College of Business. “In client-focused businesses, many view being responsive to clients 24/7/365 as the hallmark of good client service, and a competitive advantage.”
Despite these benefits, BYOD can also expose firms to data security risks. According to James Long, associate professor and Atlanta Alumni Fellow in the School of Accountancy, “Personal electronic devices are often less-secure than corporate devices that are controlled and maintained by a firm’s IT department. Therefore, these devices may provide hackers and malware with an easier avenue of attack on corporate networks, potentially compromising a firm’s confidential data.”
To address this threat, firms have begun to adopt official BYOD policies which detail standards of behavior and security for employees who engage in BYOD. However, many employees fail to fully comply with these policies, rendering them ineffective. “One employee might be highly inclined to follow a company’s BYOD policies, while another might feel like compliance is burdensome and not worth the effort,” said Loraas.
Loraas and Long address this issue in their award-winning paper “Understanding Compliance with Bring Your Own Device Policies Utilizing Protection Motivation Theory: Bridging the Intention Behavior Gap,” co-authored with Rob Crossler (Washington State) and Brad Trinkle (Mississippi State).
The researchers were presented the inaugural Journal of Information Systems Best Paper Award at the annual American Accounting Association conference on Aug. 8 in San Diego. The award was created to recognize a paper published by the Journal of Information Systems that has made the greatest impact or has the potential to make the greatest impact on accounting information systems research.
“It is quite an honor to win this award,” said Long. “We are grateful for the recognition, and we hope that our work will enable companies to effectively foster BYOD policy compliance, and will facilitate future academic research on the practical issues surrounding the BYOD phenomenon.”
The paper examines factors that determine whether employees follow BYOD policies and finds that employees are more motivated to comply with policies when they believe that they are capable of effectively complying, and that compliance effectively addresses serious threats BYOD poses to corporate data and information systems.
Therefore, to increase policy compliance, the paper suggests that corporate BYOD training focus on: 1) increasing employees’ self-efficacy with respect to compliance behavior, 2) increasing perceived response efficacy by explaining how each policy effectively responds to security and data privacy threats, and 3) informing employees about the severity of potential threats related to unsecure BYOD behavior.