Cybersecurity when working from home during COVID-19: considering the human factors

Abstract

This research examined the lives of Australian employees who moved to work from home during COVID-19. Taking a unique approach to cybersecurity, we sought to gain insights into the intermingling of individuals’ personal lives and technology to inform policies and educational programmes. The study employed interpretative phenomenological analysis to understand 27 participants’ lived experiences under lockdown. We found that psychological (e.g. stress, anxiety, confidence, motivation) and sociological (e.g. sharing physical spaces, digital divide) factors impacted employees’ likelihood and ability to engage in effective cybersecurity practices. So did new ways of using technology (e.g. teaching via Zoom), which elucidated unexpected but significant security concerns (e.g. naked children in virtual classrooms). We suggest that cyber educators and policymakers take a Vygotskian approach, which considers that social interaction is central to learning. This assumption means that personal factors must be considered instead of a ‘one-size-fits-all approach’. We argue that organizations should think about approaches that consider the employees’ psychological state before training (and perhaps find ways to reduce anxiety), helping employees redesign their home workspaces to ensure privacy and concentration, and updating employees’ digital devices. Practitioners and scholars can also apply these results post-COVID-19, especially if the ‘new working normal’ provides options for employees to work from home.