Smartphone information security awareness: A victim of operational pressures

Smartphone information security awareness describes the knowledge, attitude and behaviour that employees apply to the security of the organisational information that they access, process and store on their smartphone devices. The surge in the number of smartphone devices connecting to organisational systems and used to process organisational data has enabled a new level of operational efficiency. While employees are aware of the benefits they enjoy by bringing their personal devices into the workplace, managers too are aware of the benefits of having a constantly connected workforce. Unfortunately, those aware of the risks to information security do not share an equal level of enthusiasm. These devices are owned by employees who are not adequately skilled to configure the security settings for acceptable security of that information. Moreover, routine information security awareness programmes, even if applied, gradually fade into the daily rush of operations from the day they are completed.This paper explores the factors which influence these oscillating levels of information security awareness. By applying an adapted version of an awareness model from the domain of accident prevention, the factors which cause diminishing awareness levels are exposed. Subsequently, information security awareness emerges as a symptom of such factors. Through geometrical modelling of the boundaries and pressures that govern our daily operations, an awareness model emerges. This model ensures that organisations are better equipped to monitor their information security awareness position, their boundaries and the daily pressures affecting the organisation, thus allowing them to design better integrated policies and procedures to encourage safe operating limits. The model is evaluated using a theory evaluation framework through an expert review process.