Abstract
Whether malicious or not, employees’ actions can have significant and detrimental outcomes for their organizations. Such is the case in organizational cybersecurity, as many issues stem from trusted individuals who have access to sensitive data, information, and systems. We explore the phenomenon of employees’ security violations in the context of pandemic-induced stressors among employees working from home (WFH) during a 10-day period of the COVID-19 pandemic. By assessing several categories of stressors and violation behaviors among 333 WFH employees daily for two work weeks, we discovered several stressors that significantly explained security violations during the pandemic. Within-person deviations in competing demands due to security emerged as a significant predictor of a subsequent increase in violations, and the effect of privacy invasion/monitoring concerns was marginally significant. We also found evidence that family-to-work conflict resulted in higher levels of daily security violations, but work-to-family conflict failed to exhibit any significant relationship with our outcome of interest. Unexpectedly, moderator analyses indicate that employees’ sharing of digital devices with others in the WFH environment might limit rather than exacerbate the effects of daily stressors on security violations. Thus, technology- and non-technology-related factors are associated with employees’ decisions to violate their organizations’ security expectations in a WFH environment. Our findings provide an expanded view of how stressors relate to employees’ security violations and what organizations can do to limit them in times of crises.
Similar content being viewed by others
Notes
We also analyzed our model using the random intercept cross-lagged panel model (RI-CLPM) approach (see online supplemental file). Briefly, we found a few differences between the two approaches with respect to our set of controls but competing demands due to security (H1) and privacy invasion / monitoring perceptions (H2/H3) were supported in both. Family-to-work conflict (H5) exhibited a significant association with violations in our RI-CLPM analysis but in a negative direction overall. Multi-group assessments for our moderating hypotheses using RI-CLPM indicate the possibility that both digital device sharing (H7) and stress-related growth (H8) significantly moderate our model.
References
Abril, D., & Harwell, D. (2021). Keystroke tracking, screenshots, and facial recognition: The boss may be watching long after the pandemic ends. Washington Post. Retrieved April 6 from https://www.washingtonpost.com/technology/2021/09/24/remote-work-from-home-surveillance/
Abril, D. (2022). Ask Help Desk: What happens if you refuse to go back to the office? The Washington Post. Retrieved April 12 from https://www.washingtonpost.com/technology/2022/04/08/return-to-office-employee-rights/
Agogo, D., & Hess, T. J. (2018). “How does tech make you feel?” a review and examination of negative affective responses to technology use. European Journal of Information Systems, 27(5), 570–599.
Alder, G. S., & Ambrose, M. L. (2005). Towards understanding fairness judgments associated with computer performance monitoring: An integration of the feedback, justice, and monitoring research. Human Resource Management Review, 15(1), 43–67.
Aldwin, C. M., & Levenson, M. R. (2004). Posttraumatic growth: A developmental perspective. Psychological Inquiry, 15(1), 19–22.
Aldwin, C. M., Sutton, K. J., & Lachman, M. (1996). The development of coping resources in adulthood. Journal of Personality, 64(4), 837–871.
Alge, B. J. (2001). Effects of computer surveillance on perceptions of privacy and procedural justice. Journal of Applied Psychology, 86(4), 797.
Alge, B. J., Anthony, E., Rees, J., & Kannan, K. (2010). Controlling A, while hoping for B: Deviance deterrence and public versus private deviance. In C. A. Schriesheim & L. L. Neider (Eds.), The Dark Side of Management (pp. 115–141). Information Age Publishing.
Allen, T. D., French, K. A., Dumani, S., & Shockley, K. M. (2015). Meta-analysis of work–family conflict mean differences: Does national context matter? Journal of Vocational Behavior, 90, 90–100.
Allen, T. D., Merlo, K., Lawrence, R. C., Slutsky, J., & Gray, C. E. (2021). Boundary management and work-nonwork balance while working from home. Applied Psychology, 70(1), 60–84.
Ariss, S. S. (2002). Computer monitoring: Benefits and pitfalls facing management. Information & Management, 39(7), 553–558.
Aurigemma, S. (2013). A composite framework for behavioral compliance with information security policies. Journal of Organizational and End User Computing, 25(3), 32–51.
Bailey, D. E., & Kurland, N. B. (2002). A review of telework research: Findings, new directions, and lessons for the study of modern work. Journal of Organizational Behavior, 23(4), 383–400.
Balozian, P., & Leidner, D. (2017). Review of IS security policy compliance: Toward the building blocks of an IS security theory. The DATABASE for Advances in Information Systems, 48(3), 11–43.
Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. (2018). Don’t even think about it! The effects of antineutralization, informational, and normative communication on information security compliance. Journal of the Association for Information Systems, 19(8), 689–715.
Boals, A., & Schuler, K. L. (2018). Reducing reports of illusory posttraumatic growth: A revised version of the Stress-Related Growth Scale (SRGS-R). Psychological Trauma: Theory, Research, Practice, and Policy, 10(2), 190.
Boell, S. K., Cecez-Kecmanovic, D., & Campbell, J. (2016). Telework paradoxes and practices: The importance of the nature of work. New Technology, Work and Employment, 31(2), 114–131.
Bolger, N., & Laurenceau, J.-P. (2013). Intensive longitudinal methods: An introduction to diary and experience sampling research. New York, NY: The Guilford Press.
Brehm, J. W. (1966). A Theory of Psychological Reactance. Academic Press.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548.
Burns, A., Roberts, T. L., Posey, C., Bennett, R. J., & Courtney, J. F. (2018). Intentions to comply versus intentions to protect: A VIE theory approach to understanding the influence of insiders’ awareness of organizational SETA efforts. Decision Sciences, 49(6), 1187–1228.
Burns, A., Posey, C., & Roberts, T. L. (2021). Insiders’ adaptations to security-based demands in the workplace: An examination of security behavioral complexity. Information Systems Frontiers, 23(2), 343–360.
Canham, M., Posey, C., & Bockelman, P. S. (2020). Confronting information security’s elephant, the unintentional insider threat. In International Conference on Human-Computer Interaction, Copenhagen, Denmark, July 19-24, 2020.
Canham, M., Posey, C., Strickland, D., & Constantino, M. (2021). Phishing for long tails: Examining organizational repeat clickers and protective stewards. SAGE Open, 11(1).
Chalykoff, J., & Kochan, T. A. (1989). Computer-aided monitoring: Its influence on employee job satisfaction and turnover. Personnel Psychology, 42(4), 807–834.
Chatterjee, S., Sarker, S., & Valacich, J. S. (2015). The behavioral roots of information systems security: Exploring key factors related to unethical IT use. Journal of Management Information Systems, 31(4), 49–87.
Chen, A., & Karahanna, E. (2018). Life interrupted: The effects of technology-mediated work interruptions on work and nonwork outcomes. MIS Quarterly, 42(4), 1023–1042.
Chen, Y., Ramamurthy, K., & Wen, K.-W. (2015). Impacts of comprehensive information security programs on information security culture. Journal of Computer Information Systems, 55(3), 11–19.
Coate, P. (2021). Remote Work Before, During, and After the Pandemic. NCCI. Retrieved April 6 from https://www.ncci.com/SecureDocuments/QEB/QEB_Q4_2020_RemoteWork.html
Conway, J. M., & Lance, C. E. (2010). What reviewers should expect from authors regarding common method bias in organizational research. Journal of Business and Psychology, 25(3), 325–334.
Cram, W. A., D’Arcy, J., & Proudfoot, J. G. (2019). Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43(2), 525–554.
Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2021). When enough is enough: Investigating the antecedents and consequences of information security fatigue. Information Systems Journal, 31(4), 521–549.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90–101.
D’Arcy, J., & Teh, P.-L. (2019). Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information & Management, 56(7).
D’Arcy, J., & Devaraj, S. (2012). Employee misuse of information technology resources: Testing a contemporary deterrence model. Decision Sciences, 43(6), 1091–1124.
D’Arcy, J., & Greene, G. (2014). Security culture and the employment relationship as drivers of employees’ security compliance. Information Management & Computer Security, 22(5), 474–489.
D’Arcy, J., & Hovav, A. (2007). Deterring internal information systems misuse. Communications of the ACM, 50(10), 113–117.
D’Arcy, J., & Hovav, A. (2009). Does one size fit all? Examining the differential effects of IS security countermeasures. Journal of Business Ethics, 89(1), 59–71.
D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–98.
D’Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31(2), 285–318.
D’Arcy, J., Herath, T., Yim, M.-S., Nam, K., & Rao, H. R. (2018). Employee moral disengagement in response to stressful information security requirements: a methodological replication of a coping-based model. AIS Transactions on Replication Research, 4.
Dalal, R. S., Howard, D. J., Bennett, R. J., Posey, C., Zaccaro, S. J., & Brummel, B. J. (2022). Organizational science and cybersecurity: Abundant opportunities for research at the interface. Journal of Business and Psychology, 37(1), 1–29.
D’Arcy, J., & Lowry, P. B. (2019). Cognitive-affective drivers of employees’ daily compliance with information security policies: A multilevel, longitudinal study. Information Systems Journal, 29(1), 43–69.
Denning, T., Kohno, T., & Levy, H. M. (2013). Computer security and the modern home. Communications of the ACM, 56(1), 94–103.
Derfler-Rozin, R., & Pitesa, M. (2020). Motivation purity bias: Expression of extrinsic motivation undermines perceived intrinsic motivation and engenders bias in selection decisions. Academy of Management Journal, 63(6), 1840–1864.
Dorison, C. A., & Minson, J. A. (2022). You can’t handle the truth! Conflict counterparts over-estimate each other’s feelings of self-threat. Organizational Behavior and Human Decision Processes, 170, 104147.
Douthitt, E. A., & Aiello, J. R. (2001). The role of participation and control in the effects of computer monitoring on fairness perceptions, task satisfaction, and performance. Journal of Applied Psychology, 86(5), 867–874.
Duxbury, L., Higgins, C., & Neufeld, D. (1998). Telework and the balance between work and family: Is telework part of the problem or part of the solution? In M. Igbaria & M. Tan (Eds.), The Virtual Workplace (pp. 218–255). IGI Global.
Fadilpašić, S. (2021). Sharing devices at work could be your company's biggest security risk. TechRadar. Retrieved April 11 from https://www.techradar.com/news/sharing-devices-at-work-could-be-your-companys-biggest-security-risk
Fehr, R., Fulmer, A., & Keng-Highberger, F. T. (2020). How do employees react to leaders’ unethical behavior? The role of moral disengagement. Personnel Psychology, 73(1), 73–93.
Fine, S., Horowitz, I., Weigler, H., & Basis, L. (2010). Is good character good enough? The effects of situational variables on the relationship between integrity and counterproductive work behaviors. Human Resource Management Review, 20(1), 73–84.
Finnegan, M. (2022). Employee monitoring risks ‘spiraling out of control,’ union group warns. Computerworld. Retrieved April 6 from https://www.computerworld.com/article/3652513/employee-monitoring-risks-spiraling-out-of-control-union-group-warns.html
Fisher, C. D., & To, M. L. (2012). Using experience sampling methodology in organizational behavior. Journal of Organizational Behavior, 33(7), 865–877.
Frone, M. R., Russell, M., & Cooper, M. L. (1992). Prevalence of work-family conflict: Are work and family boundaries asymmetrically permeable? Journal of Organizational Behavior, 13(7), 723–729.
Gajendran, R. S., & Harrison, D. A. (2007). The good, the bad, and the unknown about telecommuting: Meta-analysis of psychological mediators and individual consequences. Journal of Applied Psychology, 92(6), 1524–1541.
Gartner. (2020). Gartner business continuity survey shows just 12 percent of organizations are highly prepared for coronavirus Gartner. Retrieved April 11 from https://www.gartner.com/en/newsroom/press-releases/2020-03-10-gartner-business-continuity-survey-shows-just-twelve-percernt-of-organizations-are-highly-prepared-for-coronavirsu
George, J. F. (1996). Computer-based monitoring: Common perceptions and empirical results. MIS Quarterly, 20(4), 459–480.
Golden, T. D. (2009). Applying technology to work: Toward a better understanding of telework. Organization Management Journal, 6(4), 241–250.
Green, J. S., & Dorey, P. (2016). The weakest link: Why your employees might be your biggest cyber risk. New York, NY: Bloomsbury Publishing.
Greene, G., & D’Arcy, J. (2010). Assessing the impact of security culture and the employee-organization relationship on IS security compliance. In 5th Annual Symposium on Information Assurance, Albany, NY. June 16-17, 2020.
Griffith, T. L. (1993). Monitoring and performance: A comparison of computer and supervisor monitoring 1. Journal of Applied Social Psychology, 23(7), 549–572.
Gruning, J., & Lindley, S. (2016). Things we own together: Sharing possessions at home. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, San Jose, CA. May 7-12, 2016.
Guo, K. H. (2013). Security-related behavior in using information systems in the workplace: A review and synthesis. Computers & Security, 32, 242–251.
Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28(2), 203–236.
Gwebu, K. L., Wang, J., & Hu, M. Y. (2020). Information security policy noncompliance: An integrative social influence model. Information Systems Journal, 30(2), 220–269.
Hällgren, M., Rouleau, L., & De Rond, M. (2018). A matter of life or death: How extreme context research matters for management and organization studies. Academy of Management Annals, 12(1), 111–153.
Hamaker, E. L., Kuiper, R. M., & Grasman, R. P. (2015). A critique of the cross-lagged panel model. Psychological Methods, 20(1), 102.
Harrington, S. J. (1996). The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Quarterly, 20(3), 257–278.
Hein, D. (2020). Navisite: One-third of companies were not prepared for work-from-home. Solutions Review. Retrieved April 6 from https://solutionsreview.com/mobile-device-management/navisite-one-third-of-companies-were-not-prepared-for-work-from-home/
Herath, T., Yim, M.-S., D’Arcy, J., Nam, K., & Rao, H. R. (2018). Examining employee security violations: Moral disengagement and its environmental influences. Information Technology & People, 31(6), 1135–1162.
Hesse, B. W. (1996). Using telework to accommodate the needs of employees with disabilities. Journal of Organizational Computing and Electronic Commerce, 6(4), 327–343.
Holland, S. J., Simpson, K. M., Dalal, R. S., & Vega, R. P. (2016). I can’t steal from a coworker if I work from home: Conceptual and measurement-related issues associated with studying counterproductive work behavior in a telework setting. Human Performance, 29(3), 172–190.
Hu, Q., West, R., & Smarandescu, L. (2015). The role of self-control in information security violations: Insights from a cognitive neuroscience perspective. Journal of Management Information Systems, 31(4), 6–48.
Im, G. P., & Baskerville, R. L. (2005). A longitudinal study of information system threat categories: The enduring problem of human error. The DATABASE for Advances in Information Systems, 36(4), 68–79.
Jacobs, M., Cramer, H., & Barkhuus, L. (2016). Caring about sharing: Couples' practices in single user device access. In Proceedings of the 19th International Conference on Supporting Group Work, Sanibel Island, FL. November 13-16, 2016.
Jensen, J. M., Opland, R. A., & Ryan, A. M. (2010). Psychological contracts and counterproductive work behaviors: Employee responses to transactional and relational breach. Journal of Business and Psychology, 25(4), 555–568.
Johns, G. (2006). The essential impact of context on organizational behavior. Academy of Management Review, 31(2), 386–408.
Jones, J. M. (2021). U.S. workers’ job worries easing; still above 2019 levels. Gallup. Retrieved April 15 from https://news.gallup.com/poll/354632/workers-job-worries-easing-above-2019-levels.aspx
Kerr, S. (1975). On the folly of rewarding A, while hoping for B. Academy of Management Journal, 18(4), 769–783.
Khasawneh, O. Y. (2018). Technophobia: Examining its hidden factors and defining it. Technology in Society, 54(1), 93–100.
Kidwell, R. E., & Sprague, R. (2009). Electronic surveillance in the global workplace: Laws, ethics, research and practice. New Technology, Work and Employment, 24(2), 194–208.
Kim, J. J., Park, E. H. E., & Baskerville, R. L. (2016). A model of emotion and computer abuse. Information & Management, 53(1), 91–108.
Kuo, K.-M., Talley, P. C., & Huang, C.-H. (2020). A meta-analysis of the deterrence theory in security-compliant and security-risk behaviors. Computers & Security, 96.
Lee, C., Lee, C. C., & Kim, S. (2016). Understanding information security stress: Focusing on the type of information security compliance activity. Computers & Security, 59, 60–70.
Leroy, S., Schmidt, A. M., & Madjar, N. (2021). Working from home during COVID-19: A study of the interruption landscape. Journal of Applied Psychology, 106(10), 1448–1465.
Liang, N., Biros, D. P., & Luse, A. (2016). An empirical validation of malicious insider characteristics. Journal of Management Information Systems, 33(2), 361–392.
Liu, X., Liao, H., Derfler-Rozin, R., Zheng, X., Wee, E. X., & Qiu, F. (2020). In line and out of the box: How ethical leaders help offset the negative effect of morality on creativity. Journal of Applied Psychology, 105(12), 1447.
Locklear, L. R., Taylor, S. G., & Ambrose, M. L. (2021). How a gratitude intervention influences workplace mistreatment: A multiple mediation model. Journal of Applied Psychology, 106(9), 1314.
Lowry, P. B., Posey, C., Bennett, R. J., & Roberts, T. L. (2015). Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust. Information Systems Journal, 25(3), 193–273.
Malhotra, N. K., Kim, S. S., & Patil, A. (2006). Common method variance in IS research: A comparison of alternative approaches and a reanalysis of past research. Management Science, 52(12), 1865–1883.
Mandeville, A., Manegold, J., Matthews, R., & Whitman, M. V. (2022). When all COVID breaks loose: Examining determinants of working parents' job performance during a crisis. Applied Psychology, 1–19.
Martin, K., & Freeman, R. E. (2003). Some problems with employee monitoring. Journal of Business Ethics, 43(4), 353–361.
Matthews, T., Liao, K., Turner, A., Berkovich, M., Reeder, R., & Consolvo, S. (2016). " She'll just grab any device that's closer" A Study of Everyday Device & Account Sharing in Households. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, San Jose, CA.
Matthews, R. A., Pineault, L., & Hong, Y.-H. (2022). Normalizing the use of single-item measures: Validation of the single-item compendium for organizational psychology. Journal of Business and Psychology, 1–36.
McClain, C., Vogels, E. A., Perrin, A., Sechopoulos, S., & Rainie, L. (2021). The Internet and the Pandemic. Pew Research Center. Retrieved April 11 from https://www.pewresearch.org/internet/2021/09/01/the-internet-and-the-pandemic/
Meng, N., Keküllüoğlu, D., & Vaniea, K. (2021). Owning and sharing: Privacy perceptions of smart speaker users. Proceedings of the ACM on Human-Computer Interaction, 5(CSCW1), 1–29.
Miller, C. C., Parlapiano, A., & Ngo, M. (2023). Child Care Disruptions Expected as Record Funding Nears an End. New York Times. Retrieved August 25 from https://www.nytimes.com/2023/06/21/upshot/child-care-daycare-disruptions.html
Ng, T. W., & Feldman, D. C. (2012). The effects of organizational and community embeddedness on work-to-family and family-to-work conflict. Journal of Applied Psychology, 97(6), 1233.
Ng, T. W., Lam, S. S., & Feldman, D. C. (2016). Organizational citizenship behavior and counterproductive work behavior: Do males and females differ? Journal of Vocational Behavior, 93, 11–32.
Ord, A. S., Stranahan, K. R., Hurley, R. A., & Taber, K. H. (2020). Stress-related growth: Building a more resilient brain. The Journal of Neuropsychiatry and Clinical Neurosciences, 32(3), A4-212.
Ormond, D., Warkentin, M., & Crossler, R. E. (2019). Integrating cognition with an affective lens to better understand information security policy compliance. Journal of the Association for Information Systems, 20(12), 1794–1843.
Pearce, J. A., Jr. (2009). Successful corporate telecommuting with technology considerations for late adopters. Organizational Dynamics, 38(1), 16–25.
Pérez, M. P., Sánchez, A. M., & de Luis Carnicer, M. (2002). Benefits and barriers of telework: Perception differences of human resources managers according to company’s operations strategy. Technovation, 22(12), 775–783.
Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers & Security, 31(4), 597–611.
Pindek, S., Zhou, Z. E., Kessler, S. R., Krajcevska, A., & Spector, P. E. (2021). Workdays are not created equal: Job satisfaction and job stressors across the workweek. Human Relations, 74(9), 1447–1472.
Posey, C., & Canham, M. (2018). A computational social science approach to examine the duality between productivity and cybersecurity policy compliance within organizations. International Conference on Social Computing, Behavioral-Cultural Modeling & Prediction and Behavior Representation in Modeling and Simulation, Washington, DC.
Posey, C., & Shoss, M. (2022). Research: Why Employees Violate Cybersecurity Policies. Harvard Business Review. Retrieved April 11 from https://hbr.org/2022/01/research-why-employees-violate-cybersecurity-policies
Posey, C., Bennett, B., Roberts, T., & Lowry, P. B. (2011). When computer monitoring backfires: Invasion of privacy and organizational injustice as precursors to computer abuse. Journal of Information System Security, 7(1), 24–47.
Posey, C., Roberts, T. L., Lowry, P. B., Bennett, R. J., & Courtney, J. F. (2013). Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189–1210.
Ravid, D. M., Tomczak, D. L., White, J. C., & Behrend, T. S. (2020). EPM 20/20: A review, framework, and research agenda for electronic performance monitoring. Journal of Management, 46(1), 100–126.
Roll, L. C., Siu, O.-L., Li, S. Y., & De Witte, H. (2019). Human error: The impact of job insecurity on attention-related cognitive errors and error detection. International Journal of Environmental Research and Public Health, 16(13), 2427.
Rubenstein, A. L., Morrison, H. M., Whiting, S. W., & Bosco, F. A. (2022). More money, more problems? An examination of the dynamic relationship between income and work–family conflict. Journal of Occupational and Organizational Psychology, 95(2), 305–331.
Rudolph, C. W., Allan, B., Clark, M., Hertel, G., Hirschi, A., Kunze, F., Shockley, K., Shoss, M., Sonnentag, S., & Zacher, H. (2021). Pandemics: Implications for research and practice in industrial and organizational psychology. Industrial and Organizational Psychology, 14(1–2), 1–35.
Sackett, P. R. (2002). The structure of counterproductive work behaviors: Dimensionality and relationships with facets of job performance. International Journal of Selection and Assessment, 10(1–2), 5–11.
Sampson, R. J., & Laub, J. H. (1992). Crime and deviance in the life course. Annual Review of Sociology, 18(1), 63–84.
Shin, B., Sheng, O. R. L., & Higa, K. (2000). Telework: Existing Research and Future Directions. Journal of Organizational Computing and Electronic Commerce, 10(2), 85–101.
Shockley, K. M., Clark, M. A., Dodd, H., & King, E. B. (2021). Work-family strategies during COVID-19: Examining gender dynamics among dual-earner couples with young children. Journal of Applied Psychology, 106(1), 15–28.
Shoss, M. K. (2017). Job insecurity: An integrative review and agenda for future research. Journal of Management, 43(6), 1911–1939.
Shoss, M. K., Hunter, E. M., & Penney, L. M. (2016). Avoiding the issue: Disengagement coping style and the personality–CWB link. Human Performance, 29(2), 106–122.
Shoss, M. K., Su, S., Schlotzhauer, A. E., & Carusone, N. (2022). Working hard or hardly working? An examination of job preservation responses to job insecurity. Journal of Management, 01492063221107877.
Siegel, R., König, C. J., & Lazar, V. (2022). The impact of electronic monitoring on employees' job satisfaction, stress, performance, and counterproductive work behavior: A meta-analysis. Computers in Human Behavior Reports, 8, 100227.
Smith, Z. S. (2022). Cybercriminals Stole $6.9 Billion In 2021, Using Social Engineering To Break Into Remote Workplaces. Forbes. Retrieved April 6 from https://www.forbes.com/sites/zacharysmith/2022/03/22/cybercriminals-stole-69-billion-in-2021-using-social-engineering-to-break-into-remote-workplaces/?sh=792f67166cf5
Soll, J. B., Palley, A. B., & Rader, C. A. (2022). The bad thing about good advice: Understanding when and how advice exacerbates overconfidence. Management Science, 68(4), 2949–2969.
Spector, P. E., Fox, S., Penney, L. M., Bruursema, K., Goh, A., & Kessler, S. (2006). The dimensionality of counterproductivity: Are all counterproductive behaviors created equal? Journal of Vocational Behavior, 68(3), 446–460.
Stanton, J. M., Stam, K. R., Mastrangelo, P., & Jolton, J. (2005). Analysis of end user security behaviors. Computers & Security, 24(2), 124–133.
Stollberger, J., Las Heras, M., & Rofcanin, Y. (2021). Sharing is caring: The role of compassionate love for sharing coworker work–family support at home to promote partners’ creativity at work. Journal of Applied Psychology, 107(10), 1824–1842.
Straub, D. W. (1990). Effective IS security: An empirical study. Information Systems Research, 1(3), 255–276.
Straub, D. W., & Nance, W. D. (1990). Discovering and disciplining computer abuse in organizations: A field study. MIS Quarterly, 14(1), 45–60.
Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: Security planning models for management decision making. MIS Quarterly, 22(4), 441–469.
Suomi, R., & Pekkola, J. (1998). Inhibitors and motivators for telework: Some Finnish experiences. European Journal of Information Systems, 7(4), 221–231.
Syed, N. (2020). Leaders ‘unprepared’ to manage remote teams. Human Resources Director. Retrieved April 6 from https://www.hcamag.com/us/news/general/leaders-unprepared-to-manage-remote-teams/217194
Tabahriti, S. (2022). Most managers in the US would fire workers or cut their pay if they refuse to return to the office full-time this year, survey shows. Business Insider. Retrieved April 12 from https://www.businessinsider.com/managers-fire-workers-no-return-office-full-time-covid-19-2022-4
Takeuchi, R., Guo, N., Teschner, R. S., & Kautz, J. (2021). Reflecting on death amidst COVID-19 and individual creativity: Cross-lagged panel data analysis using four-wave longitudinal data. Journal of Applied Psychology, 106(8), 1156.
Tams, S., Ahuja, M., Thatcher, J., & Grover, V. (2020). Worker stress in the age of mobile technology: The combined effects of perceived interruption overload and worker control. The Journal of Strategic Information Systems, 29(1), 101595.
Tittle, C. R., Ward, D. A., & Grasmick, H. G. (2003). Gender, age, and crime/deviance: A challenge to self-control theory. Journal of Research in Crime and Delinquency, 40(4), 426–453.
Trang, S., & Brendel, B. (2019). A meta-analysis of deterrence theory in information security policy compliance research. Information Systems Frontiers, 21(6), 1265–1284.
Trinkle, B. S., Crossler, R. E., & Warkentin, M. (2014). I’m game, are you? Reducing real-world security threats by managing employee activity in online social networks. Journal of Information Systems, 28(2), 307–327.
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3–4), 190–198.
Vander Elst, T., De Witte, H., & De Cuyper, N. (2014a). The Job Insecurity Scale: A psychometric evaluation across five European countries. European Journal of Work and Organizational Psychology, 23(3), 364–380.
Vander Elst, T., Richter, A., Sverke, M., Näswall, K., De Cuyper, N., & De Witte, H. (2014b). Threat of losing valued job features: The role of perceived control in mediating the effect of qualitative job insecurity on job strain and psychological withdrawal. Work & Stress, 28(2), 143–164.
Vaziri, H., Casper, W. J., Wayne, J. H., & Matthews, R. A. (2020). Changes to the work–family interface during the COVID-19 pandemic: Examining predictors and implications using latent transition analysis. Journal of Applied Psychology, 105(10), 1073–1087.
Vazquez, C., Valiente, C., García, F. E., Contreras, A., Peinado, V., Trucharte, A., & Bentall, R. P. (2021). Post-traumatic growth and stress-related responses during the COVID-19 pandemic in a national representative sample: The role of positive core beliefs about the world and others. Journal of Happiness Studies, 22(7), 2915–2935.
Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information systems security: The insider threat. European Journal of Information Systems, 18(2), 101–105.
Welbourne, J. L., & Sariol, A. M. (2017). When does incivility lead to counterproductive work behavior? Roles of job involvement, task interdependence, and gender. Journal of Occupational Health Psychology, 22(2), 194.
Westin, A. F. (1967). Privacy and Freedom. Atheneum.
Wheeler, L., & Reis, H. T. (1991). Self-recording of everyday life events: Origins, types, and uses. Journal of Personality, 59(3), 339–354.
White, J. C., Ravid, D. M., & Behrend, T. S. (2020). Moderating effects of person and job characteristics on digital monitoring outcomes. Current Opinion in Psychology, 31(February), 55–60.
Willison, R., & Lowry, P. B. (2018). Disentangling the motivations for organizational insider computer abuse through the rational choice and life course perspectives. The DATABASE for Advances in Information Systems, 49(SI), 81–102.
Willison, R., & Warkentin, M. (2013). Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly, 37(1), 1–20.
Willison, R., Warkentin, M., & Johnston, A. C. (2018). Examining employee computer abuse intentions: Insights from justice, deterrence and neutralization perspectives. Information Systems Journal, 28(2), 266–293.
Woltjer, R. (2017). Workarounds and trade-offs in information security–an exploratory study. Information & Computer Security, 25(4), 402–420.
Yan, Z., Robertson, T., Yan, R., Park, S. Y., Bordoff, S., Chen, Q., & Sprissler, E. (2018). Finding the weakest links in the weakest link: How well do undergraduate students make cybersecurity judgment? Computers in Human Behavior, 84(July), 375–382.
Yaokumah, W., Walker, D. O., & Kumah, P. (2019). SETA and security behavior: Mediating role of employee relations, monitoring, and accountability. Journal of Global Information Management, 27(2), 102–121.
Yost, A. B., Behrend, T. S., Howardson, G., Badger Darrow, J., & Jensen, J. M. (2019). Reactance to electronic surveillance: A test of antecedents and outcomes. Journal of Business and Psychology, 34(1), 71–86.
Zhang, J., Luo, X., Akkaladevi, S., & Ziegelmayer, J. (2009). Improving multiple-password recall: An empirical study. European Journal of Information Systems, 18(2), 165–176.
Acknowledgements
This work was supported by National Science Foundation RAPID Award #2030845, Division of Social and Economic Sciences. The views expressed here are the authors’ and do not reflect those of the National Science Foundation.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Additional supplementary materials may be found here by searching .
on article title.
Supplementary Information
Below is the link to the electronic supplementary material.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Posey, C., Shoss, M. Employees as a Source of Security Issues in Times of Change and Stress: A Longitudinal Examination of Employees’ Security Violations during the COVID-19 Pandemic. J Bus Psychol (2023). https://doi.org/10.1007/s10869-023-09917-4
Accepted:
Published:
DOI: https://doi.org/10.1007/s10869-023-09917-4