Employees’ behavior in phishing attacks: what individual, organizational and technological factors matter?

Phishing, as a social engineering attack has become an increasing threat to organizations in cyberspace. To prevent this, a well-designed continuous security training and educational program needs to be established and enforced in organizations. Prior studies have focused on phishing attack from a limited view of technology countermeasure, e-mail’s characteristic, information processing, and securing individual’s behaviors to tackle existing gaps. In this research, we developed a theoretical model of factors that influence users in the clicking of phishing e-mails from a broader Socio-Technical perspective. We applied Protection Motivation Theory (PMT) and habit theory for investigating individual factors, Theory of Planned Behavior (TPB) and Deterrence Theory for investigating organizational and technological factors accordingly. The findings revealed habit and protective countermeasure positively affect clicking on phishing e-mails, whereas, no effect of the procedural countermeasures was evident. The results of this study can be used to design phishing simulation exercise and embedded training for vulnerable employees

Investigating Physical Interaction with Digital Data through the Materialization of Email Handling

Adopting a re-materialization approach, we designed and implemented an everyday interactive artifact that enables an individual to monitor and establish the reconfirmation time of email data. This device represents a new means of handling and interacting with email. To investigate the value of the materialization of email data through a daily interactive object, Maili, we conducted a 1-month field study with five participants in their work environments. The results showed that applying physicality to email handling helped to increase accessibility to and interest in the data, as well as in the reconfirmation function of email. Results also indicated the value of combining non-digital (the tray) with digital functions. By presenting the process of using the dematerialized data, our findings offer new insights into how we can materialize digital information in everyday tangible artifacts. RESEARCH HIGHLIGHTS Design and implementation of a device called 'Maili' that can manage emails with physical interactions Understanding design process toward email data materialization Findings from a month-long in-field study of the device in an office environment Considerations for designing future everyday artifacts materializing digital dat