Information security threats and organizational readiness in nWFH scenarios

Guruprasad B Jayarao,Sanjog Ray,Prabin Kumar Panigrahi
DOI: https://doi.org/10.1016/j.cose.2024.103745
IF: 5.105
2024-02-04
Computers & Security
Abstract:The COVID-19 pandemic has led to the development of new organizational working models, such as new-work-from-home (nWFH). The new working models were not only primarily implemented in software development organizations using information technology but also in other types of organizations where nWFH was feasible. The sudden transition to work from home (WFH) gave rise to a new concept of nWFH, which was characterized by inadequate planning, design, or testing, thereby posing security risks to information systems. The existing body of literature pertaining to organizational readiness has primarily concentrated on large organizations, encompassing many contexts such as innovation, knowledge management, and healthcare. The concept of remote work, referred to as nWFH (New-Work from Home), has demonstrated diverse impacts on organizations under distinct contextual settings. The ability of large organizations to effectively move to remote operations is attributed to their prior experience and comfort with such practices, as well as their capacity to invest in robust software and technology solutions that provide high levels of security. Nevertheless, the implementation of remote work arrangements posed considerable challenges to small and medium enterprises (SMEs), due to their limited past exposure and financial constraints. These variables increased their susceptibility to any decrease in production, even if it was only for a single day. Here by SMEs, we refer to the medium sized organizations. Medium-sized organizations are often the focus of cybercriminals due to their relatively insufficient security systems and processes when compared to larger organizations, making them vulnerable to assaults. As a result of the widespread adoption of remote work arrangements, medium-sized enterprises have exhibited a lower level of preparedness in managing their operations compared to larger organizations. Consequently, this research aims to solve this disparity specifically within the context of medium sized organizations. Exploratory methodology was employed in this study, wherein primary data was collected through in-depth interviews with a sample size of 20 subject matter experts from medium sized organizations. Through the application of content analysis on the transcripts of the interviews, our study has identified eleven distinct criteria that have a significant role in determining the level of organizational preparedness for information security risks in the context of remote work arrangements. In this study, we identified and examined six factors that have been previously discussed in the literature: resource readiness, cultural readiness, strategic readiness, information technology readiness, cognitive readiness, and partnership readiness. Additionally, we discovered five new factors through our research: security valence, cybersecurity risk management through "cyber insurance", balanced confidentiality, integrity, and availability (CIA), absence of work-from-home (WFH) policy, and organizational and technical best practices. We discuss the practical and research ramifications of this investigation.
computer science, information systems
What problem does this paper attempt to address?