MIS Quarterly Executive


Computers used at home are a growing security threat to corporate information systems because some employees have failed to implement appropriate security protections. Many employees now work from home for at least part of the time, or store corporate data on their home computers or other mobile devices, potentially placing corporate assets at risk of a data breach. Any organization that suffers a breach faces potentially significant financial, legal, and reputation repercussions. Further, unsecured home computers are increasingly compromised and subsequently used to launch attacks on third parties or to spread spam, viruses, or other malicious software.This article considers the leadership role that IT executives can play in helping to promote security on their employees’ home computers. It presents the results from a survey of U.S. adults who work full-time, use a computer at work, and access the internet at home. Our preliminary finding is that employer-sponsored security awareness and training programs can influence people to secure their computers at home.We measured both attitudes and behavior related to home computer security and assessed differences between individuals who had been exposed to employer-sponsored awareness and training programs and those who had not been exposed to such programs. We found that those who had been exposed to these programs scored significantly higher on factors that influence behavior and were also more likely to report that they engaged in behaviors to protect their home computers.However, a majority of survey respondents reported that they had not been exposed to training and awareness campaigns related to home computer security. We conclude, therefore, that organizations are missing a key opportunity to protect their own networks and data. Home computer security should be a top management priority, and we provide recommendations for developing security awareness and training programs as part of a comprehensive risk-management program.