Information technology security policies are designed explicitly to protect IT systems. However, overly restrictive information security policies may be inadvertently creating an unforeseen information risk by encouraging users to bypass protected systems in favor of personal devices, where the potential loss of organizational intellectual property is greater. Organizations that implement overly restrictive web filtering, website blocking, and other security measures to protect the integrity of their information systems are likely introducing a risk that sensitive or protected information will be processed on personal devices, outside of the organizational framework, as users identify the most efficient and effective way to accomplish work-related tasks unimpeded. Current models regarding the acceptance and use of technology, primarily TAM3 and UTAUT2, address the use of technology in organizations and by consumers, but little research has been done to identify an appropriate model to begin to understand what factors would influence users that can choose between using their own personal device and using organizational IT assets, separate and distinct from “bring your own device” constructs. This research aims to bridge that divide by identifying the factors that influence users to select their own device to overcome organizational restrictions in order to accomplish their work.
Pieron, Tyler M. and Smith, James N., "Non-Malicious Information Exposure Through Personal Device Usage" (2018). WISP 2018 Proceedings. 34.