Understanding SME employees' security behaviours when performing work tasks using BYOD from multiple work locations

The focus of this study is to examine the security behaviours of SME employees who unintentionally misuse information systems or do not comply with security policies when working from multiple locations using BYOD. SMEs underestimate the security risk their employees may encounter when working from locations other than a central office location. SMEs have resource constraints (human and financial capital) that preclude them from focusing on protecting information assets. At the same time, SMEs attract talent by offering flexible work arrangements such as working from home, a co-working centre or other locations other than the office (anywhere working). This study investigated factors that explain SME employees’ security behaviour. The constructs for the theoretical model were developed from protection motivation theory, the theory of planned behaviour, habit, hardiness and stress. The constructs were empirically validated using data collected from 294 SME employees. The results of the study show that hardiness, stress and habit have a significant impact on employee’s security intentions when working from multiple locations using BYOD. The study contributes to information security study by highlighting the importance of an employee’s hardiness personality trait in framing their positive security behaviour.