Tips, Tricks, and Training: Supporting Anti-Phishing Awareness among Mid-Career Office Workers Based on Employees' Current Practices

5Citations
Citations of this article
26Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Preventing workplace phishing depends on the actions of every employee, regardless of cybersecurity expertise. Based on 24 semi-structured interviews with mid-career office workers (70.8% women, averaging 44 years old) at two U.S. universities, we found that less than 21% of our participants had any formal anti-phishing training. Much of what our participants know about phishing comes from informal sources that emphasize "tips"and "tricks"like those found in conversations with friends, news stories, newsletters, social media, and podcasts. These informal channels provide opportunities for IT professionals wishing to enhance employees' anti-phishing awareness by better aligning the delivery of expert advice with employees' current practices and desires. We provide four recommendations designed to embrace "guerrilla learning"by distributing anti-phishing educational resources across the workplace and workday in part to encourage the delivery of more accurate information in more informal and incidental ways, and greater dialogue between anti-phishing training instructors and learners.

Cite

CITATION STYLE

APA

Tally, A. C., Abbott, J., Bochner, A. M., Das, S., & Nippert-Eng, C. (2023). Tips, Tricks, and Training: Supporting Anti-Phishing Awareness among Mid-Career Office Workers Based on Employees’ Current Practices. In Conference on Human Factors in Computing Systems - Proceedings. Association for Computing Machinery. https://doi.org/10.1145/3544548.3580650

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free