How to keep your information secure? Toward a better understanding of users security behavior

Abstract

Use of computers and the Internet is an integral part of our lives, with business becoming more digital. As a result, individuals are using their home computers to perform diverse tasks and to store sensitive data. This paper investigates the relative efficacy of two strategies to protect home computers from security threats: security tools and security activities. For the analysis, we collected data from over 1900 individuals in Spain, following an approach combining self- reported data, via an online survey, with actual data collected directly from home users' computers. The main contribution of the paper is to provide a model, based on routine activity theory, explaining the role of security tools and security activities in protecting personal computers from malware infection, thus offering an in-depth understanding of users' security behavior. Using multivariate, logit and probit regressions, our study reveals that having security tools is positively related with higher risk activities and more infections, while pursuing security activities reduces malware infections. These results have important implications for policy makers and organizations, reinforcing the view that security tools are not sufficient to protect users from malware infection, and the need to develop security education and awareness programs for computer users.