Phishing ecosystem : A Qualitative Analysis of Phishing Susceptibility in Employees Who Work from Home

Abstract: In the wake of the coronavirus pandemic, work from home (WFH) has emerged as the new normal. Organizations continue to utilize some combination of telework and work from office (WFO) but tend to overlook the cybersecurity-related implications of such disruptive practices. Research examining cyberthreats in WFH scenarios has generally assessed the role of the human factor as the weakest link. On the other hand, the impact of different situational factors onemployees' susceptibility has been largely overlooked except for the physical environment. The current study addresses this gap in the literature by examining the influence of situational factors on employees' susceptibility to phishing emails. Phishing is chosen as the cyberthreat of interest owing to its pervasiveness and associated costs. An exploratory research design is implemented to conduct qualitative semi-structured interviews with eight employees who have both WFO and WFH experience. Emergent data is interpreted using the thematic analysis method. Findings reveal that multiple situational influences such as physical environment, social surroundings, task definition, temporal perspective, and antecedent states positively affect employees susceptibility to phishing emails. The current study explains the documented trends by drawing upon literature and concludes that teleworking exacerbates workers' susceptibility to phishing threats as a function of the human-situation interaction.