Patching The “Human” in Information Security: Using the Inoculation Defense to Confer Resistance Against Phishing Attacks

The COVID-19 pandemic has transformed the workspace, thrusting countless employees from organizational work settings to their homes, where they work virtually to access key organizational assets through their cyberinfrastructure. This large-scale virtual workforce imposes drastic cybersecurity issues, threats, and challenges to organizations. To onboard and train employees, companies are left with mainly virtual means to deliver SETA training, using two common training approaches: rule-based and mindfulness. Employees are also facing more challenges and distractions at home where practicing rules and mindfulness can become particularly difficult. Drawing on inoculation theory, this study proposes a new training approach to promote higher resiliency and “umbrella protection” against increasing phishing attacks. This study plans to conduct a mobile phishing SETA training field study at an organization to empirically examine the efficacy of the proposed inoculation-based security training method for work-from-home scenarios.