Date of Conferral

2022

Degree

Doctor of Information Technology (D.I.T.)

School

Information Systems and Technology

Advisor

Constance Blanson

Abstract

Organizations that do not adequately protect sensitive data are at high risk of data breaches. Organization leaders must protect confidential information as failing to do so could result in irreparable reputation damage, severe financial implications, and legal consequences. This study used a multiple case study design to explore small businesses’ strategies for protecting their customers’ PII against phishing attacks. This study’s population comprised information technology (IT) managers in small businesses in Northern Virginia. The conceptual framework used in this study was the technology acceptance model. Data collection was performed using telephone interviews with IT managers (n = 6) as well as secondary data analysis of documents related to information security (n = 13). Thematic analysis was used to analyze and code the data, which resulted in four themes. The first theme to emerge was that users are the first line of defense in protecting PII. The second theme to emerge was that preventing phishing attacks is challenging for small businesses. The third theme to emerge was that users are a challenge in protecting PII from phishing attacks. The final theme to emerge was that user awareness and training is the best defense against phishing attacks. A recommendation is that information security training should be performed consistently while senior leadership fosters an environment that promotes acceptable security behavior and attitudes. The findings of this study may promote positive social change by helping IT leaders develop effective strategies or frameworks for protecting their customers’ PII from phishing attacks.

Download

Share

 
COinS