Factors Inﬂuencing Employees’ Information Security Awareness in the Telework Environment

: This study aims to identify and examine factors inﬂuencing employees’ information security awareness (ISA) in the telework environment. Speciﬁcally, the authors identify and examine the inﬂuence factors rooted in the knowledge-attitude-behavior (KAB) model (i.e


Introduction
With the extensive application of online meetings, instant messaging, and document collaboration in organizations, remote work (also known as telework) could become more productive. The number of teleworkers is drastically increasing across various industries [1], especially during the COVID-19 pandemic [2,3]. Telework is a work style in which employees remotely undertake their tasks without commuting to their organization's office [4]. Empirical studies on information security have indicated that employees' misbehaviors are often perceived as the direct and/or indirect cause of the majority of organizational information security incidents including both intentional and unintentional [5][6][7][8]. Thus, organizations create information security policies (ISPs) to provide employees with guidelines on ensuring information security in their jobs [9]. Telework inevitably increases information security risks because of out-of-sight and distributed controls of the organization [10]. For example, employees who choose to work from home cannot ensure that the home environment is equipped to adhere to basic security requirements. Furthermore, some organizations do not develop a telework security policy that defines teleworkers' standards, boundaries, and responsibilities to prevent and respond to security incidents. These situations could put organizations at an increased risk from network security threats. Therefore, understanding what factors motivate teleworkers to plan their security behaviors deliberately and being aware of the security risks are central to help information security managers solve behavioral issues in information security management.
In the information security literature, prior studies have suggested that organizations capable of effectively improving their employees' information security awareness (ISA) have successfully reduced security risks led by employees' improper behaviors [11][12][13][14]. An increasing number of organizations invest heavily in information security training programs to foster and improve their employees' ISA [8]. Compared with office work, ISA plays a more critical role in shaping employees' information security behaviors in a telework environment for three reasons. First, the ISPs of some organizations do not or vaguely describe how to ensure information security in a telework environment, which increases the possibility of risks caused by teleworkers' improper behaviors. Second, some employees' information security knowledge is relatively deficient, resulting in their lack of ability to identify the security risks associated with telework. Third, home-based telework may bring some unique security risks to the organization. For example, important customer data may be intercepted during transmission between the organization and the teleworker's smart device. However, not much work has been performed in exploring the factors facilitating ISA in the telework environment. Therefore, handling telework security risks by improving employees' ISA is a thorny issue for many organizations during the COVID-19 pandemic.
Recent empirical studies have identified and examined some factors that influence employees' ISA in the traditional workplace. For example, individual difference variables, such as age, gender, education, personality, risk-taking propensity, learning style, and habits of internet usage are associated with employees' ISA [15][16][17]. Furthermore, organizational variables, such as leadership, organizational trust, organizational culture, management participation, and ISA programs have remarkable effects on employees' ISA [12,18,19]. These studies have confirmed that these individual and organizational factors influence employees' ISA in organizational ISP scenarios (i.e., employees undertake their work tasks in an office environment). Past research has explored some individual and organizational factors that influence employees' ISA in the office. However, limited research has examined factors that may affect employees' ISA in a telework environment, a different way of working.
Following the analysis above, this study aims to explore the factors related to employees' ISA in the telework environment based on the knowledge-attitude-behavior (KAB) model and knowledge inertia theory. This line of enquiry fills critical gaps in the literature. First, the KAB model is usually used to explore whether these three factors are related to individuals' information security beliefs in recent years [16]. Compared with other theories, such as the theory of planned behavior (TPB), the KAB model factors are directly related to what employees think, know, or do about information security issues [20,21]. Additionally, TPB is often used to study the effects of three kinds of beliefs (including behavioral beliefs, normative beliefs, and control beliefs) on human behaviors rather than on the ISA [11]. Therefore, we argue that the KAB model provides a more solid theoretical framework than TPB for examining the variables affecting employees' ISA in a telework context. However, whether these factors influence employees' ISA in the telework environment remains under-researched. Thus, verification of the KAB model as applied in this way is still necessary. Second, models that consider individual inertia factors to better understand employees' ISA in a paradigm swing must be developed and tested from the normal way of working to teleworking. The reason is that switching from the traditional way of working to teleworking influences employees' technical and social knowledge [22]. Therefore, drawing on the KAB model and knowledge inertia theory, this study postulates that an employee's ISA is influenced by knowledge, attitude, behavior, experience, and learning inertia. The influence factor "behavior" in the current study refers to the expected employees' behaviors described in the telework security guidelines by the organization.
The structure of this paper is as follows. The next section reviews the relevant literature and theoretical background. Section 3 presents the research model and hypotheses. Section 4 introduces the methodology. Section 5 presents the findings. Section 6 demon- strates the critical discussion and conclusions for the implications, limitations, and future research directions.

Theoretical Background
The logic for our theoretical model is influenced by the paradigm swing from the usual way of work to telework. The overall rationale for the model is that the improvement of ISA needs the support of employees' perceptions from the aspects of knowledge, attitude, and behaviors. When facing information security issues, employees generally resort to prior knowledge and experience for solutions. Thus, our study aims to explore the factors influencing employees' ISA in the telework environment rooted in the KAB model and knowledge inertia theory. A lack of a clear conceptual definition can harm constructs' original meanings and increase the risk of different interpretations [23]. Thus, we describe the elements of our theoretical model in the following section.

Information Security Awareness (ISA)
Information security researchers have defined ISA from different perspectives. For example, ISA can be defined as the extent to which employees understand the significance of their organizations' information security policies, rules, and guidelines, and the extent to which they behave following these policies, rules, and guidelines [14,24]. In addition, ISA refers to the focus of employees' intentions in security to recognize security concerns and respond appropriately [8].
Our interest lies in examining employees' ISA in a telework environment. Considering that many organizations' ISPs do not thoroughly describe telework requirements at this stage, this study combines these two definitions and defines ISA as employees' attention on security, seeking to understand the importance of information security to recognize security concerns and respond appropriately in the telework environment.

KAB Model
The KAB model includes three basic components, i.e., knowledge, attitude, and behavior. It has been widely applied to studies on information security to explain employees' ISA change [14,25,26]. In the KAB model, knowledge focuses on what an employee knows, attitude focuses on what an employee thinks, and behavior is about what an employee does [20,26,27]. Prior empirical studies have indicated that the KAB model helps predict employees' perceptions of information security.
In the context of information security management, knowledge reflects employees' cognition of information security, attitude reflects how employees view information security, and behavior reflects the actions employees should take when facing information security risks. Considering that many employees have not experimented with teleworking before, taking into account the instructions concerning the potential information security challenges of teleworking is necessary. Based on this description, we argue that attitude, knowledge, and behavior influence employees' ISA in the telework environment.

Knowledge Inertia
The term inertia comes from physics, which means objects continue in a state of reset or uniform motion unless interrupted by outside forces [28]. In recent years, inertia is often used to describe to individuals how to tackle their work tasks or issues in a hyperdynamic environment [29,30]. The phenomenon of inertia in individual cognition, namely, knowledge inertia, refers to the systematic problem-solving strategy using past knowledge and experience until the situation is no longer feasible [28]. Furthermore, employees must actively acquire new knowledge and methods to solve their work problems, breaking the inertia [31].
Although previous studies have distinguished different forms of inertia within the knowledge inertia [29,31], our analysis of knowledge inertia focuses on the working environment change from workplace to telework. We thus divide knowledge inertia into experience and learning inertia, according to Xie et al. [31], given the dynamic environment. Specifically, experience inertia refers to resorting to prior experience and knowledge when facing situations in telework. In contrast, learning inertia refers to acquiring new knowledge and methods to solve telework problems and thus breaking the inertia of thinking in terms of working in the office.

Research Model and Hypothesis Development
Building on the theoretical background literature discussed above, we propose our research model and hypotheses, as shown in Figure 1. The research model illustrates the relationship between knowledge, attitude, behavior, experience inertia, learning inertia, and employees' ISA. Furthermore, this model presents gender, age, and education as control variables. In the following sections, we detail the relationships among different factors and ISA. employees must actively acquire new knowledge and methods to solve their work problems, breaking the inertia [31].
Although previous studies have distinguished different forms of inertia within the knowledge inertia [29,31], our analysis of knowledge inertia focuses on the working environment change from workplace to telework. We thus divide knowledge inertia into experience and learning inertia, according to Xie et al. [31], given the dynamic environment. Specifically, experience inertia refers to resorting to prior experience and knowledge when facing situations in telework. In contrast, learning inertia refers to acquiring new knowledge and methods to solve telework problems and thus breaking the inertia of thinking in terms of working in the office.

Research Model and Hypothesis Development
Building on the theoretical background literature discussed above, we propose our research model and hypotheses, as shown in Figure 1. The research model illustrates the relationship between knowledge, attitude, behavior, experience inertia, learning inertia, and employees' ISA. Furthermore, this model presents gender, age, and education as control variables. In the following sections, we detail the relationships among different factors and ISA.

KAB Model and ISA
As mentioned above, knowledge reflects an employee's cognition toward information security. It interacts with the organization's systems and conducts relevant procedures and daily work tasks [14]. Prior studies have shown that information security knowledge profoundly impacts employees' behavioral intentions and decisions, which are very important for reducing information security risks [32][33][34]. With their employees unexpectedly performing tasks outside of the workplace, many organizations feel overwhelmed with telework security. In such a case, an overlooked training or education program about information security may lead to a lack of knowledge among employees [17,35], resulting in their poor judgment and handling risks associated with telework. Organizations could establish formal and informal communication channels to provide support to improve employees' knowledge of telework security. Once employees have information security knowledge, they will be equipped with ISA and thus meet

KAB Model and ISA
As mentioned above, knowledge reflects an employee's cognition toward information security. It interacts with the organization's systems and conducts relevant procedures and daily work tasks [14]. Prior studies have shown that information security knowledge profoundly impacts employees' behavioral intentions and decisions, which are very important for reducing information security risks [32][33][34]. With their employees unexpectedly performing tasks outside of the workplace, many organizations feel overwhelmed with telework security. In such a case, an overlooked training or education program about information security may lead to a lack of knowledge among employees [17,35], resulting in their poor judgment and handling risks associated with telework. Organizations could establish formal and informal communication channels to provide support to improve employees' knowledge of telework security. Once employees have information security knowledge, they will be equipped with ISA and thus meet the security needs for work and can identify the potential risks on the device they use to telework. Thus, we hypothesize the following:

H1.
Knowledge is positively associated with employees' ISA.
Within the information security field, attitude reflects what an employee thinks about the organization's information security management [26,36]. Employees' wrong attitude toward information security leads to their incorrect perception of information security risks [37]. Conversely, once employees understand the consequences of information security risks, their attitude toward information security changes [38]. In such a situation, employees promote a security-conscious attitude and remain alert when faced with information security risks. This feature has been demonstrated using an analysis of Internet-of-things usage behaviors and security awareness in users [39]. In the context of this study, employees who hold a positive attitude toward telework security are likely to embody a high level of ISA. Thus, the following hypothesis is proposed: H2. Attitude is positively associated with employees' ISA.
In this study, behavior refers to what an employee should do according to the organization's information security guidelines concerning telework. Prior studies on IS have indicated that rules and guidelines for the appropriate use of information security resources within the organization are crucial in cultivating employees' ISA [8,40]. Several organizations developed comprehensive training workshops to arm their employees with the skills and tips during telework, including information security precautions. Many employees have been trained on handling information risks, thereby raising their awareness of the consequences of their inappropriate actions. For example, employees informed to perform a particular secure practice (e.g., password protection) may become aware of their security role in protecting the organization's other information resources [15,41,42]. Similarly, improving employees' ISA by clearly informing employees of the secure usage behavior of devices and systems is beneficial in the telework scenario. Thus, the following hypothesis is proposed: H3. Behavior toward following guidelines is positively associated with employees' ISA.

Knowledge Inertia and ISA
Knowledge inertia includes experience and learning inertia [31]. On the one hand, employees' experience inertia relies on their existing knowledge structure, experience, and sources, which help them identify and handle telework security risks. For example, the organization has rules or policies concerning personal smart devices for work in the office space. These rules or guidelines are applicable in the use of employees' own devices to work remotely. Therefore, employees with strong experience inertia refrain from breaking any rules and think twice before committing any unauthorized work behaviors in a telework environment. On the other hand, employees' learning inertia depends on exploring and acquiring new ideas, knowledge, and methods to solve problems they meet in a telework setting. Thus, employees with strong learning inertia tend to seek new knowledge and methods to improve their telework skills and capability. Overall, employees with considerable experience and learning inertia can seek sources of knowledge and attempt to seek ways of maintaining their telework security. Hence, the study presents the following hypotheses: H4. Experience inertia is positively associated with employees' ISA.

H5.
Learning inertia is positively associated with employees' ISA.

Sample and Data Collection
Data used to test the research model were collected through an online survey method. Given our focus on the impact of factors on employees' ISA in a telework environment, ensuring that these participants have experience working remotely is important. Therefore, this study's survey was conducted with support from a certification authority offering IT-related services in Beijing, China. We distributed online questionnaires to employees who worked from home during the COVID-19 pandemic. The participants are full-time employees from various organizations in China. Temporary workers and retirees are not considered in the sample by setting a filter question to ensure that selected respondents Electronics 2022, 11, 3458 6 of 14 had sufficient experience in telework. Participation in the survey was voluntary and anonymous, and no bonus incentive was provided for participants.
The respondents filled out the questionnaire based on their home-based telework experience. From an initial sampling of 420 employees, 373 responses were received. We excluded 68 responses due to missing values. Finally, 305 valid responses were collected with a reasonable response rate of 72.6%. A possible nonresponse bias was needed to be addressed. We compared the first 25% and the last 25% of respondents' data using a chi-squared test of the critical measurement items. No significant differences were found between the two groups. Thus, we concluded that nonresponse bias was not an issue in this study. Table 1 presents the demographic characteristics.

Measurement Items
The measurement items for the variables were adapted from prior studies and some terms were fine-tuned to suit the research context of telework. We increased content validity and assessed the clarity of the questions by verifying the measurement items using a two-step procedure. First, we invited four academic domain experts in information security management to assess the content validity of the items. After refining the items according to their suggestions, we distributed the questionnaire to three managers familiar with information security to further validate the items. All measures used a five-point Likert-type scale (1= strongly disagree, 3 = neutral, and 5 = strongly agree).
Knowledge was measured using the three-item scale adapted from Kaur and Mustafa [26]. Attitude was measured using the three-item scale adapted from Ahlan et al. [21]. A threeitem scale for behavior was adapted from both Ahlan et al. [21] and Kaur and Mustafa [26]. Knowledge inertia was divided into two dimensions, namely, experience and learning inertia. Experience and learning inertia were measured using three indicators drawing on the findings of Xie et al. [31]. Employees' ISA was measured using the four-item scale adapted from Bulgurcu et al. [24] and Sillic [29]. Finally, gender, age, and education were identified as control variables. Appendix A provides the measurement items for each construct.

Data Analysis and Results
In this study, we analyzed the research model and tested the hypotheses by using the partial least squares (PLS) technique for three reasons. First, the PLS method can specify and test path models with latent constructs. Second, the PLS method can be used to address a small sample size [43]. Finally, this study employed the PLS method because it is suitable for predictive applications and theory building [44,45]. In particular, we used SmartPLS version 2.0 for model validation and analyses.

Measurement Model
We tested the quality of the measurement model for reliability, convergent validity, and discriminant validity [46]. Table 2 shows that Cronbach's alpha values for all constructs Electronics 2022, 11, 3458 7 of 14 were higher than the general criteria of 0.7, indicating that the items are reliable measures for their perspective constructs. That is, the instruments have good internal consistency reliability. All factor loadings are above 0.8, suggesting positive individual item reliability. These values indicated positive reliability for all constructs. Furthermore, confirmatory factor analysis was used to evaluate convergent and discriminant validity. Table 2 shows that the composite reliability (CR) for all constructs exceeded 0.8, which was more than the recommended score of 0.7. The average variance extracted (AVE) for all constructs are above 0.5, indicating high reliability and adequate convergent validity. As shown in Table 3, the correlation between the construct and other constructs is lower than the square root of AVE for each construct, suggesting good discriminant validity of the measurement model. Based on these results, our measurement model has sound reliability and validity.

Common Method Variance (CMV)
This study used a single questionnaire survey to collect data for all latent constructs at one point in time, which may lead to CMV. This study took two steps to detect the CMV problem. First, we used Harman's one-factor test to conduct an exploratory factor analysis. The results indicated that the first factor only accounted for 45.036% of the total variance. Second, following Podsakoff et al. [47] and Liang et al. [48], we assessed CMV in PLS. Table 4 shows the result, which indicates that the proportion of variance in each observed indicator explained by its focal construct exceeded the variance explained by the method factor. Furthermore, the average substantively explained variance of the indicators Electronics 2022, 11, 3458 8 of 14 was 51.2% versus 2.4% for the method constructs, suggesting that CMV was not a major concern in this study.  Table 2 indicates that the correlation values of the five inner constructs are above 0.6. Thus, we needed to compute the variance inflation factor (VIF) to eliminate any potential threat of multicollinearity. The results revealed that the highest VIF score was 4.57 (see Table 5), below 5.0 [49]. Therefore, multicollinearity was not a major concern in this study.

Hypothesis Testing
After confirming that all the measurement items have positive reliability, convergent validity, and discriminant validity, we tested the hypotheses in the research model using structural equation modeling with SmartPLS version 2.0. The results indicated that the model could explain 79.6% of the variance of employees' ISA. Table 6 summarizes the results of the hypothesis tests.
The results also indicated that experience inertia has no significant effect on employees' ISA, rejecting H4 (β = 0.070, p > 0.05), and that learning inertia was positively related to employees' ISA, supporting H5 (β = 0.416, p < 0.001). Three control variables exist in the research model: gender, age, and education. Considering that the number of control variables exceeded one, we conducted three tests following Liang et al. [48]. Specifically, each test only involved one control variable as an independent variable. When three control variables were included in the research model for testing, the results showed that the coefficients of the three control variables were insignificant (t values were 0.461, 0.996, and 1.235). Therefore, three control variables had no statistically significant effect on employees' ISA.

Discussion and Implications
Drawing on factors from the KAB model and knowledge inertia theory, this study investigates the impact of knowledge, attitude, behavior, experience inertia, and learning inertia on employees' ISA in the telework environment. We tested the research model with the data of 305 full-time teleworkers from various organizations in China. The key findings of this study are threefold. First, knowledge, behavior, and learning inertia positively influence employees' ISA in the telework environment. The findings revealed that employees' ISA in the telework environment can be predicted by their telework security knowledge, behavior, and learning inertia. The inclusion of two domain factors (i.e., knowledge and behavior) in the KAB model were supported. The findings also indicated that learning inertia is a factor influencing employees' ISA, emphasizing the significance of learning new telework knowledge and procedures. Second, attitude and experience inertia have no significant impact on employees' ISA in the telework environment. These results did not match our theoretical expectations, which may be related to the probability that the influence of attitude and experience inertia could not be evident in the short term telework during the COVID-19 pandemic. Another possible explanation is that employees in the early stages of telework, employees were not fully informed about telework security. Third, learning inertia plays the most crucial role in motivating employees' ISA in the telework environment. This is in line with the notion that employees with greater learning inertia can seek new ways to solve problems in a new environment [31]. These findings offer insight into the factors facilitating employees' ISA in the telework environment. They also answer the call of Ogutcu et al. [15], Tsohou et al. [50], and Van de Schyff and Flowerday [51] to apply various theories and constructs in the IS research to explore factors influencing employees' ISA in different contexts.

Theoretical Implications
Our study makes important contributions to the emerging body of knowledge about information security's behavioral and organizational issues, including employees' ISA, the KAB model, and knowledge inertia. First, the extant literature has investigated factors rooted in individual differences and organizational management to explain employees' ISA in the usual way of work. To the best of our knowledge, the present study is one of the first to examine factors that influence employees' ISA in a telework environment. The results offer a theoretical explanation and empirical support for the positive impact of knowledge, behavior, and knowledge inertia on employees' ISA in the telework environment. Our results provide an opportunity for information security studies to develop information security training for other flexible ways of work, such as telework.
Second, although the KAB model has been extensively applied in the prior information security literature, the role of knowledge in prompting employees' ISA has been neglected. Ahlan et al. [21] provided some preliminary empirical evidence that knowledge can significantly prompt ISA. However, few studies have explored whether knowledge influences employees' ISA in a telework environment. The nature of some occupations makes performing away from the standard worksite possible. Thus, exploring the impact of knowledge on employees' ISA in the telework environment is necessary. In this study, the empirical results reveal the positive relationship between knowledge and ISA in the telework environment. This finding confirms the vital role of knowledge in improving employees' ISA in a telework environment, which extends the application of the KAB model to a telework environment.
Third, our study contributes to the knowledge inertia literature. Today's hypercompetitive environment drives employees to pursue constant training on new IT knowledge, such as cloud computing and big data. However, few studies have explored individual learning inertia in the information security literature [29]. By applying the knowledge inertia framework of Xie et al. [31], we proved that learning inertia is positively associated with employees' ISA. This finding highlights the critical role of learning inertia in shaping employees' awareness and behaviors, extending the IS literature from knowledge inertia. Thus, lengthening the organizational learning literature by establishing connections between employees' ISA with learning factors from knowledge inertia theory is possible.

Practical Implications
This study also has some significant practical implications for organizations to handle telework security risks. Our study shows that knowledge is an important antecedent to employee's ISA. Organizations may need to establish formal and informal communication channels for teleworkers to help them increase knowledge on information security or answer their questions during their telework. For example, suppose employees see unusual activity on the device they use in teleworking. They will know how to handle this problem and report it to the security operations center. Furthermore, organizations previously familiar with telecommuting and those that have not tried it before need to update their existing policies with practical recommendations.
Our study also confirms the positive role of behavior toward following the organization's telework security guidelines in improving employees' ISA. For organizations with a high demand for information security, required employee information security behaviors in different positions should be described thoroughly in telework. Furthermore, organizations must emphasize the importance of complying with rules or policies regarding telework. For example, employees should be informed how to access and secure important customer data using their own devices. Therefore, we suggest that organizations design appropriate security education, training, and awareness (SETA) programs to improve employees' ISA in the telework environment.
An interesting finding of this study is that learning inertia is positively associated with ISA, whereas experience inertia has no significant effect on ISA. This finding implies that employees' previous experience with information security inside the office space does not work in a telework environment. To enhance the impact of learning inertia, organizations may need to help their employees acquire new knowledge, methods, and skills around handling telework security risks. Furthermore, organizations must encourage employees to establish a dynamic learning mechanism to expand their knowledge sources and scope relevant to telework. Therefore, we believe that information security managers need to reassess old working habits and learn new skills to manage the situation better and prevent information security threats in the telework environment.

Limitations and Future Research Directions
Similar to most other empirical studies, this study suffers from a few limitations that offer opportunities for future research. First is the narrow set of constructs used to explain employees' ISA. Our adherence to the KAB model and knowledge inertia theory as the theoretical lens restricted the choice of constructs. Many other predictors exist as opportunities for future research with various theoretical perspectives. For example, whether the positive or negative emotions experienced by employees working remotely affect their ISA. Therefore, future studies can address this limitation using various theories. Second, the sample population for our data originated from various organizations in China. Thus, a cross-culture study could be conducted to investigate the research model further. For example, employees from a culture that emphasizes individualism may opt to place personal interests first, whereas the opposite is true for employees with a collectivist mindset [45]. Therefore, future studies can address this limitation by collecting data from different cultural backgrounds. Third, the control variables in this study (i.e., gender, age, and education) are crucial and may interact with other factors to influence employees' ISA in the telework environment. Future research could study the control variables in-depth such as the industry type of the sample, which may provide further implications. Finally, the items we used to measure the influence factor of "behavior" are those specified in the organization's telework security guidelines, not actual employee behavior. While the factorial survey design enables us to overcome some of the weaknesses of survey-based research, future studies should examine employees' actual telework security behaviors. Additionally, future research may reduce the time required to complete the questionnaire. By doing this, we may exclude non-serious responses, which could change the results.

Conclusions
The question of how to effectively improve employees' ISA has received increasing attention from academics and practitioners in recent years. This study provides knowledge about factors that influence employees' ISA in the telework environment. On the basis of the KAB model and knowledge inertia theory, we developed and empirically tested a theoretical model that linked knowledge, attitude, behavior, experience inertia, learning inertia, and ISA. Using the PLS method with data collected from 305 employees from various organizations in China; knowledge and behavior were found to be positively associated with ISA, whereas attitude had no significant effect on ISA in the telework environment. Furthermore, learning inertia is positively associated with ISA, whereas experience inertia has no considerable impact on ISA in the telework environment. These findings add cumulative knowledge to the research in the field of individuals' ISA and telework security. They also provide organizations with practical implications for improving information security management by implementing information security awareness programs for their teleworkers.

Construct Items
Knowledge I know the information security risks associated with telework. I have the necessary knowledge to handle information security in my working situation. Internet access on the organization's system is a corporate resource and should be used for business purposes only.

Attitude
In my view, using a strong password to protect the device is wise. The thought of using an antivirus program is appealing to me. Using the Firewall system at telework is a good idea.

Behavior
Before reading an email, it is necessary first check if the subject and the sender make sense. It is necessary to pay attention to anti-virus updates before using a personal computer to work. Sharing your password for the organization's systems is not allowed.
Experience inertia I will use past knowledge and experience to solve new problems. I rely heavily on past knowledge or experience in my work. I often learn from past experience.
Learning inertia I generally resort to the same source for new knowledge. My organization offers me opportunities to learn new concepts and methods. I am scared of new knowledge and ideas that I do not understand.

Information security awareness
Overall, I am aware of the potential security threats and their negative consequences. I have sufficient knowledge about the cost of potential security problems. I understand the concerns regarding information security and the risks they pose in general. I know my responsibilities as detailed in the rules/policies/guidelines to enhance the telework security of my organization.