Research Article Factors Affecting Corporate Security Policy Effectiveness in Telecommuting

,


e Increase of Telecommuting and Cyber Risk due to
ere has been a significant increase in teleworking practices in most companies worldwide after the COVID-19 pandemic. Only 29% of the waged and salaried employees in the United States could work from home in 2017 and 2018, that is, before the COVID-19 pandemic [1]. However, a Gartner survey of 317 CFOs on March 30, 2020, revealed that three-quarters of respondents plan to turn over at least 5% of their staff into teleworking permanently post-COVID-19 [2]. Baker [3] also said in July 2020 that 82% of CEOs also would map out a plan of relocating their staff to remote work.
Meanwhile, there was a 21% year-on-year increase in cyberattacks in the first quarter of 2020 itself [4]. In addition, according to the KISA (Korea Internet and Security Agency) survey report of May 2020, 51.57% of the 1623 respondents said that they had experienced hacking attempts and malicious code infections while telecommuting [4]. Also, the threat such as spear phishing employing malicious URLs is on the rise [5]. All systems of corporations connected to the Internet are vulnerable to cyberattacks (especially DDoS), and high value systems are more likely to be attacked owing to economic benefits [6]. Rubinstein [7] said that corporations need to take technical measures as well as expand their job training programs, to prevent potential hazards associated with telecommuting environments.

e Need for Research on New Environment.
Several corporations have adopted relentless efforts to develop security policies and assorted control systems, as well as invested considerable time and money to secure their primary assets from both external and internal threats. However, there are limited studies that help improve the effectiveness of information security policies in a wellcontrolled office space based on the theories of formal and informal control. It seems that the security controls according to these existing studies do not work exactly against the cyber threats that emerged in the COVID-19 pandemic.
According to D'Arcy et al. [8], an information security policy is the same as social rules. erefore, just as social rules change according to the environment, the same is true for information security policies. Moreover, telecommuting security policies must be distinguished from existing security policies because the cyber threats during COVID- 19 have not been previously observed in secure and well-controlled office spaces. at is why a new environment requires new controls.
To counter the unpredictable risks that have emerged during the volatile COVID-19 crisis, in this work, we propose a model based on social control theory, formal control, and general deterrence theory. We collected data from 207 experienced employees working in different telecommuting environments. e survey data confirmed the importance of specification and mandatoriness of policies in developing an effective information security policy for corporations: specification is to describe clearly and definitely security polices and mandatoriness is the degree to which individuals comply with security policies. As it was important to specify well security policy in mandatoriness in previous research, we also tried to find out the relation with specification and mandatoriness in telecommuting.

Literature Review.
Numerous studies have been conducted on the factors affecting the effectiveness or implementation of security policies. We have taken a careful note of these studies, which utilized social control theory, formal control, and general deterrence theory, and built upon them to upgrade the security level and prevent information security breach from unknown cyber threats such as hacking and cyberterrorism within an organization.
Social control theory proposes that the effectiveness of a security policy is influenced by the following four factors: attachment, involvement, belief, and commitment [9]. Attachment is the close relationship with others at work. Involvement is the time and energy that employees invest in company activities. Belief is the degree to which workers think that taking certain behaviors is morally correct. Commitment is the employee's recognition of and devotion to one's role in company. According to formal control and general deterrence, a fear of punishment induces criminal deterrence, which can serve as an important strategy in cybersecurity [10]. In general, it has been shown that strict security control and a fear of punishment encourage employees to abide by security policies. In particular, D'Arcy and Devaraj [11] suggest that employee awareness plays a critical role in security control.
Lemay et al. [12] said that recent research studies about information security were concentrating on stimulating protective behaviors in users of information technology. According to Hsu et al. [9], extrarole behaviors and social control (i.e., social bonds) are mandatory to optimize the security policies of an organization. Moreover, it is necessary to encourage employees to follow security policies [9,[13][14][15][16]. Given that there are numerous examples of conflicts among members of an organization concerning inrole behaviors in the lack of organizational extrarole behaviors, we agree in part that Hsu et al. [9] emphasize the necessity of extrarole behaviors and social control for an effective information security policy.
Social controls that induce the fear of punishment play a decisive role in reducing the chances of information leakage according to general deterrence theory [8]. Moreover, user awareness regarding security policies, security education, training, and awareness (SETA) programs, and computer monitoring is likely to decrease the misuse of information systems, and the severity of sanctions outweighs the certainty of sanctions [8]. In addition, security education programs that provide employees with more information on security have been shown to have a positive impact on the effectiveness of security policies [10]. e best policy for users is to be aware and take the necessary precautions to maximize the effectiveness of a security policy [17].
However, one of the studies found that formal control did not affect the effectiveness of security policies. For example, the survey conducted by Wiant [18] on 140 information system managers revealed that the strategic application of a security policy is independent of the volume of security incidents or the reduction in accident severity. Moreover, Lee et al. [10] found that security policies and security systems do not have any influence on computer misuse.
As shown in Table 1, the aforementioned studies mainly focused on the security concerns arising in a limited office environment with the aim of preventing illegal behaviors and implementing security policies. However, our study takes a different approach to determine how the COVID-19 pandemic changes the implementation of security policies under exceptional circumstances, such as telecommuting environments. Figure 1, the aim of our research model was to study the effects of both mandatoriness and extrarole behaviors on the effectiveness of telecommuting security policies. In addition, mandatoriness and extrarole behaviors were hypothesized to be influenced by formal control, formal sanction, and informal sanction.

Research Model. As shown in
In the following sections, we discuss the model constructs and the underlying hypotheses in detail.

Effect of Formal Control on Telecommuting Security
Policies. Corporations tend to reinforce the desired security behaviors in their employees to achieve their security goals [13,19,20] by sending signals that make their employees feel obliged to implement the necessary controls. It has been shown that specifying the desired behaviors and corresponding outcomes is crucial for the implementation of controls [13,[19][20][21]. A security policy is a proposition regarding how the employees of an organization should conduct themselves and what are the consequences of their behaviors. A well-designed security policy is the first step toward outlining the core employee behaviors necessary to achieve the desired outcomes and a clear direction to enforce these behaviors [13]. erefore, we hypothesize the following: H1a: security policy specification affects positively the perceived mandatoriness in telecommuting environments H1b: security policy specification affects positively extrarole behaviors (e.g., helping and voice) in telecommuting environments Recalling the old saying in business, "Measurement leads to improvement," simply establishing policies and posting on office bulletin boards are not sufficient to effectively enforce the desired behaviors in employees [13,22,23]. Monitoring is a useful method that confirms the observance of security policies and is a way for the management to make their presence felt [13,24]. It also provides a means to surveil the employee system logs. Moreover, if there is no compliance monitoring, then the employees tend to overlook the security policies. erefore, monitoring has a positive ripple effect on employee awareness and it conveys the importance of security policy compliance as well. On this basis, we hypothesized the following: H2a: monitoring security policy compliance affects positively the perceived mandatoriness in telecommuting environments H2b: monitoring security policy compliance affects positively extrarole behaviors in telecommuting environments It is natural that employees expect a reward for observing corporate security policies [13,25]. Rewards, along with policy specification and compliance monitoring, encourage employees to conform to the security policies as well as to reinforce their behaviors [13,26]. In short, when there is no reward for complying with the regulations, there is no motivation for the employees to continue to do so. erefore, we hypothesized the following:

Factors
Hsu et al. [9] Social control and extrarole behaviors D'Arcy and Devaraj [11] Certainty and severity of sanctions D'Arcy et al. [8] Severity of sanctions, SETA, and computer monitoring Lee et al. [10] Induction control intention, involvement, and belief

Security and Communication Networks
H3a: rewards for security policy compliance affect positively the perceived mandatoriness in telecommuting environments H3b: rewards for security policy compliance affect positively extrarole behaviors (e.g., helping and voice) in telecommuting environments

Effect of Formal Sanctions on Telecommuting Security
Policies. e underlying concept of deterrence theory is that the threat of punishment will deter corporate members from engaging in illegal behavior. In an organization, punishment and disciplinary action against employees are the main tools to keep the corporate ship afloat [11,27]. Several studies on perceived-deterrence theory have shown that the severity and gravity of the imposed sanctions increase the effectivity of security policies [11,27,28]. Our study examined the levels of association in the effects of sanctions and security policies under telecommuting environments. Based on the preceding discussion, we hypothesized the following: H4a: severity of formal sanctions affects positively the perceived mandatoriness in telecommuting environments H4b: severity of formal sanctions affects positively extrarole behaviors in telecommuting environments H5a: certainty of formal sanctions affects positively the perceived mandatoriness in telecommuting environments H5b: certainty of formal sanctions affects positively extrarole behaviors in telecommuting environments

Effect of Informal Sanctions on Telecommuting Security
Policies. Deterrence studies have shown that perceived criticism from friends, family, or work colleagues influences the decision-making behavior of employees [11,28,29]. From a deterrence perspective, informal sanctions have an effect similar to formal sanctions regarding the costs to be paid by the violator [11,29]. us, we propose the following hypotheses: H6a: moral beliefs affect positively the perceived mandatoriness in telecommuting environments H6b: moral beliefs affect positively extrarole behaviors (e.g., helping and voice) in telecommuting environments

Effect of Mandatoriness and Extrarole Behaviors on Telecommuting Security Policies.
e objective of security policies is to improve corporate security protocols. However, there is a gap between the individual understanding of security policies and the level of observance depending on the type of method used [13,30]. One of the studies showed that only 60% of the employees in an organization adopted the Internet usage policy at face value and there exists a reasonable suspicion among employees regarding the significance of security policies [13,22]. e most compelling force that encourages employees to comply with corporate security policies is management expectations [13,31]. Hence, management expectations play a critical role in enhancing security policies in telecommuting. erefore, we propose the following hypothesis: H7: perceived mandatoriness affects positively the effectiveness of telecommuting security policies Although most employees follow corporate security policies, it is likely that some would fail to comply with a specific set of security requirements owing to their poor security awareness, incompetence, irresponsibility, or low self-efficacy. us, it is important that employees help each other abide by corporate security policies; otherwise, the weak links in the organization could undermine the overall security policy [9]. Without the cooperation of employees, corporate security policies are far from reality [9,15]. Moreover, chances are that the lack of engagement with extrarole behaviors could weaken the effectivity of security policies in telecommuting. It has been proposed that employees should be engaged in a positive manner to prevent each other from doing something wrong to enhance the effectivity of security policies. erefore, we propose the following hypothesis: H8: extrarole behaviors affect positively the effectiveness of telecommuting security policies

Study Design and Data Collection.
Given the unprecedented global situation owing to the COVID-19 pandemic, distinct datasets from various organizations in Korea who encouraged their employees to telecommute were used to test our model. We conducted a survey with 207 employees who telecommuted during the pandemic. Table 2 provides the detailed demographic information of the respondents.

Constructs and Measurement.
e effectiveness of telecommuting security policies during the COVID-19 pandemic was evaluated using five items adapted from Hsu et al. [9] and Knapp [32]. Mandatoriness was assessed using four items adapted from Boss et al. [13], while extrarole behaviors were assessed using six items adapted from Hsu et al. [9]. Security policy specification was evaluated to measure how specifically the policies were defined using nine items adapted from Hsu et al. [9], Boss et al. [13], and D'Arcy et al. [8]. Reward was assessed to measure the degree of compensation allotted to the employees for complying with security policies using four items adapted from Hsu et al. [9] and Boss et al. [13]. e severity and certainty of the sanctions were evaluated using five and six items, respectively, adapted from D'Arcy and Devaraj [11]. Moral belief was assessed using five items adapted from D'Arcy and Devaraj [11] (Table 3). Table 4, a confirmatory factor analysis was conducted to test the unidimensionality of the measurements. A set of measured

Measurement variables Item
Items on effectiveness of telecommuting security policies adapted from Hsu et al. [9] and Knapp [32] Policy effectiveness 01 In general, information in the organization is sufficiently protected while telecommuting. Policy effectiveness 02 Overall, the telecommuting information security policy is effective.
Policy effectiveness 03 e telecommuting information security policy achieves most of its goals.
Policy effectiveness 04 e telecommuting information security policy accomplishes its most important objectives.
Policy effectiveness 05 e telecommuting information security policy has kept security losses to a minimum.
Items on mandatoriness adapted from Boss et al. [13] Mandatoriness 01 I am required to secure my system according to the organization's documented policies and procedures while telecommuting.

Mandatoriness 02
It is expected that I will take an active role in securing my computer from cyberattacks (e.g., hacking, virus infection, and data corruption) while telecommuting.
Mandatoriness 03 ere is an understanding that I will comply with the organizational security policies and procedures regarding telecommuting.

Mandatoriness 04
Regulatory compliance requirements (e.g., FERPA, HIPAA, and Sarbanes-Oxley) motivate me to follow the organization's IT security policies, procedures, and guidelines regarding telecommuting to the best of my ability.

Measurement variables Item
Items on specification adapted from Hsu et al. [9], Boss et al. [13], and D'Arcy et al. [8] Specification 01 ere are written rules on the security policies and procedures followed by the organization regarding telecommuting. Specification 02 I am familiar with the organization's IT security policies, procedures, and guidelines for telecommuting. Specification 03 e organization's existing policies and guidelines cover how to protect my computer system while telecommuting.
Specification 04 I am required to know many written procedures and general practices to secure my computer system while telecommuting.

Specification 05
My organization has specific guidelines regarding the acceptable use of e-mail while telecommuting. Specification 06 My organization has established rules regarding the use of computer resources while telecommuting.

Specification 07
My organization has a formal policy that forbids employees from accessing computer systems that they are not authorized to use while telecommuting. Specification 08 My organization has specific guidelines regarding the acceptable use of computer passwords while telecommuting. Monitoring 06 I believe that my organization actively monitors the content of e-mail messages exchanged by telecommuting employees. Items on reward adapted from Hsu et al. [9] and Boss et al. [13] Reward 01 I will receive a personal mention in oral or written reports if I comply with the security policies and procedures at this organization while telecommuting.
Reward 02 I will be given monetary or nonmonetary rewards for following security policies and procedures while telecommuting.

Reward 03
Tangible rewards depend on whether I follow the organization's IT security policies, procedures, and guidelines while telecommuting.

Reward 04
My pay raise and/or promotion depend on whether I follow the documented security policies and procedures while telecommuting. Items on extrarole behavior adapted from Hsu et al. [9] Extrarole 01 Employees of this department volunteer to engage in security policy-related behaviors while telecommuting. Extrarole 02 Employees of this department help each other to learn about the telecommuting security policies. Extrarole 03 Employees of this department help orient new employees to the telecommuting security policies.
Extrarole 04 Employees of this department develop and make recommendations concerning telecommuting information security policies that affect the entire organization.
Extrarole 05 Employees of this department speak up and encourage others in the organization to become more involved in telecommuting information security policies that affect the entire organization.
Extrarole 06 Employees of this department voice their opinion about new strategies or changes made to the telecommuting information security policies. Items on perceived severity adapted from D'Arcy and Devaraj [11] Perceived severity 01 Severe responsibilities should be taken for accessing personnel systems using administrator passwords while telecommuting. Perceived severity 02 Accessing unauthorized systems while telecommuting will result in disciplinary action.
Perceived severity 03 Severe responsibilities should be taken for revising personal overtime records using administrator passwords while telecommuting.
Perceived severity 04 Severe responsibilities should be taken for installing unauthorized software on corporate computers while telecommuting.
Perceived severity 05 Severe responsibilities should be taken for sending inappropriate emails to colleagues from the corporate email account while telecommuting. Items on perceived certainty adapted from D'Arcy and Devaraj [11] Perceived certainty 01 Accessing personnel systems using administrator passwords while telecommuting will be discovered. Perceived certainty 02 It is likely that companies will detect the employees who access unauthorized systems while telecommuting. Perceived certainty 03 Revising personal overtime records using administrator passwords while telecommuting will be discovered. Perceived certainty 04 Installing unauthorized software on corporate computers while telecommuting will be discovered.
values, such as CMIN (Minimum Chi-square), DF (Degree of Freedom), p, RMR (Root-Mean-Square Residual), GFI (Goodness-of-Fit Index), AGFI (Adjusted Goodness-of-Fit Index), CFI (Comparative Fit Index), NFI (Normed Fit Index), and RMSEA (Root Mean Square Error of Approximation), was used to assess the fit of the model to the data. To get the optimal value of reliability, problematic items with squared multiple correlation (SMC) values less than 0.4 in the initial question were dropped, and the process was repeated until the desired result was achieved. Our measurement model was analyzed based on the aforementioned confirmatory factor analysis, and the results are presented in Table 5. After optimizing the adequacy of the survey questions based on the SMC values, our data yielded the following results: CMIN � 141.727, DF � 99, p � 0.003, GFI � 0.934, AGFI � 0.886, CFI � 0.987, RMR � 0.046, NFI � 0.959, IFI � 0.987, and RMESA � 0.046. e value of p was found to be negative. However, the fit can be considered to be acceptable because the values of GFI, AGFI, CFI, NFI, and IFI were greater than 0.9 (note that AGFI was larger than 0.85), the value of RMR was less than 0.05, and the value of RMSEA was less than 0.1. As seen from Table 5, Cronbach's alpha was greater than 0.7 (i.e., between 0.883 and 0.949), which indicates that the items have high internal consistency.
As shown in Table 6, a reliability analysis was performed using two tests: convergent validity and discriminant validity. Construct reliability was used to assess the convergent validity [33], and the average variance extracted (AVE) was used to assess the discriminant validity [34]. e construct reliability values obtained were greater than 0.7, which establishes convergent validity. Moreover, the AVE of all constructs was found to be greater than the square root of the largest correlation coefficient (which is 0.621 in this case), which establishes discriminant validity according to the criterion of Fornell and Larcker [34].

Results
is model was created with the assumption that the parameters shown to have the most influence in the existing research models in literature review would indicate different influences in telecommuting. Initially, we considered SETA

Measurement variables Item
Perceived certainty 05 It is likely that companies will detect the employees who install unauthorized software on corporate computers while telecommuting.
Perceived certainty 06 Sending inappropriate emails to colleagues from the corporate email account while telecommuting will be discovered. Items on moral belief adapted from D'Arcy and Devaraj [11] Moral belief 01 If the password to a system that contains the payroll information of all employees is known, then it is morally permissible to access the system while telecommuting.

Moral belief 02
It is morally permissible to revise personal overtime records using administrator passwords while telecommuting.

Moral belief 03
It is morally permissible to install unauthorized software on corporate computers while telecommuting.

Moral belief 04
It is morally permissible to send inappropriate emails to colleagues from the corporate email account while telecommuting. (security education, training, and awareness) program and social desirability pressure which put pressure on doing what society wants as main parameters. However, in the model construction process, they were removed for model optimization. In addition, we tried to analyze more diverse hypothesis paths, but the paths that did not fit the model were removed. erefore, this model has limitations in not being able to verify all parameters and all hypothesis paths. e proposed hypotheses were tested using structural equation modeling, which was performed using Analysis of Moment Structures (AMOS), a widely used statistical software package, along with LISREL: LISREL is a representative program for a long time, but it is difficult to use than AMOS. AMOS was selected for its convenient graphical user interface (GUI) compared to LISREL, in which users are required to create separate data files for each model. Also, AMOS is free for data compatibility with SPSS and Excel. As shown in Table 7, our proposed model shows how the impact of control factors under normal circumstances differs in a different working environment, namely, telecommuting. As seen from Figure 2 and Table 8, the estimates from the structural equation modeling are within tolerable levels for the proposed model, such that CMIN � 142.987, CMIN/DF � 1.388, p � 0.006, GFI � 0.933, AGFI � 0.889, CFI � 0.988, RMR � 0.051, RMSEA � 0.043, NFI � 0.959, and IFI � 0.988. e values of chi-square were found to be negative. However, the model-fit can be considered to be acceptable with comparison to Table 9 because the values of GFI, AGFI, CFI, NFI, and IFI were greater than 0.9 (note that AGFI was larger than 0.85) and the values of RMR and RMSEA were less than 0.1.
However, the proposed hypotheses H2a (0.020, C.R. � 0.615), H2b (0.127, C.R. � 1.539), H3a (-0.012, C.R. �   We observe that specification indirectly affects telecommuting security policies via mandatoriness, which corresponds to a p value of 0.007. As seen from Table 10, we also investigated the moderating effect of the department (i.e., information security and other departments) on our hypotheses. Note that the difference in the number of degrees of freedom (DF) between the constrained and unconstrained models was 14 and the reduced chi-squared value (36.492) was greater than the corresponding reference value (23.68). Moderating effects were found to be significant (with p � 0.001). In particular, specification had a stronger effect on mandatoriness in the information security department compared to other departments.
Regarding the effect of sanctions on extrarole behaviors, the certainty of sanctions was more important in the information security department, whereas the severity of sanctions was more effective in other departments. In addition, specification affected more positively extrarole behaviors in the information security department than in other departments. Furthermore, reward affected intensely extrarole behaviors in the information security department than in other departments. Finally, mandatoriness was more effective in departments other than the information security department.
Specification of telecommuting security policies was found to directly affect mandatoriness and extrarole behaviors (H1a and H1b). Mandatoriness improved the effectiveness of telecommuting security policies (H7), and reward was found to directly influence extrarole behaviors (H3b). However, extrarole behaviors did not improve the effectiveness of telecommuting security policies (H8). Finally, specification had an indirect influence on the effectiveness of telecommuting security policies.

Discussion
In this study, we examined how the security control factors in a well-organized office environment are affected in a  Figure 2: Results of the model. All path coefficients are standardized estimates corresponding to p < 0.05 and C.R. > ± 1.96. Note that the C.R. values are within parentheses. Grayed-out arrows mean that hypotheses are not supported. telecommuting environment, which has become extremely common during the COVID-19 pandemic. Our analysis revealed that mandatoriness is a significant determinant of the effectiveness of telecommuting security policies compared to extrarole behaviors, which were considered to be more important by Hsu et al. [9]. It appears that working in an isolated space, separated from other employees, has a relatively variable effect. Our results confirmed that given the importance of mandatoriness in telecommuting environments, compulsory measures involving security technologies (e.g., virtual private network, one-time password, and virtual desktop infrastructure) should be implemented urgently. Moreover, it is recommended that organizations give more importance to their security control policies, such as prohibiting the use of screen capture tools and the data being stored into personal computers while teleworking.

Research Contributions.
Our study mainly focused on the effects of various control factors on corporate security policies in uncharted working environment caused by the COVID-19 pandemic. e employees of an organization serve an important role by driving one another to keep the office environment well organized and under control. However, they do not play a crucial role in telecommuting environments because they cannot serve the same purpose being isolated from social pressure. erefore, mandatoriness was found to affect intensely telecommuting security policies than extrarole behaviors. Furthermore, specification was found to play a crucial role in affecting mandatoriness compared to other control factors.
In addition, our findings show that telecommuting tends to cause moral hazard as well as awareness among employees to avoid sanctions and monitoring by organizations. Interestingly, we found that reward has a critical impact on extrarole behaviors, which agrees with the Korean culture of "saving face." Our study also found that different departments, including information security department and other departments, had different moderating effects. As shown in Table 10, factors such as specification, sanctions, reward, and mandatoriness differed depending on the department duties. Our study contributes to the current research on security policy-making processes and shows that security policymakers need to consider developing new policies beyond conventional security programs.

Limitations and Future Research.
Our study has a few limitations, which we discuss here. First, the use of a subjective assessment from respondents who telecommuted during the COVID-19 pandemic could lead to common method bias. is is because there is always a possibility that some respondents could have replied differently regarding the security controls in teleworking being better than those in conventional office environments. us, it would be better for future studies to examine the effects of control factors based on a variety of datasets that result from actual security policy violations.
Second, we conducted the present study by measuring how each control item applies specifically to the teleworking environment.
erefore, it remains unclear whether our measurement items would be applicable to a completely different environment.
Finally, the research data for this work were collected from organizations in Korea, especially from financial companies, where security controls are well organized compared to other companies. However, telecommuting was not popular in Korea before the COVID-19 pandemic owing to the restrictions of network segmentation. us,  Moreover, security controls were newly applied to teleworking because of the pandemic, and most employees have still not adapted themselves to the new work environment. Consequently, particular care must be taken before generalizing our findings to new office or telecommuting environments.
After the experience of telecommuting, we need to revalidate our model 1 or 2 years thereafter, and we also encourage research in environment where workers have already been telecommuting for a long time to compare our models.

Conclusions
In this study, we examined the factors affecting corporate security policies in the new telecommuting environment created by the COVID-19 pandemic. Cybersecurity threats are increasing exponentially with the sudden increase in teleworking. Despite existing security controls, more compelling cybersecurity risks keep threatening telecommuters.
us, we need to continue searching for the critical determinants of security control factors in telecommuting environments. e data collected from 207 telecommuting employees through Google surveys in this work indicate that specification and mandatoriness play a decisive role in making telecommuting security policies more effective. erefore, we suggest that corporations should take administrative and technical measures to guard against unexpected dangers and reinforce their security policies associated with the teleworking environment.

Data Availability
e Excel data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare no conflicts of interest.