Understanding the role of the bring-your-own-device policy in mobile learning behavioral usage

The determinants of bring-your-own-device (BYOD) use protection intentions affecting BYOD us- age protection behaviors were examined in this study. The determinants of employees’ behavioral intention to use and their actual protection behavior in protecting their devices BYOD environment were identified. Jordanian residents aged 18 and above, with mobile learning behavioral usage awareness, made up the study population. A survey questionnaire was used to obtain the data, while the proposed research model was tested using structural equation modeling (SEM). The results show positive impact of BYOD usage protection intention on mobile learning behavioral usage, while attitude showed insignificant impact on BODY usage protection intention. Subjective norms significantly affected BYOD usage protection intention, while information security awareness showed insignificant impact on BYOD usage protection intention. who found that employees are well aware of the potential risks and security threats when they use their personal devices. Another unsupported prediction was on the impact of attitude on protection intention (H2), as the results show non-significant influence of attitude. This contradicts Tsai et al.,2016, Topa and Karyda (2015) and Nasir et al. (2019) who reported that attitude can significantly impact protection intention and protection behavior.


Introduction
The use of mobile devices in medical education and healthcare delivery is increasingly more common and crucial, especially following the progressions in information and communication technologies (ICTs). Personal mobile device usage in medical schools and healthcare facilities allows smooth communication and collaboration, as well as easy access to medical information (Al Ayubi et al., 2016;Chang et al., 2013). In addition, it allows flexible and timely self-paced learning (Ally, 2013;Hardyman et al., 2013). At the same time, certain issues have to be addressed pertaining to mobile device usage in this context, such as incorrect usage of mobile devices like the use of mobile devices that lack security features (Nguyen, 2019;Wani et al., 2020). Also, the lack of regulations to medical applications adds to the problem (Lewis & Wyatt, 2014). As the use of mobile devices is widespread today, there is also an issue relating to etiquette, as can be exemplified in the problems of distracted learning and doctoring (O'Connor et al., 2014;Tran et al., 2014), in addition to poor control measures of infection (O'Connor et al., 2014).
In medical education and healthcare environments, mobile devices for medical education and healthcare delivery are either provided by the institution or personally owned (Meneghetti, 2013;Williams, 2014). However, the use of personal mobile devices in medical education and healthcare delivery is increasingly favored and promoted, owing to several benefits, and the correct and safe usage of these devices are being fostered as well (Disterer & Kleiner, 2013;Weeger et al., 2016). This had led to the policy of bring-your-own-device (BYOD). BYOD policy is cost effective to the institution, as the cost is shifted from the institution to the user. Nonetheless, BYOD is not easy to implement owing to the varied conceptualizations and the widespread usage of mobile devices in various environments. BYOD is generally the usage of personal mobile devices for medical education and healthcare delivery purposes (Dimond et al., 2016;O'Connor et al., 2014).
Mobile technologies are clearly an outstanding and prized invention by man (Al-Emran, 2020). Mobile devices as a constituent of mobile technologies, comprise wireless information and communications technologies, allowing users from various places to be consistently connected with one another simultaneously, and at all times (Zaidi et al., 2021). Through these technologies, people could acquire knowledge as well, at any time and from any place. Indeed, mobile devices allow information processing and contribution among users (Al-Emran, 2020). Notably, smartphones and tablets, mobile devices, are increasingly useful in the workplace, and in fact, the policy of Bring Your Own Devices (BYOD) is a current trend among organizations. BYOD involves the use of smartphones, mobile phones, laptops, and tablets by organization members including employees. The use of these devices allows more flexibility in task completion -the employees could complete their tasks even when they are not at the office.
BYOD and IT consumerization co-exist as these personal mobile devices have become part of business and government operation (Weeger et al., 2020). In BYOD policy, members of an organization or institution use their mobile devices in their work completion. In this regard, smartphones are increasingly being used as the tool for accessing the internet resources (Oberlo, 2020). Turner (2021) accordingly reported that in the year 2021, there would be approximately 6.3 billion smartphone users all over the world, and about 5.22 billion users would be using their mobile devices to complete their work-related tasks. In describing a BYOD environment, Hughes (2016) explained that employees would utilize their devices to gain access to the networks of their organizations, and to obtain the work related data. To this end, the use of mobile devices like smartphones would save employees from having to bring various devices for work and personal use, and from having to use numerous device makes and models.
The outbreak of COVID-19 pandemic has intensified the trend of BYOD, owing to the switch from the conventional workfrom-office policy to the work-from-home policy, among government institutions and corporate bodies all over the world (Vrhovec & Markelj, 2018). The switch from the work-from-office policy to work-from-home policy was mainly factored by movement restrictions and social distancing regulations as among the methods to curb the spread of COVID-19. In this regard, organizations adopted BYOD so that employees could still perform their work as usual, despite the severity of the pandemic. Among universities, the use of mobile devices in learning and teaching is increasingly popular. Like other institutions, universities also have been making attempts to leverage on the advantages of personal mobile device usage. Hence, the use of BYOD policy in the delivery of education is increasingly common in universities today.
Despite the effectiveness and benefits of BYOD policy in several institutions, this policy has not been adequately examined. In fact, there has been a lack of research covering this subject. As such, the present study attempted to fill the void. With concern over the issue of safety in BYOD, the present study attempted to identify the factors affecting BYOD usage protection intention and its effect on mobile learning (ML) behavioral usage. Accordingly, a comprehensive model was proposed in this study. The model was grounded upon some common acceptance theories namely ATT, SN, ISA and BUPI. The impact of BYOD on ML behavioral intention to use was explored. Also, based on TBP theory, this study examined how the factors can affect ML behavior usage. Notably, the present study would be the first one exploring BYOD on ML usage.

Literature review and hypothesis development
The present study examined the determinants of students' protection intention and their protection behavior in their devices usage within the environment of BYOD. Accordingly, a model was proposed in this study, as can be viewed in the following Fig. 1. The model was underpinned by TRA as its major underpinning theory, and TRA has been applied in studies on information security. Social behavioral theories were also included in the model, in addition to the inclusion of the factors of attitude, subjective norm, information security awareness, protection intention and behavior use intention. Theory of reasoned action (TRA) (Fishbein & Ajzen, 1980) illustrates the behaviors of people under the control of individuals. TRA posits that the behavior of a person is mainly determined by his or her intention to execute that behavior. In essence, it encompasses how far the person is willing to perform that behavior. There are two factors affecting behavioral intention namely the attitude of the person towards that behavior, and subjective norms (Ajzen, 2020). The former concerns the evaluation of the person towards the consequences of performing that behavior, while the latter concerns the viewpoint of the person towards social pressure on performing (or not performing) that behavior (Fishbein & Ajzen, 1980). TRA proposes a linear relationship, whereby attitude and subjective norm affect behavioral intention, and thus, both factors determine a person's actual behavior. As such, greater social pressure and better attitude towards certain behavior will increase the likelihood of performing the behavior. Among the strong points of TRA are: it is simple, has good explanatory power, and able to use various combinations of factors in linearly and sequentially determining an individual's behavior (Boxer & Thompson, 2020;Ajzen, 2020).
TRA posits that behavior is determined by the intentions to perform the behavior, but intention has been used as a dependent variable in past studies. In other words, intention has been often determined by other variables. Hence, in describing protection intention (PI), it could be understood as a protection motive that sustains, guides, and initiates the intentions of individuals to perform the precautionary behavior proposed (Milne et al., 2002). Therefore, the present study hypothesized that:

H1: BYOD usage protection intention has a positive influence on mobile learning behavioral usage.
Attitude (ATT) refers to the general evaluation of a person towards performing the actual behavior, and attitude can be either positive or negative (Hina & Dominic, 2017;Ifinedo, 2012). Among users of social networks, their behavior (attitude) is influenced by factors like age, gender, and career (Dhawan et al., 2014). Relevantly, an Information Security Culture (ISC) model was introduced by Nasir et al. (2019), with the purpose of increasing the effectiveness of employees' protection behavior in an organization. The model included seven characteristics that investigate its impact on workers' Information Security Policy (ISP) compliance behavior, and attitude was one of the model's characteristics. ISP was expected to affect the attitude of employees towards ISP compliance, while the intention of employees to comply with ISP was affected by their attitude towards ISP compliance, and so, this study proposed the following:

H2: Attitude has a positive influence on BYOD usage protection intention.
Subjective Norms (SN) are the belief that the surrounding individuals could influence a person in performing certain behavior (Thompson et al., 2017). In their study on the impacts of subjective norms on behavior intention, Martens et al. (2019) found subjective norms a strong predictor of protective behavior. Meanwhile, Safa et al. (2015) found significant impact of information security policies on the establishment of subjective norms on information security behavior in an organization. The hypothesis below was therefore proposed:

H3: Subjective norm has a positive influence on BYOD usage protection intention.
Information Security Awareness (ISA) relates to the level to which all employees are aware of the value of information security policies, rules, and regulations, and feel accountable in safeguarding the information of their organization via displaying appropriate behaviors (Kaur & Mustafa, 2013;McCormac et al., 2017). Meanwhile, in their study, Ortiz et al. (2017) classed ISA into two categories as follows: general information security awareness (GISA) and information security policy awareness (ISPA). Between both, ISA is crucial in removing security breaches risks in organizations. As such, the present study established the following hypothesis: H4: Information security awareness positively influences BYOD usage protection intention.

Sample and data collection procedure
Jordanian residents aged 18 and above, with understanding of mobile learning behavioral usage (at least) made up the study population. These specific Jordanians were chosen as the study population because, in general, an 18-year-old would have sufficient understanding of the technology. However, as affirmation, the potential participants were to answer the criteria fulfillment questions in the questionnaire; there were two exit questions to be answered by the respondents, one being the question on their age and residency, while the other being an affirmation question on their familiarity with mobile learning behavioral usage.
A sampling frame with a complete list of potential mobile learning consumers in Jordan was impossible to obtain, and so, this study had opted to utilize convenience sampling method as it was the most appropriate one for the study context. A total of 425 respondents were involved in this study, and 400 valid responses were obtained (94.1% response rate). The items in the questionnaire were equipped with a seven-point Likert scale (1 to denote "Strongly Disagree" to 7 to denote "Strongly Agree"). Specifically: items on mobile learning behavioral usage were based on Ameen et al. (2021) and Thompson et al. (2017); items on BYOD usage protection intention were based on Chon et al. (2018) and Bulgurcu et al. (2010); items on attitude were based on Ameen et al. (2021) and Musarurwa et al. (2019); items on subjective norms were based on Ameen et al. (2021) and Herath and Rao (2009); and items on information security awareness were based on D'Arcy et al. (2009) and Haeussinger and Kranz (2013).

Respondents' demographic profile
From the data obtained: the majority of respondents were male at 52.2%; the majority (53.7%) were of the age of 20 or less; half of the overall respondents were high school leavers or had lower educational qualifications; and 150 respondents (37.5%) expressed that their knowledge of technology was of high level. Fig. 2 presents the details.

Gender Age
Educational background Technology level Fig. 2. Characteristics of the respondents. (N = 400)

Data Analysis and Result
SEM was used in this study, and prior to its execution, the reliability of correlation was measured using Cronbach's Alpha. Hair et al. (2019) had recommended the values between 0.60 and 0.70 for Cronbach's Alpha for reliability affirmation. As displayed in Table 1, the scored values were between 0.84 and 0.91, and thus, reliability was affirmed. Further, as shown in Table 3, the compound reliability values were between 0.73 and 0.94, which were larger than the proposed cutoff value of 0.60. In the measurement model, constructs' validity needs to be ascertained, particularly in terms of convergent validity and discriminant validity, as detailed below.

Convergent Validity
Convergent validity is affirmed if the scale indicators load together on one construct. Schwab (1982) indicated that convergence is affirmed when standard regression weights are significant. Schwab (1982) further added that high load factor denotes strong representation of the scales of the combinations. The standard regression weights of the research indicators were examined, and low load was found among the underlying variables -values smaller than 0.50 would be considered as low load (Newkirk & Lederer, 2006), as can be viewed for ATT3, ATT4, SN5, ISA6 and MLBU5. Those items with low load were removed. The details can be viewed in Table 2.

Discriminant Validity
Test of discriminant validity is carried out to affirm that the items absolutely measure different constructs and are absolutely evaluating different constructs. Several tests can be used in testing the discriminant validity. For instance, Fronell and Larker (1981) proposed evaluating the extracted mean co-contrast (AVE) by latent combinations. Equally, discriminant validity can be determined by examining the relations between research structures to identify any significant correlations between them. Here, if extremely large correlations exist, the model can be said to lack discriminant validity. Fronell and Larcker (1981) stated that discriminant validity can be affirmed if the AVE for each construct is greater than the square link between that construct and any other structures. Fronell and Larker's (1981) formula was used in this study, in determining the model's discriminant validity. Hence, the mean variance extracted from a latent structure was computed, and as shown in Table 3, the values were all between 0.65 and 0.81, and so, the combinations explained 50 percent or more of the variance. As such, discriminant validity was affirmed. Additionally, as can be viewed in Table 3, the AVE values were all greater than the square associations for each set of structures, demonstrating the significant differentiation of the structures by the study measures.

Assessment of Measurement Model
Maximum probability (ML) estimate was used in this study in determining the statistical effect on the model's suitability model for the dataset. ML is regarded as fitting for SEM because ML is appropriate for small sample sizes (100 to 200). Further, ML as a commonly used estimation method, can be used in estimating all model parameters concurrently. Another indicator is the χ2 / df ratio. Its application necessitates three values or less, in order that the model could be regarded as acceptable. Here, smaller the percentage value is sought because it means better fit. James et al. (1982) had recommended the ratio of 2-5 for better fit. In this study, AGFI, NFI, IFI, TLI, and CFI values should fall in the range between 0.80 and 0.90 to be classed as acceptable. Meanwhile, RMSEA value considers the model's goodness-of-fit, with value between 0.05 and 0.08 as acceptable. Table 4 accordingly presents the details of the measurement model fit.   Table 5 shows the hypotheses test results, including the CR estimate for each parameter. As shown, H1 was supported, which affirmed the positive significant impact of BOYD usage protection intention on mobile learning behavioural usage (P = 0.014).

Hypotheses Testing and Result of the Study
Another supported hypothesis was H3, which affirmed the positive significant impact of subjective norms on BOYD usage protection intention (P = ***). Contrariwise, H2 was unsupported because the results were showing insignificant impact of attitude on BOYD usage protection intention (P =0.114). H4 was unsupported as well, which means that information security awareness did not have a significant impact on BOYD usage protection intention (P = 0.221). Not Supported (***P ≤ 0.005, **P ≤ 0.01, *P ≤ 0.05). Notes: Path = Relationship between independent variable on dependent variable; C.R = Critical ration; S.E = Standard error; P = Level of significance.

Discussion
The study results affirmed the aptness of TRA as a promising theoretical framework for comprehending the factors determining the decision of employees to be involved in BYOD protection behaviors. It was predicted in H1 that intentions to perform protection behaviors can significantly affect actual protection behavior, and the results affirmed the prediction. Hence, employees with the intention to safeguard their devices in a BYOD environment will have greater inclination to show protection behavior. As predicted in H3, subjective norms would significantly impact protection intention, and the results affirmed this prediction. This result affirms the findings of some past studies that employees are impelled by the decisions of their peers and superior in BYOD's usage and in complying to BYOD's protection policies of their organization (Thompson et al., 2017;Rajab & Eydgahi, 2019).
Meanwhile, the results show no significant impact of information security awareness on protection intention (H4), and this contradicted the findings of Sommestad et al. (2019) who found that employees are well aware of the potential risks and security threats when they use their personal devices. Another unsupported prediction was on the impact of attitude on protection intention (H2), as the results show non-significant influence of attitude. This contradicts Tsai et al.,2016, Topa andKaryda (2015) and Nasir et al. (2019) who reported that attitude can significantly impact protection intention and protection behavior.

Implication
This study increases the theoretical knowledge on the factors affecting the protection intention relating to BYOD usage protection behaviors. Specifically, this study initiated the empirical scrutiny of the factors of BYOD protection intentions affecting BYOD protection behaviors. In this regard, the proposed conceptual model could increase the awareness of organizations of the determinants of BYOD protection intentions enterprises and facilitate in dealing with the impacts of these factors on employee behavior. Past studies on BYOD were mostly focusing on technological problems faced during BYOD implementation, while the human factors were not addressed, in assuring information security (Palanisamy et al., 2020;Grassegger & Nedbal, 2021). Somehow, it is not enough to focus solely on the technical elements in assuring information security (Grassegger & Nedbal, 2021).
In practice, this study would be of value to both policymakers and strategists, owing to the importance of understanding the causes of BYOD protection behaviors among employees, as this could prevent problems like data leakage, as it could happen either intentionally or unintentionally. It is the responsibility of employers and organizations to assure secured data assets, which could be achieved through BYOD usage protection. With the widespread use of smartphones, BYOD policy is only natural. For decision-makers, the findings of this study could facilitate them in fostering protection behavior among organization members. Among government personnel especially, the increased BYOD usage security behavior could increase performance.

Conclusion, limitation and further research
The present study identified and evaluated the determinants of BYOD use protection intentions that affect BYOD usage protection behaviors. The results show a positive impact of BYOD usage protection intention on mobile learning behavioral usage, while ATT showed insignificant impact on BODY usage protection intention. SN significantly affected BYOD usage protection intention, while ISA showed insignificant impact on BYOD usage protection intention. For this purpose, a conceptual model was proposed. Notably, the present study examined BYOD usage at an individual level, and so, similar studies should be carried out at the organizational level. This could facilitate the improvement of the strategies for BYOD protection policy at both levels (individual and organizational).