The stress of remote working for 12 months during a global health crisis unseen in a century is causing more people to slip and make basic cyber security errors, according to a newly released report compiled for security firm Forcepoint.
During the first wave of the Covid-19 pandemic, the concerns of security and IT teams focused by and significant on protecting hastily installed remote work support systems and preventing Zoom-bombing.
But a year on, Forcepoint has found that more than half of remote workers in the UK are under increasing mental pressure, and therefore more inclined to inadvertently fall victim to risky behaviors.
These could include making more mistakes such as opening and clicking on obvious phishing emails, increased use of an individual’s own shadow IT devices, or increased sharing of devices within their household.
“Lockdown has been a stressful time for everyone, and while employers have admirably supported remote working with technology and connectivity, the human factor must not be overlooked,” said Margaret Cunningham, Forcepoint’s principal research scientist. “Interruptions, distractions, and split attention can be physically and emotionally draining and, as such, it’s unsurprising that decision fatigue and motivated reasoning continue to grow.
“Companies and business leaders need to take into account the unique psychological and physical situation of their home workers when it comes to adequate IT protection.
“They need to make their employees feel comfortable in their home offices, raise their awareness of IT security, and also model positive behaviors. Knowing the rules, both written and implied, and then designing behavior-centric metrics surrounding the rules can help us mitigate the negative impact of these risky behaviors.”
Cunningham said that although both older and younger employees tended to report they were receiving similar levels of organizational support while working remotely, the emotional experience and how different generations use technology was markedly different.
For example, younger, millennial employees – currently aged about 25-40 – were much more likely to say their stress levels made it harder to focus. Younger people were also more likely to feel pressured to be “at work” outside regular hours. They were more stressed out by competing demands from their personal and professional lives.
They also reported more anxiety about their long-term job security; we’re worried about their performance and ability to do their job well and struggled to understand their professional goals.
As a result, 41% of younger respondents reported that they were making more basic mistakes when working from home, such as copying the wrong people into emails – which can technically be a GDPR (General Data Protection Regulation) breach in some circumstances. More than half, 54%, said distractions in the home negatively impacted decision-making, and 46% said they were using shadow IT to perform tasks more efficiently – an apparent risk factor in opening up organizations to cyber attack.
“Throughout the whole study, we saw that certain groups were more negatively impacted by work-from-home mandates, and the group most affected were the younger workers,” said Cunningham.
“This group also reported higher stress levels, which may indicate that they feel pressured by time or work commitments and therefore engage in riskier behaviors to get their jobs done. This can expose organizations to increased cyber security risks.”
The other group of people feeling the pressure were parents and caregivers, who were more likely to feel stressed by competing demands from their personal and professional lives. They found it harder to make decisions and, like millennials, also worried about demands on their time outside of their contracted hours.
Caregivers also tended to report that their personal responsibilities during lockdown negatively impacted their job performance and were similarly worried about their ability to do their job well and keep their position in many circumstances.
Again, this left them exposing their employers to heightened levels of cyber risk, with high numbers admitting to minor mistakes, distractions, and unsanctioned use of shadow IT.
With remote working guidance in the UK still in effect and likely to remain so until the summer, Forcepoint warned that without additional support from employers, people were likely to continue to deviate from pre-set and learned security rules, exposing their organizations to malicious actors and other threats.