The stress of remote working for 12 months during a global health crisis unseen in a century is causing more people to slip and make basic cyber security errors, according to a newly released report compiled for security firm Forcepoint. During the first wave of the Covid-19 pandemic, the concerns of security and IT teams focused by and significant on protecting hastily installed remote work support systems and preventing Zoom-bombing. But a year on, Forcepoint has found that more than half of remote workers in the UK are under increasing mental pressure and, therefore, more inclined to fall victim to risky behaviors inadvertently.
These could include making more mistakes, such as opening and clicking on obvious phishing emails, increased use of an individual’s shadow IT devices, or increased sharing of devices within their household. “Lockdown has been a stressful time for everyone. While employers have admirably supported remote working with technology and connectivity, the human factor must not be overlooked,” said Margaret Cunningham, Forcepoint’s principal research scientist. “Interruptions, distractions, and split attention can be physically and emotionally draining and, as such, it’s unsurprising that decision fatigue and motivated reasoning continue to grow.
“Companies and business leaders need to consider the unique psychological and physical situation of their home workers when it comes to adequate IT protection. “They need to make their employees feel comfortable in their home offices, raise their awareness of IT security, and model positive behaviors. Knowing the rules, both written and implied and then designing behavior-centric metrics surrounding the rules can help us mitigate the negative impact of these risky behaviors.” Cunningham said that although both older and younger employees tended to report receiving similar levels of organizational support while working remotely, the emotional experience and how different generations use technology was markedly different.
For example, younger millennial employees – currently aged 25-40 – were much more likely to say their stress levels made it harder to focus. Younger people were also more likely to feel pressured to be “at work” outside regular hours. They were more stressed out by competing demands from their personal and professional lives. They also reported more anxiety about their long-term job security; we’re worried about their performance and ability to do their job well and struggled to understand their professional goals.
As a result, 41% of younger respondents reported making more basic mistakes when working from home, such as copying the wrong people into emails – which can technically be a GDPR (General Data Protection Regulation) breach in some circumstances. More than half, 54%, said distractions in the home negatively impacted decision-making, and 46% said they were using shadow IT to perform tasks more efficiently – an apparent risk factor in opening up organizations to cyber attacks.
“Throughout the study, we saw that work-from-home mandates more negatively impacted certain groups, and the group most affected were the younger workers,” said Cunningham. “This group also reported higher stress levels, which may indicate that they feel pressured by time or work commitments and therefore engage in riskier behaviors to get their jobs done. This can expose organizations to increased cyber security risks.”
The other people feeling the pressure were parents and caregivers, who were more likely to feel stressed by competing demands from their personal and professional lives. They found it harder to make decisions and, like millennials, worried about demands on their time outside their contracted hours. Caregivers also tended to report that their responsibilities during lockdown negatively impacted their job performance. They were similarly worried about their ability to do their job well and keep their position in many circumstances.
Again, this left them exposing their employers to heightened levels of cyber risk, with high numbers admitting to minor mistakes, distractions, and unsanctioned use of shadow IT. With remote working guidance in the UK still in effect and likely to remain so until the summer, Forcepoint warned that without additional employer support, people were likely to continue deviating from pre-set and learned security rules, exposing their organizations to malicious actors and other threats.
