Why hybrid work is leading to cybersecurity mistakes

We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!

Many people are returning to the office for the first time in years or moving to a hybrid of work schedule. This shift brings new distractions and interruptions: employees must navigate to a new working environment or constantly switch between locations while navigating both video and personal meetings. Business leaders should consider the impact on employee well-being and, in turn, their cyber security behavior.

In a new report from email security company Tacian, nearly half of employees cited disruption and fatigue as the main reasons for cyber security bugs, up from 34% in 2020. These errors are not uncommon – a quarter of employees fell for phishing emails at work last year, when two-fifths sent emails to the wrong person – and that can lead to costly data breaches, customer losses and potential regulatory penalties. In fact, almost a third of businesses lost customers after emails were sent to the wrong person. The stakes are higher for employees: one in four people who make a cyber security mistake at work has lost their job.

In the hybrid work environment, cybercriminals are using sophisticated techniques to impersonate colleagues and manipulate our behavior. To outsmart them, businesses need to understand how stress, distractions and psychological factors lead people to these scams.

Why hybrid function and zoom lead to fatigue errors

After two years of working remotely, people have become accustomed to using new technologies like video conferencing on a daily basis. As offices reopen, people are constantly facing interruptions from context-switching, both physical office and virtual, ongoing communication that comes with remote work. It’s mentally boring. This distraction and fatigue overwhelms the cognitive burden of the people and that is when mistakes are made.

For example, a recent study by Jeff and his team at Stanford showed how virtual meeting fatigue leads to cognitive overload. In face-to-face interactions, we naturally communicate nonverbally and subconsciously interpret these signals. But on video, our brains have to work harder to send and receive signals. There is also the mental stress of looking at the camera all day, which can cause additional stress. When our cognitive load is overloaded, tasks such as detecting phishing scams or double-checking that you are sending the file to the correct email recipient can be avoided.

This is when mistakes happen that can compromise cyber security. Scammers also know this, and are more likely to send phishing emails on business days when a person is less likely to be a protector.

Simple improvements can affect employee well-being and help ease fatigue and disruption leading to mistakes. Encourage people to take regular breaks between virtual meetings and stay away from the screen throughout the day. Establishing a dedicated “No Meeting Days” during the work week and substituting video for meetings where it is not necessary can also make a positive difference. Businesses can also take a data-driven approach by measuring how tired a particular team or employee is and offering targeted support. Stanford Zoom Fatigue and Fatigue (ZEF) Scale [survey required] Is a helpful measurement tool.

How cybercriminals use psychology to manipulate employees

Cybercriminals have developed techniques to manipulate human behavior. One example is taking advantage of social evidence, a phenomenon that people will adapt to the behavior of others to accept. Social proof is one of the main principles of influence and becomes stronger when power is exercised. Cybercriminals know that most people turn to those in power, which is why fraudulent scams are so effective. Combine authority with a sense of urgency, and you have a very compelling and believable message. In fact, Tacian found out that more than half of employees were involved in a phishing scam that led to a senior executive pretending to be a 2022 executive.

Another psychological concept attackers leverage is our “known” network. We trust people who are more than complete strangers in our network. That’s why cybercriminals are now using SMS text messages and chat platforms to send malicious messages. Until recently, only the person we knew could text us, making it a very reliable and trustworthy channel of communication. But now many people give their phone numbers while shopping online and phone numbers have been leaked due to data breach, it is not like that anymore. Text messaging with SMS text scams or “smashing” to make Americans spend more than $ 50 million by 2020 has become as dangerous as email.

Platform – SMS text, email or social media – whatever – keep an eye out for unusual requests and urgent messages. Attackers will often use stressful and time-sensitive themes such as missed payments or strict deadlines so that people respond quickly. If you know what to look for and tactics to help ease the way. From there you can verbally confirm the request with a coworker or call the financial institution directly before clicking on a link.

Knowledge is power

Let’s be clear: the goal here is not to increase fear, stress or crime around cyber security in the workplace. Making mistakes is human nature, but working environments Working environments can make people slip more often.

By understanding how factors such as stress, distractions and fatigue affect people’s behavior and how cybercriminals manipulate human psychology, businesses can begin to find ways to empower employees and ensure that mistakes do not turn into serious security incidents. Is.

More knowledge and contextual awareness of threats can help override impulsive decision-making that occurs when stress levels are high and cognitive loads are high, giving people a moment to think twice. If appropriate steps are taken, employers can better avoid cyber security risks and employees can do their jobs effectively and securely.

Tim Sadler is CEO of Tacian and Jeff Hancock Harry and Norman Chandler are professors of communication at Stanford University.,


Welcome to the VentureBeat community!

DataDecisionMakers is a place where experts, including tech people working on data, can share data-related insights and innovations.

If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing to your own article!

Read more from DataDecisionMakers

Similar Posts

Leave a Reply

Your email address will not be published.