Why does hybrid work cause cybersecurity errors?

Many people return to the office for the first time in years or switch to a hybrid work schedule. This brings new distractions and obstacles: employees have to navigate in a new work environment or constantly switch between locations while navigating both video and personal meetings. Business leaders need to consider the impact on employee well-being and, in turn, their impact on cybersecurity behavior.

Again report According to Tessian, an email security company, about half of employees cited distraction and fatigue as the main reasons they made cybersecurity mistakes. This is more than 34% in 2020. These mistakes are not uncommon – a quarter of employees have received phishing emails in the workplace. last year, two-fifths sent the wrong person an email – and that could lead to costly data breaches, customer loss, and possible regulatory penalties. In fact, almost One-third Companies that lose customers after an email is sent to the wrong person. Bets for employees are also high: a quarter People who make cybersecurity mistakes in the workplace have lost their jobs.

In a hybrid work environment, cybercriminals use advanced techniques to imitate their colleagues and manipulate our behavior. To overcome them, businesses need to understand how stress, distractions, and psychological factors drive people to these scams.

Why hybrid work and Zoom fatigue causes errors

After working remotely for two years, people had to adapt to using new technologies on a daily basis, such as video conferencing. As offices reopen, people are constantly changing contexts, facing distractions from both the physical office and the virtual, constantly open communication that comes from working remotely. It is morally tiring. This distraction and fatigue causes people to overload their cognitive loads, and mistakes are made.

For example, a latest research The work of Jeff and his team at Stanford shows that virtual meeting fatigue causes cognitive overload. In face-to-face interactions, we naturally establish nonverbal communication and interpret these signs subconsciously. But over video, our brains need to work harder to send and receive signals. Seeing ourselves on camera during the day is also stressful, which can lead to additional stress. When our cognitive loads are excessive, tasks that are more difficult to focus on, such as detecting phishing scams or double-checking that you have sent a file to the correct email recipient, may be overlooked.

In this case, errors occur that can damage cybersecurity. Scammers know this, too, and are more likely to send phishing emails late in the workday, when a person’s security is likely to be activated.

Simple adjustments can affect employee well-being and help relieve fatigue and distraction that can lead to mistakes. Encourage people to take regular breaks between virtual meetings and stay away from screens during the day. The establishment of special “non-meeting days” during the work week and the optional video for unnecessary meetings can also make a positive difference. Businesses can also take a data-driven approach by measuring how tired a particular team or employee is and offering targeted support. The Stanford Zoom Exhaustion and Fatigue Scale (ZEF). [survey required] is a useful measurement tool.

How cybercriminals use psychology to manipulate employees

Cybercriminals have developed methods to manipulate human behavior. One example uses social evidence, a phenomenon in which people adapt to the behavior of others in order to be accepted. Social evidence is one of the main principles of influence and is strengthened when applied to the government. Cybercriminals know that most people obey those in authority, which is why self-immolation scams are so effective. Combine authority with a sense of urgency and you have a very attractive and convincing message. In fact, Tessian found it more than half most of its employees fell for phishing scams in 2022, which appear to be a high-level manager.

Another psychological concept used by aggressors is our “known” network. We trust the people in our networks more than the complete strangers. For this reason, cybercriminals now use SMS text messages and chat platforms to send malicious messages. Until recently, only someone we knew could text us, which made it a fairly reliable and trustworthy communication channel. But now many people give out phone numbers when shopping online, and phone numbers are leaked as a result of data breaches, which is no longer the case. Text messaging has become as risky as sending emails, and texting has become more expensive for Americans with text scams or “pickups.” $ 50 million In 2020.

Regardless of the platform – SMS text, email or social media – pay attention to unusual queries and messages that create a sense of urgency. Aggressors will often use stressful and time-sensitive topics, such as missed payments or serious deadlines, for people to react quickly. If you know what symptoms to look for, it’s easier to trust your doubts when something goes wrong. From there, you can verbally confirm the request with your colleague or call the financial institution directly before clicking on the link.

Knowledge is power

Let’s be clear: the goal here is not to increase the fear, stress or guilt associated with cybersecurity in the workplace. It is human nature to make mistakes, but hybrid work environments can cause people to slip more often.

Only by understanding how factors such as stress, distraction, and fatigue affect people’s behavior, and by understanding how cybercriminals manipulate human psychology, can businesses begin to find ways to strengthen employees and ensure that mistakes do not turn into serious security incidents.

Higher knowledge and contextual awareness of threats can help eliminate impulsive decision-making that occurs when stress levels are high and cognitive loads are excessive, and gives people time to think twice. If the right steps are taken, employers can better avoid the high risks of cybersecurity and allow employees to do their jobs effectively and safely.

Tim Sadler is CEO of Tessian, and Jeff Hancock is Harry and Norman Chandler is a professor of communication at Stanford University..