A Tired, Stressed Staff Raises Cybersecurity Risks
by Ryan Ozawa
Even before the COVID-19 pandemic, workplace stress was on the rise. And answering email was a big part of that stress: the average professional spends four hours a day answering email, and push notifications for every new message have been singled out by researchers as a “toxic source of stress.”
Although the rapid shift to remote work has brought many upsides, it’s clear that the scale of the disruption caused by COVID-19 is massive. With the distinct mental demands of remote work well established, employers need to be on the lookout for warning signs that all employees are pushing the limits of their abilities.
Remote work is stressful
Since the beginning of the pandemic, the impact of remote work on employees has been a hot topic. When the parameters of the job change, employees must also change. Add the looming threat of a pandemic, says Harvard psychologist Luana Marques, and people spend more time in “fight-or-flight mode.”
“They’re trying to do a lot, and really, they don’t have as much brain capacity, as much thinking capacity as they had before,” Marques says.
Email volumes skyrocket
For over a decade, email has been a major part of the average workday. But thanks to COVID-19, the use of email has greatly increased.
Early in the pandemic, emails within organizations doubled. Within the health care industry, email volume increased by 300 percent. And weekend email volumes increased by 1,000 percent.
And each email, according to author and psychologist Ron Friedman, “represents another demand on your time and another decision you have to make.”
That mental load poses a risk to the employee, to be sure, but also to the company.
More than a health risk
The dual demands of remote work and increased email volumes have another consequence: an increased risk of sensitive data being exposed by outbound email data breaches.
Email security firm Egress surveyed 538 senior managers responsible for IT security in the UK and US across vertical sectors including healthcare, financial services, banking, and the legal industry. Key findings include:
- 93% had experienced data breaches via outbound email in the previous year.
- The most common breach types were replying to spear phishing emails (80%), emails sent to the wrong recipients (80%), and incorrect file attachments (80%).
- 70% believe that remote working raises the risk of sensitive data being put at risk from outbound email data breaches.
Most critically, Egress found the most common reason cited for security breaches was “an employee being tired or stressed.”
Enhance security with technology
The Egress survey also found that 62% of respondents relied on employees and manual processes to identify data breaches—relying highly on human vigilance and attention at a time when stressors and distractions are at an all-time high.
In fact, 16% of those surveyed had no technology in place to protect data shared by outbound email, and of those that did, only 38% had data loss prevention (DLP) tools in place, an important part of ensuring HIPAA compliance.
Among its features are ExecProtect, which detects display name spoofing attacks, and DomainAge, which catches scam emails coming from newly registered domains that are too new to be on security blocklists.