Why hybrid work leads to cyber security flaws
hybrid work, environment, face-to-face meeting, distraction, cybersecurity, error, fatigue, cybercriminals, technology, software, Yüce Software
After a few years, many people return to the office or switch to hybrid work mode. There is distraction and disruption associated with this change, as employees must move to a new environment or constantly switch between locations while browsing video and face-to-face meetings. We should consider the impact on employees' welfare and their cyber security behaviour.
According to Tessian's report on email security, nearly half of employees cited fatigue and distraction as the main reasons they made a mistake in cybersecurity. These errors are not uncommon, especially a quarter of employees have fallen for phishing e-mail, and two-fifths have sent the e-mail to the wrong person, which can lead to costly data leaks, customer loss and possible regulatory fines. Almost a third of businesses lost customers after an email was sent to the wrong person. Also, one in four people who have made a mistake in cyber security has lost their jobs.
Cybercriminals use advanced techniques in a hybrid work environment. They often impersonate colleagues and manipulate employee behaviour, so it's important to understand how stress, distraction, and psychological factors cause people to succumb to these scams.
Hybrid work and zoom fatigue lead to mistakes
With the opening of the office, people are constantly switching contexts and facing the distractions from the physical and virtual office, which is mentally exhausting. Distraction and fatigue cause the cognitive burden of people to be overwhelmed, and therefore mistakes are made.
Fatigue from virtual encounters leads to cognitive overload. In face-to-face interactions, we naturally communicate non-verbally and subconsciously interpret these cues. But through video, our brains have to work much harder to send and receive signals. There is also more mental tension when we see each other on camera all day, which can cause additional stress. When our cognitive burden is overwhelmed, it is much harder to concentrate, which means that tasks such as detecting phishing scams or double-checking that you are sending a file to the right email recipient can be overlooked.
This is when mistakes are made that can jeopardize cyber security. Scammers also know this and are more likely to send phishing emails later in the workday when the guard is likely to be inactive.
Simple changes can affect employees while mitigating the exhaustion and distraction that lead to mistakes. It would be good to take regular breaks and move away from the screens during the day. Employees should set aside days without appointments during the work week, if possible.
Cybercriminals use psychology to manipulate employees
Cybercriminals have developed techniques for manipulating human behaviour. People adopt the behaviour of others to be accepted. Social evidence is one of the basic principles of influence and becomes stronger when invoking authority. Cybercriminals know that most people submit to those who have authority, which is why fraud is so effective. Combine authority with a sense of urgency and you will get a very impressive and convincing message.
People tend to trust the people on our networks more than strangers. That's why cyber criminals now use SMS and chat platforms to send malicious messages. Until recently, only someone we knew could write to us, which made him a fairly reliable and trustworthy communication channel. But now that many people give their phone numbers when shopping online and phone numbers have leaked when data is compromised, this is no longer the case. Text messaging has become as risky as sending e-mails.
Regardless of the platform - SMS text, email or social media - watch out for messages with unusual requests and messages that create a sense of urgency. Attackers often use stressful and time-sensitive topics, such as missed payments or strict deadlines, to get people to respond quickly. If you know what symptoms to look for, it's easier to believe your suspicions when something doesn't seem right. From here, you can confirm the request orally with a colleague or call the financial institution directly before clicking the link.
Knowledge is power
By understanding how factors such as stress, distraction, and fatigue affect people's behaviour, and by understanding how cybercriminals manipulate human psychology, businesses can begin to look for ways to empower employees and ensure that mistakes do not turn into serious security incidents.
Greater knowledge and contextual awareness of threats can help overcome the impulsive decisions that occur when stress levels are high and cognitive stress is overcome, giving people a moment to think. If the right steps are taken, employers can better avoid the high risks of cyber security and employees can do their job efficiently and safely.