Skip to main content

How overwork and stress can undermine even the most robust cybersecurity posture

(Image credit: Image source: Shutterstock/pikselstock)

Advancements in the modern workplace often come with more flexibility, including working remotely or not being tied to traditional 9-5 hours. But regardless of this progress, stress is still a common factor in many employees’ lives. Market pressures and economic uncertainty have manifested unhealthy and sustained levels of stress that can put businesses at serious security risk. In fact, a recent study found that 67 per cent of full-time employees have experienced workplace burnout at least once. According to Webroot’s research, almost two-thirds (63.5 per cent) of UK SMBs state that a high workload resulted in mistakes that put the organisation at risk, as stressed employees try to cut corners to save time. Ultimately, anything that compromises an employee’s ability to be vigilant, should be a key concern for businesses.

The productivity paradox

Historically, productivity has equalled long hours and a fierce dedication to the role at the expense of holidays, downtime or even working contracted hours. In fact, this behaviour was regarded highly as it proved the merit of an employee. However, there’s been a major shift in expectations for the modern workforce over the last five years, with mental wellbeing and a healthy work/life balance receiving a much greater focus. There have also been expert conversations around the negative impact that long hours and stress have on productivity. Employee effectiveness declines with time and the likelihood of making mistakes increases. For example, a tired and stressed employee is much more likely to click on a link in a phishing email, rather than review content critically and raise concerns. Cybercriminals rely on distracted or uninformed employees to make their campaigns successful. This ultimately causes the business financial and reputational losses, should a successful breach occur.

Working towards a solution

With the shifting expectations of the workforce, businesses now have the challenge of changing processes to support modern practices – such as remote and flexible working which help reduce stress levels – while maintaining productivity. Employers must understand that stressed workers can negatively impact all areas of the business, including cybersecurity posture. At the same time, they must ensure that data is kept safe and leverage the appropriate cybersecurity technology where possible. Therefore, a multifaceted approach is needed, which addresses challenges around workload and time management, while meeting business expectations. One way to avoid stressed and overtired employees, who may be more apt to ignore security policies or click on malicious links, is to keep overtime to a minimum. This may require a cultural shift and proactive encouragement of only working allocated hours from the C-suite. 

How can cybersecurity technology help?

As much as responsible businesses try to buffer employees during busy periods, it is impossible to remove every time pressure or stressful situation from the workplace. However, it is possible to mitigate the negative consequences of stress by intelligently implementing technology to support employees – especially those who regularly deal with sensitive information. Leveraging security software enhanced by available threat data, such as the collective intelligence gathered from millions of endpoints, firewalls, gateways and sensors, would be beneficial, whilst aiding rapid detection and response techniques through artificial intelligence. Email filtering will also help to remove phishing lures from inboxes, reducing the possibility of a tired employee clicking a link or downloading a malicious attachment.

Training is an essential part of the approach

Supported by the most appropriate technology, reducing stress in the workplace requires a joint approach by employers and employees. Individuals should work together to understand resource allocation and task lists in order to effectively manage time pressures. However, time management training should be provided for all employees to ensure that they are working as efficiently as possible and minimising time spent working outside of the required hours.  In addition, cybersecurity training is an essential component as it primes employees to spot common threats and helps to strengthen the first line of defence – the human firewall.

The role of technology will continue to augment the employee’s role in the workplace, allowing for more efficient use of time. As we progress, it is important for both employers and employees to understand the ramifications of overwork and stress in the office – especially from a cybersecurity point of view. In a demanding market, organisations cannot afford to continue practices which ultimately introduce more vulnerabilities. Instead, business leaders should strive to put processes and technology in place to help prevent and mitigate the side effects of stress.

An additional benefit to minimising excessive overtime and keeping stress to a minimum is a happier workforce. Happy employees are more likely to be engaged, alert and invested in the organisation, making it their business to help protect the collective organisation from cyberattacks. They are also less likely to become an insider threat, either intentionally or unintentionally. Organisations must move to a new way of thinking which prioritises effectiveness over busyness. By encouraging better time management practices and work life balance, organisations will enjoy the dual benefit of increased job satisfaction across the workforce and improved safety of their data.

Matt Aldridge, Senior Solutions Architect, Webroot

Matt Aldridge is Senior Solutions Architect at Webroot. His role involves providing pre-sales consultancy globally to cybersecurity companies and service providers regarding the integration of Webroot’s BrightCloud Threat Intelligence services into their products and solutions.