Distractions at work can have serious cybersecurity implications

Distracted employees are twice as likely to do the bare minimum for security at work, according to 1Password. The findings reveal that sustained burnout, now paired with high levels of distraction, has critical implications for workplace security.

“While we hope the worst of the pandemic is behind us, world events continue to unsettle and distract employees. Mishaps are inevitable – it’s not a case of if world distractions will make employees more vulnerable to human error, it’s a matter of when,” said Jeff Shiner, CEO, 1Password. “That’s why it’s vital that businesses take security off people’s plates by implementing seamless systems that eliminate the need for human action. The easier we can make security, the less it will become yet another distraction. It’s a win-win for employees and companies.”

The distraction vortex

Workers have faced what can feel like an avalanche of crises and concerns over the past year. From the COVID-19 pandemic to the whipsawing financial markets and inflation, workers conveyed a vivid picture of their distraction on overdrive, with 53% related to economic or monetary concerns.

• Unprecedented stress: 4 in 5 employees (79%) feel distracted on a typical work day, with 1 in 3 employees (32%) saying they’re the most stressed they’ve ever been in their lives.
• A perfect storm: Top distractions include the Covid-19 pandemic (44%), recession/inflation (42%), economic uncertainty (38%), gas prices (34%), and personal relationships (29%).
• Missing motivation: More than 1 in 4 employees (26%) say that distractions from world events make it hard to care about their job. This has major repercussions for enterprise security, with distracted workers more than twice as likely as others to do only the bare minimum for security at work (24% vs. 10%).

Security is sinking in

Despite high-profile breaches and ransomware attacks generating splashy media headlines weekly, silver linings are evident amid the chaos. Awareness of cyberthreats is increasing, and security automation and systems are making headway, counterbalancing human shortcomings around security.

• Rising awareness: 3 in 4 employees (76%) are aware their individual actions have an impact on their company’s overall security, and 82% would care if they caused a security breach.
• Trusted tools: Nearly 9 in 10 employees (89%) now use authentication products or services such as two-factor (2FA) or multi-factor authentication (MFA), biometrics, password managers and single sign-on.
• Mythbusting: complexity ≠ security: There’s a misperception that if security is too easy, it’s not safe. Employees are three times as likely to trust two-factor or multi-factor authentication as they are to trust single sign-on (65% vs. 19%).

Security slippage

Notable security improvements have been made in recent years, but research shows that bad security hygiene persists in the modern workplace. Poor password habits are still prevalent, and 50% of employees say the biggest threat their company faces is the prospect of employees falling for scams or phishing attempts.

• Senior security snafus: Poor password hygiene is notably worse among employees at the level of director and above, with 49% using personal identifiers in their passwords.
• Password reuse: Despite knowing the risks associated, 1 in 3 employees reuse passwords.
• Same device, different gig: One in 10 workers (10%) have used their work computers or devices for a side gig or another job – and tech workers are even worse (19%) – making companies increasingly vulnerable to security risks.

Tech industry trouble

Workers in the tech, IT and telecom industries reported being far more distracted compared to their non-tech counterparts. Tech workers are nearly twice as likely as others to say distractions make it hard to care about their jobs, and are more than three times as likely to do the bare minimum around security.

• Domino effect: 46% of tech industry workers say that distractions… from world events make it hard to care about their jobs – compared to 23% of other employees in other industries.
• Distraction dependency: 39% of tech industry workers say their coworkers are less productive at work because they’re distracted by world events – nearly twice as much as workers in other industries (20%).
• Phoning it in with workplace security: 36% of tech industry workers say they only do the bare minimum when it comes to security at work – compared to 11% of employees in other industries.

“Every crisis creates an opportunity for criminals to exploit victims via social engineering as they take advantage of psychological weaknesses. Many of the traditional human vulnerabilities are at greater risk in a time of permacrisis; curiosity, the power of authority figures, manufactured urgency, greed and other weaknesses will continue to be used to the attackers’ advantage,” said Troy Hunt, strategic advisor at 1Password and founder of Have I Been Pwned. “As the level of sophistication increases, even the most tech-savvy of us can fall victim to a well-crafted attack, and it’s our job in the industry to build more resilient systems and tools.”