The ongoing stress of the global pandemic, war, inflation and global uncertainty has made it difficult for people to manage everyday decision-making. As a recent survey by the APA found, one-third of people have such high-stress levels that they are battling to decide what to wear or what to eat. Mental health issues are now considered by many to be the pandemic of 2022 and, in South Africa, this is further impacted by additional stress factors such as the cost of living, crime and load shedding. And, as people juggle these challenges on a daily basis, they are struggling to pay attention and make decisions which are, as Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa, points out, making them more vulnerable to cybersecurity threats.
“It’s easy to see how stress and overwhelm make it easy for people to make simple cybersecurity mistakes,” she adds. “You’re tired, you’re not paying attention, you click on a link you’d normally avoid. You’re distracted and, in a rush, so you open an attachment you’d usually ignore. This is how the scammers and criminals are increasingly catching people unawares and putting both personal and business security at risk.”
The risk of being phished or defrauded rises incrementally with how tired and worn-out a person may be – research finding that 41% of employees miss a phish because they are tired and 47% because they are distracted. In daily life, this can translate to falling for a fake email while getting into the car on the way to a meeting, only to have payment information phished by a spoof site. Or to click on an email that has been carefully designed to look like it is an urgent work message from HR only for it to be a scammer stealing your login credentials for the office. Every tap and click is an easy mistake that will cost money and the business.
“Our modern lives with mobile devices, apps, email and social media constantly fighting for our attention, result in cognitive overload and multi-tasking. This in turn makes us more error-prone, stressed and also more susceptible to social engineering attacks. This is one of the reasons why companies should invest into wellness and mental wellbeing for their employees,” says Collard. “And why security training should be linked to being present and, in the moment, and taking time to process information. People need to realise that their personal wellbeing is directly connected to maintaining their online security.”
Most companies would not associate security as a direct benefit of employee wellness. Usually that is the remit of productivity, or improved employee engagement. However, by considering how easily people make mistakes when they are tired, burned out or disengaged, companies are absolutely investing into their long-term business security. When we are stressed, the part of our brain that deals with decision-making is taken over by our fear centre, decreasing our ability to think critically and focus. On the flipside, when we are calm, we are more able to focus, think clearly and make better choices.
“The goal is to keep the mind active when it comes to very specific decision-making when confronted by potential phishing emails or cyber threats,” says Collard. “Cybercriminals, as well as fake news, use emotional triggering content such as fear, greed or curiosity to trick us out of critical thinking. If we learn to use our heightened emotions as early warning signs and apply mindfulness techniques to quiet down, focus and pay attention before we react, we can remain in control, focus better and in turn prevent cyber attacks.
Security training is essential for the modern business, especially when it comes to giving employees the tools, they need to recognise threats and make informed decisions. However, as the world moves through the fallout from the pandemic, global uncertainty and ongoing stress, adding a wellness dimension to security training is fast becoming a critical factor in ensuring that the training kicks in when the tiredness takes over.