How employee burnout may be putting your organization at risk
With pandemic-induced pressures impacting many employees, burnout can easily lead to security risks, says 1Password.
Employee burnout is a potential problem under normal circumstances. But throw in a pandemic, and workers are even more prone to experience job-related stress. This type of burnout not only affects productivity but also triggers cybersecurity risks as employees become less careful about following proper security guidelines. A report released Tuesday by password manager 1Password examines the impact of employee burnout on an organization’s security.
SEE: Juggling remote work with kids’ education is a mammoth task. Here’s how employers can help (free PDF) (TechRepublic)
Titled “The Burnout Breach,” the new report is based on an October survey of 2,500 adults in the US and Canada who work full-time primarily at a computer. The respondents comprised 2,000 general office workers and 500 security professionals with a title of manager or higher.
A large percentage of the people surveyed admitted to feeling burned out — 80% of the office workers and 84% of the security professionals. Some 10% of the security pros and 5% of the office workers said that burnout has left them feeling “completely checked out” and “doing the bare minimum at work.” Further, 32% of the security practitioners said they’re currently looking for new jobs or are about to quit as a result of job burnout.
Those who feel burned out are also more likely to skirt past security guidelines and best practices. Some 20% of burned-out office workers and 44% of security professionals expressed the attitude that security policies “aren’t worth the hassle.” Among those who didn’t feel burned out, just 7% of office workers and 19% of security pros conveyed the same attitude.
As one example, 48% of burned-out employees said they download or use software at work without the permission of IT. A full 59% of those who feel burned out don’t follow proper security in setting up work passwords, opting to choose easy passwords they won’t forget or reusing the same passwords. Almost half of the security professionals said it’s unrealistic for companies to be aware of and manage all apps and devices used by employees at work.
Remote working has opened the door for even greater security risks among employees. Some 22% of the security pros and 6% of the office workers said they let family members, roommates or friends use their work computers. More than half of the security pros and a third of the office workers said they use their personal computers for work. Plus, 29% of the security practitioners and 7% of the office workers said they install apps or browser extensions not approved by their organization.
SEE: Contract work policy (TechRepublic Premium)
The survey also asked people about the security threats they’ve encountered.
Among the security pros, 60% revealed that their company was hit by a threat last year, citing social media spoofing, sophisticated phishing and DDoS attacks as the most common. Ransomware was listed as one of the top three worries by 52% of the security professionals, though only a quarter said they ran into a ransomware attack at work. Phishing was another top concern — more than half of the office workers said they couldn’t tell whether or not an email they received was a phishing message.
“Pandemic-fueled burnout — and resultant workplace apathy and distraction — has emerged as the next significant security risk,” 1Password CEO Jeff Shiner said in a press release. “It’s particularly surprising to find that burned-out security leaders, charged with protecting businesses, are doing a far worse job of following security guidelines — and putting companies at risk. It’s now a business imperative for companies to engage the humans at the heart of security operations with tools, training and ongoing support to create a culture of security and care that helps us all stay safe at work.”
Recommendations for dealing with employee burnout
To help organizations better deal with employee burnout, Shiner shared a few strategies that he’s established at 1Password:
- Open communication. Foster communication around mental health on the job. For example, 1Password has a number of Slack channels where employees can discuss mental health issues and how to overcome them. Managers are also urged to monitor staff workloads to ensure that no single employee is overwhelmed.
- Mental health days and employee benefits. Employee benefits should focus on mental health. 1Password offers dedicated company-wide Mental Health Days along with access to counseling and other mental health services.
- Meditation. 1Password encourages workers to take advantage of free access to meditation courses via the Headspace app.
- Specific mental health training. 1Password also offers mental health-related courses and training to find and alleviate stressors at work.
“There are many different strategies that you can take to support the mental health and well-being of your employees,” Shiner added. “However, the first and most important step is to acknowledge that the people on your team may be struggling to cope — only from there will you be able to provide them with the support they need.”