They call it the Hump Day for a reason; our latest research has revealed that workers feel the most tired on Wednesday afternoon and this could be putting your data and systems at risk.
This is because when we are tired, we become more error-prone. In fact over three quarters of people (76%) we surveyed say that they make more mistakes when they are feeling sleepy.
The problem is that is just takes one mistake – one email accidentally going to the wrong person or one click on a phishing scam – to compromise sensitive data and ruin a company’s reputation.
No rest for the wicked
Phishing is becoming a persistent hazard for businesses to deal with. The number of phishing attacks continue to rise year on year and today, around 6.4 billion fake emails are sent worldwide every day. Furthermore, Verizon revealed that a staggering 94% of malware is now delivered by email.
Therefore, it’s never been more important for employees to spot the good from the bad to avoid falling for the scams. But given that 91% of UK workers told us they feel tired during the working week, with one in five feeling tired every day, can we really expect employees to make the right decision 100% of the time when faced with a cybersecurity threat on email?
The thing is, when we are tired and stressed, we may overlook cues present in a cyber threat. This is according to cyber-psychologists Dr Helen Jones and Prof. John Towse who recently shared their insight in our latest report – Why Do People Make Mistakes.
Tiredness affects our ability to question the legitimacy of messages and makes us more likely to miss something that signals a threat, simply because we have less cognitive capacity available to dedicate to evaluating new information.
Tired employees also pose another risk; fatigue makes it harder for people to resist the impulsive urge to respond to a persuasive request in a potentially malicious email. A study by Washington State University, for example, found that sleep deprivation not only increases the likelihood of someone making risky decisions but also decreases a person’s awareness about why they were taking risks.
With email being so quick and easy to use, tired employees may not even register the risk their inbox could pose. What’s more, it’s not hard to imagine that a smart hacker could even start to target your most tired employees at certain times of the day in a bid to trick them to click.
Waking up to the threat
We cannot expect people to make the right cybersecurity decisions 100% of the time; tiredness and overwhelming workloads lead to risky decisions on email and this poses a threat to your business.
Rather than seeing employees as the first line of defence, you instead need to consider how to use technology to limit the number of costly mistakes that are just waiting to happen. By alerting employees to potential threats and advising them on the action to take, you can mitigate the risk and encourage people to think before they hit ‘send’ – especially during that Wednesday afternoon slump.