Impact of cybercrime on employee health and happiness
CYBERCRIME is not only bad for business and the economy; employees also pay a considerable price. Researchers have identified a correlation between the spectre of cybercrime and employee health and well-being.
Stress, fear and uncertainty are leading to poor health outcomes such as burnout, hypertension, strokes and post-traumatic stress disorder – real concerns that deserve attention.
This situation includes, but is not limited to the security teams in charge of day-to-day cyber safety in a business. Cybersecurity responsibilities, disappointment when failing to prevent an attack, and the general uncertainty around cyber risks affect all employees across organisations.
Main stressors
While humans are the best line of defence in cybersecurity because they can spot strange and unusual activities, they also experience the stress of this responsibility. There are four main ways that cyber risks affect employee health: vigilance, siege, failure and morale.
Vigilance is to watch out for cybercrime attempts. While this is an excellent way to prevent successful attacks, it requires focus and diligence. Measured vigilance is good; but constant vigilance can take a toll – especially if the company culture is harsh about security mistakes.
Siege is when criminals target an employee, usually through provocative means such as phishing attacks (fake emails that trick users into taking the wrong action). These cyberattacks are designed to evoke a “type one” response – a neurological term for a highly reactionary and automatic response. A common tactic is to promise great gains or predict big disasters; provoking the person to click a link that clandestinely installs malicious software.
Failure happens when a siege is successful, with someone unknowingly coerced into aiding the attack. That person is likely to feel guilt because of their failure. A punitive corporate culture can worsen this; blaming one person for a more elaborate situation. Some studies indicate that up to a quarter of corporate phishing victims were fired or changed jobs. Morale problems can cause a lot of harm. People invest their time and minds into their jobs; and disruptions can severely affect their ability to perform. If a cyberattack occurs, it will stop operations and projects, spiking stress among those teams. Poor communication about the attack leads to more stress, uncertainty and doubt about their jobs or the organisation’s future. Those who face customers or clients must often answer delicate questions to try and mitigate reputational damage.
Reactionary, punitive and secretive corporate cultures often amplify these issues.
Imagine you are travelling by bus to an important destination, but the road is twisting and full of blind curves. The bus rattles and makes strange noises. You can become quite worried about the situation – especially when you know that your actions can either help prevent or cause a breakdown or accident. Even if the bus doesn’t break down, you can never quite relax because that would be too risky.
I think companies often spend too much effort talking about the bus and its importance; and forget to talk to the passengers and see how they are doing or if they know what they need to talk to others about regarding the bus, road and journey.
Co-operative culture
Employee well-being has become a crucial topic; opening the doors for conversations and interventions that reduce cybercrime’s impact on people’s health. The most crucial step is to move away from a culture of blame to one that encourages co-operation.
You won’t get far if your people are afraid to even click on anything – a phenomenon known as click paralysis. While it may be tempting to immediately point fingers and assign blame, an attack is rarely that simple. Mistakes happen, and proper security systems will catch those mistakes. Regular security training and testing will help set a standard, while a supportive attitude towards cybercrime victims can avoid employee churn and unnecessary damage to morale.
Open communication
The second crucial step is to establish good communication. If there is a threat of attack, inform the appropriate employees and be open to answering questions. These messages shouldn’t come exclusively from your security teams, as they are rarely equipped to relate the issue suitably. Involve employee-focused parts of the business, such as human resources and line managers. Equip leaders in the organisation to explain security challenges and risks to the employees they are responsible for.
Resources and support
Thirdly, make sure your security teams are well-resourced and supported. The average corporate team can receive up to a thousand security alerts daily, excluding other work such as patching, security tests and studying threat trends. Invest in services and partners that increase visibility and information coherence, automate security processes, and create proactive visibility and response. These steps take significant pressure from those teams, and equip them to work with the rest of the organisation to create a more inclusive cybersecurity culture.
The fear, uncertainty and doubt that cybercrime stokes can erode confidence and positivity. Fortunately, a little focus on transparency, communication and support can go a long way in promoting employee health and well-being.