WORKFORCE CYBER
INTELLIGENCE AND SECURITY

BLOG

A Human-centric Approach to Operational Awareness and Risk Management.

Employee Stress & Insider Threats: How to Mitigate Risk from a Security & HR Standpoint

April is Stress Awareness Month. It’s been recognized as such since 1992, but given the events of the past few years, it’s critical to spread awareness now more than ever—and not only during the month of April.

Stress impacts people in various ways and it elicits different responses from individuals. Just think—during the Stone Age, cavemen used to exhibit a fight or flight response when face-to-face with a wild animal, which was probably an every day occurrence. Today, stress is caused by a variety of factors. It can come from small instances, like struggling to get young children to bed on time, or larger circumstances, like uncertainty resulting from the impact of the COVID-19 pandemic.

Regardless of what causes stress today, employers need to acknowledge the human element at play here and the impact on their businesses. From both a security and human capital standpoint. Only by creating this awareness and pinpointing the signs and behaviors of stress amongst team members can IT teams and business leaders effectively help to protect their organization and support their team.

Here’s what employers need to know to mitigate this risk so that it does not turn into a threat to their business.

Stress & Cyber Security
When people are stressed, they often don’t act like themselves. This distracts them from going about their work as diligently as normal, introducing security gaps caused by unintentional negligence. Examples include opening phishing emails and clicking links, leaving laptops logged in while away from their screen in a public setting, or sending files externally to the wrong contact by mistake.

This stress-induced behavior turns employees into insider risks with the potential to become insider threats. Malicious intent is a key differentiator here. So, when can stress turn an employee into a malicious insider? Take potential response to recent global turmoil, for instance. If an employee disagrees with their company’s or one of its leader’s stances on a given situation, the individual could retaliate by doxing their boss or sharing their organization’s critical data publicly. Additionally, if employees are stressed because of their workload or other personal reasons—like financial hardships—they could be inclined to strike back out of frustration to spite their employer or grasp at opportunities to improve their financial situation by selling corporate data.

Stress as an HR Concern
On the human resources side, stress can also be a critical threat to businesses. If team members are burnt out because of workload, organizations can lose critical talent to other opportunities, adding further strain to other team members and negatively impacting the business.

Additionally, employers could be causing stress if they’re using invasive employee monitoring techniques that infringe on their privacy. Stress resulting from outside factors and internal pressures are already plentiful, so “big brother” software intended to surveil employees and monitor productivity does not help to reinforce trust and promote autonomy, only compounding the issue.

How Employers Can Mitigate This Risk
Human beings are hard to predict, as everyone reacts to stress differently. However, an individual’s behaviors and the sequence of their behaviors from an IT standpoint tell a story. When pieced together, these behaviors can be indicative of larger risks to the organization, especially when an insider threat is present.
Business leaders need to be aware of the threats that exist within their organization and be attuned to how the shift to remote work and the global events of the last two years have exacerbated stress and these threats, as 75% of insider threat-related criminal prosecutions were the result of remote workers. How can business and IT leaders successfully address this issue when they can’t physically see anything suspicious in a physical office setting? With pseudonymous Workforce Cyber Intelligence & Security solutions from DTEX, organizational leaders are empowered with visibility into the behaviors of individuals who could be knowingly or unknowingly be introducing risk through their actions. From here, these leaders can act to further educate individuals unintentionally introducing risk or stop insider threats that are more malicious much earlier in the insider threat kill chain. Most important of all, they can do their best to reduce stress on teams and to support individuals that are in need of their help.

Interested in learning more about how Workforce Cyber Intelligence & Security from DTEX can help organizational leaders deal with critical issues impacting businesses and team members alike? Contact us here, we look forward to connecting with you!