Pandemic Burnout: Yes, It’s a Thing. And It’s a Security Risk

Although not a medical diagnosis, job burnout is a real physical and emotional condition, causing such symptoms as extreme fatigue, lack of job satisfaction, apathy, anxiety, depression, decreased concentration and lowered productivity. In 2019, the World Health Organization classified burnout as an occupational syndrome. Moreover, the stressful effects of burnout can be a contributor to more serious diseases.

When it was business as usual with daily commutes and on-site work, burnout was more expected. The move to predominantly remote work in 2020 has given employees more flexibility in how they work, removed stressful commutes and provided potentially healthier and safer work environments with the decrease in shared workspaces.

However, with some companies furloughing employees, other employees have had to pick up the slack, which has added to work pressures. Additionally, many workers have had to balance a different kind of stress with overarching pandemic fears, limited events outside of their homes and managing their work with childcare and/or online education for their children simultaneously. The removal of social interaction through virtual work has also taken away one of the natural stress relievers for some employees living on their own: human contact. As social beings, we tend to thrive best with some level of face-to-face exchanges.

As a result, rather than a decrease in burnout in the past months, a survey by LinkedIn has found a 33% increase in burnout in 2020.

Reduced Productivity Not the Only Concern

Although lessened productivity linked to higher levels of burnout is what most company leaders think about first, there may be other equally damaging consequences—namely, increased security risks and insider threats. One study last year connected employee burnout to an upswing in risk, with 44% of IT leaders recognizing that a stressed or overworked workforce is a contributing factor to potential insider threat incidents in large part because errors are more likely to occur.

The likelihood of more errors is simple enough to understand. When concentration wanes or employees are checked out—a common sign of burnout—they may not pay attention to normal safeguards or even care if they are following proper procedures and protocol for system security.

Apathy and depression associated with burnout may also minimize a sense of loyalty to a company or desensitize employees to the dangers of malicious activities, making it easier for employees to be careless or even commit acts of fraud or data breaches. Apathetic attitudes leading to an “it won’t happen to me” mindset are already problematic when it comes to internal risks, which are generally not taken seriously by businesses until they have a major case of fraud or a significant breach of data at the hands of employees.

Spotting Burnout in Remote Workers

Despite the growing prevalence of burnout, employee monitoring software doesn’t spot it. Such a solution may discover a decline in engagement or work output, but burnout itself may not be the cause. With many employees still working from home, managers may be less able to identify it. What, then, can organizations do to better detect burnout and prevent employee threats?

  • Constant Communication: Managers can’t let communication suffer in a remote-work world. Online or phone meetings need to take place, and a hand must be kept on the pulse of employee sentiment and morale.
  • Workload Management: Employees shouldn’t be expected to take on more work than they would in an on-site setting, and managers need to have frank and frequent conversations about an employee’s workload, goals and accomplishments to keep them in check.
  • Inspiration and Motivation: Managers must work harder to create an inspiring remote work culture and motivate employees through encouragement, praise and recognition. Companywide communication platforms are a great way to do this instantly. Online gift cards are an easy and appreciated incentive for a job well-done.
  • Internal and External Security Training: Consistent training and ongoing reminders about security and safety for business system use can still continue uninterrupted with a remote workforce. It should occur more often than when employees are in an office setting. When working from home, employees do not have the same firewalls, may be using their own devices and don’t have manager oversight as they do in an office. Security protocols need to be hammered in.
  • System Security: When budgets become tighter, it is tempting to cut costs by eliminating perceived non-critical tools and spend. Seeing security solutions as non-critical, especially with remote employees, can be detrimental to a company. This is especially true with internal security solutions, such as access controls and segregation of duties (SoD) tools that help prevent acts of fraud and access violations. Richard Chambers, president of the Institute of Internal Auditors (IIA) said it best: “Complacent internal audit functions become attractive targets during corporate cost-cutting initiatives. Internal auditors who aren’t transforming for the future may have no future.”

Burnout is just one contributing factor to increased risks, but it is one that organizations need to have their eyes on with systems in place to help reduce potential harm to employees, their assets and their bottom line.

Avatar photo

Jody Paterson

Jody Paterson is a trusted advisor and security thought leader who is a Certified Information Security Specialist (CISSP), a Certified Information Security Auditor (CISA), a KPMG veteran, and CEO of ERP Maestro — provider of simple, complete, and accurate cybersecurity controls for access risks.

jody-paterson has 3 posts and counting.See all posts by jody-paterson