By Drew Fox Jordan • November 10, 2020

    Why Employees Fall For Phishing Attacks

    Phishing attacks are quickly becoming one of the most common cyber attacks in the nonprofit sector. Every minute, three new phishing sites are created to maliciously target employees with access to sensitive data. And, with the number of phishing attempts on the rise, the number of successful attacks is also climbing. But what is the cause of this increase?

    Today’s working environments are making it impossible for employees to make the right decision 100% of the time when faced with a potential cyber threat on email. Overwhelming workloads, work-from-home distractions, fatigue, and stress affect a person’s cognitive capacity, potentially impairing their ability to identify signs of a potential cyber threat – such as a phishing scam or sending an email to the wrong address.

    Why Employees Fall For Phishing Attacks

    The problem is all it takes is one mistake - one email accidentally going to the wrong person or one click on a phishing scam - to compromise sensitive donor data and damage your organization’s reputation. So what are some of the factors that affect a fundraiser’s ability to make the right cybersecurity decisions at work?

    A “quick-to-click” culture can promote data vulnerability within an organization. Constantly monitoring email both from a work computer and from a mobile device allows fundraisers to be connected all the time, but elevating the chances of responding to an email during non-work hours when they may be more tired or distracted. According to cyber-psychologist Dr. Helen Jones, someone under pressure is “more likely to rely on impulsive, low-effort behavioral responses, and dedicate less attention to the situation in front of them.” What’s more, increased pressure for fundraisers to be constantly connected on-the-go means there is a higher likelihood of distraction and, therefore, mistakes.

    When we are tired or distracted, we become more error-prone. In fact, 76% of people surveyed say that they make more mistakes when they are feeling sleepy. Studies show that the majority of employees feel the most tired at work on Wednesday afternoons. When employees are tired, they are less likely to question the legitimacy of messages and miss the cues that signal a threat. They are also much more impulsive when they are tired, making it harder to resist the urge to respond to a tempting or persuasive request in a phishing email.

    On top of a never-ending to-do list, fundraisers are faced with many distractions, including pings from coworkers, email notifications, meetings, and notifications on their phones. When juggling multiple tasks at once, employees will likely rely more on habitual behaviors rather than engaging in analytical thinking.

    Mistakes due to human error are inevitable, but the negative consequences are not. By focusing on what is known as human layer security, Gravyty Guard protects against the vulnerabilities that will define the next decade in the nonprofit sector by alerting employees of potential data breaches before they happen.

    Gain insight into your organization's human-layer security posture by taking our FREE 15-minute data security health assessment. You’ll receive insight into potential threats to your donor data’s security and steps you can take to prevent a data breach that places your donor’s data, and trust, at risk.



    Posts by Topic

    see all