The ‘polyworking’ trend which sees employees working multiple jobs or side gigs at once is creating huge cybersecurity risks, according to new research.
It's a work pattern that's been adopted particularly by Gen Z - those born between 1997 and 2012 - with 48% having some sort of side job, the highest rate among all generations.
However research from Kaspersky warns juggling multiple job roles means navigating an ever-expanding digital environment. Each additional role brings with it a growing number of inboxes, project management tools, communication platforms, and external contacts.
Cyber attackers can take advantage of this complexity, launching phishing emails through compromised business accounts, embedding malware in fake calendar invites, or sending malicious links via chat apps disguised as legitimate messages from co-workers.
“When your calendar is packed with tasks from three different jobs and you have notifications coming in from five separate apps, and you're also switching between client chats, invoices, and creative work on the same device,” said Evgeny Kuskov, security expert at Kaspersky.
“It's only a matter of time before something slips.”
Over the last year, Kaspersky said it has detected more than six million attacks disguised as platforms or content related to 20 popular work tools. The top targets were Zoom, with 3.8 million attacks, Microsoft Excel, with 835,000, and Outlook with 731,000, followed by OneDrive with 352,080 and Microsoft Teams with 151,800.
In one scam, users were tricked into downloading a supposed Zoom update from a phishing page, which in reality was malware in disguise.
Meanwhile, job platforms such as Fiverr, Upwork, LinkedIn, and Behance are increasingly being used for phishing schemes disguised as legitimate job offers.
Over the course of the year, Kaspersky said it observed more than 650,000 attempts to visit phishing pages disguised as LinkedIn alone.
Polyworking requires security awareness
Sometimes, Gen Z workers are their own worst enemy, with Kaspersky suggesting that they may frequently reuse passwords or rely on simple, easy-to-remember combinations.
Meanwhile, many polyworkers operate across multiple gigs using the same personal laptop or smartphone, without segmentation between their work and personal environments.
This makes it easy for sensitive client files or corporate credentials to be saved on unsecured devices or public cloud storage solutions like Google Drive or Dropbox.
In some cases, polyworkers also install unauthorized software or browser extensions to streamline their multitasking — 'shadow IT' that may have vulnerabilities or operate with unclear data sharing policies.
"Gen Z’s work-life-tech overlap creates a unique kind of cognitive overload. This constant multitasking increases the risk of mistakes: sending a wrong file to a wrong client, overlooking a phishing email, misconfiguring access permissions," said Kuskov.
"It’s not about carelessness — it’s about the sheer volume of digital demands pulling attention in all directions. And in cybersecurity, even one small lapse can have big consequences."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
