The ‘polyworking’ trend which sees employees working multiple jobs or side gigs at once is creating huge cybersecurity risks, according to new research.
It's a work pattern that's been adopted particularly by Gen Z - those born between 1997 and 2012 - with 48% having some sort of side job, the highest rate among all generations.
However research from Kaspersky warns juggling multiple job roles means navigating an ever-expanding digital environment. Each additional role brings with it a growing number of inboxes, project management tools, communication platforms, and external contacts.
Cyber attackers can take advantage of this complexity, launching phishing emails through compromised business accounts, embedding malware in fake calendar invites, or sending malicious links via chat apps disguised as legitimate messages from co-workers.
“When your calendar is packed with tasks from three different jobs and you have notifications coming in from five separate apps, and you're also switching between client chats, invoices, and creative work on the same device,” said Evgeny Kuskov, security expert at Kaspersky.
“It's only a matter of time before something slips.”
Over the last year, Kaspersky said it has detected more than six million attacks disguised as platforms or content related to 20 popular work tools. The top targets were Zoom, with 3.8 million attacks, Microsoft Excel, with 835,000, and Outlook with 731,000, followed by OneDrive with 352,080 and Microsoft Teams with 151,800.
In one scam, users were tricked into downloading a supposed Zoom update from a phishing page, which in reality was malware in disguise.
Meanwhile, job platforms such as Fiverr, Upwork, LinkedIn, and Behance are increasingly being used for phishing schemes disguised as legitimate job offers.
Over the course of the year, Kaspersky said it observed more than 650,000 attempts to visit phishing pages disguised as LinkedIn alone.
Polyworking requires security awareness
Sometimes, Gen Z workers are their own worst enemy, with Kaspersky suggesting that they may frequently reuse passwords or rely on simple, easy-to-remember combinations.
Meanwhile, many polyworkers operate across multiple gigs using the same personal laptop or smartphone, without segmentation between their work and personal environments.
This makes it easy for sensitive client files or corporate credentials to be saved on unsecured devices or public cloud storage solutions like Google Drive or Dropbox.
In some cases, polyworkers also install unauthorized software or browser extensions to streamline their multitasking — 'shadow IT' that may have vulnerabilities or operate with unclear data sharing policies.
"Gen Z’s work-life-tech overlap creates a unique kind of cognitive overload. This constant multitasking increases the risk of mistakes: sending a wrong file to a wrong client, overlooking a phishing email, misconfiguring access permissions," said Kuskov.
"It’s not about carelessness — it’s about the sheer volume of digital demands pulling attention in all directions. And in cybersecurity, even one small lapse can have big consequences."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Kids hacking for kicks are causing security headaches at schoolsNews More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
-
Mobile app security is a huge blind spot for developer teams – 93% are confident their applications are secure, but 62% reported breaches last yearNews Organizations are overconfident about their mobile app security practices, according to new research, and it’s putting enterprises and consumers alike at risk.
-
LNER warns customers to remain vigilant after personal data exposed in cyber attackNews LNER has warned customers to remain vigilant for social engineering attacks after a cyber attack on the rail operator exposed personal data.
-
Jaguar Land Rover u-turns on cyber attack containment claims, admits ‘some data has been affected’News Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which severely disrupted production.
-
Everything we know about the Plex data breach so farNews Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countriesNews The Salt Typhoon hacker group has waged several major campaigns against US telecoms companies and critical infrastructure operators – now it's ramping up attacks globally.
-
Salesloft Drift hackers had access to company GitHub account for months before attacksNews Hackers behind the Salesloft Drift breach had access to the company’s GitHub account for several months before waging a flurry of attacks, the company has revealed.
