‘Polyworking’ is a cybersecurity nightmare waiting to happen

Polyworking couple sitting on bed using multiple laptops and desktop computer devices at once.

(Image credit: Getty Images)

The ‘polyworking’ trend which sees employees working multiple jobs or side gigs at once is creating huge cybersecurity risks, according to new research.

It's a work pattern that's been adopted particularly by Gen Z - those born between 1997 and 2012 - with 48% having some sort of side job, the highest rate among all generations.

However research from Kaspersky warns juggling multiple job roles means navigating an ever-expanding digital environment. Each additional role brings with it a growing number of inboxes, project management tools, communication platforms, and external contacts.

Cyber attackers can take advantage of this complexity, launching phishing emails through compromised business accounts, embedding malware in fake calendar invites, or sending malicious links via chat apps disguised as legitimate messages from co-workers.

“When your calendar is packed with tasks from three different jobs and you have notifications coming in from five separate apps, and you're also switching between client chats, invoices, and creative work on the same device,” said Evgeny Kuskov, security expert at Kaspersky.

“It's only a matter of time before something slips.”

Over the last year, Kaspersky said it has detected more than six million attacks disguised as platforms or content related to 20 popular work tools. The top targets were Zoom, with 3.8 million attacks, Microsoft Excel, with 835,000, and Outlook with 731,000, followed by OneDrive with 352,080 and Microsoft Teams with 151,800.

In one scam, users were tricked into downloading a supposed Zoom update from a phishing page, which in reality was malware in disguise.

Meanwhile, job platforms such as Fiverr, Upwork, LinkedIn, and Behance are increasingly being used for phishing schemes disguised as legitimate job offers.

Over the course of the year, Kaspersky said it observed more than 650,000 attempts to visit phishing pages disguised as LinkedIn alone.

Polyworking requires security awareness

Sometimes, Gen Z workers are their own worst enemy, with Kaspersky suggesting that they may frequently reuse passwords or rely on simple, easy-to-remember combinations.

Meanwhile, many polyworkers operate across multiple gigs using the same personal laptop or smartphone, without segmentation between their work and personal environments.

This makes it easy for sensitive client files or corporate credentials to be saved on unsecured devices or public cloud storage solutions like Google Drive or Dropbox.

In some cases, polyworkers also install unauthorized software or browser extensions to streamline their multitasking — 'shadow IT' that may have vulnerabilities or operate with unclear data sharing policies.

"Gen Z’s work-life-tech overlap creates a unique kind of cognitive overload. This constant multitasking increases the risk of mistakes: sending a wrong file to a wrong client, overlooking a phishing email, misconfiguring access permissions," said Kuskov.

"It’s not about carelessness — it’s about the sheer volume of digital demands pulling attention in all directions. And in cybersecurity, even one small lapse can have big consequences."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.