Security think tank: How to manage security team well-being
This article was first published on Computer Weekly
A wave of anxiety and uncertainty has swept the world in light of the Covid-19 coronavirus pandemic. This has caused a number of fundamental changes in the security environment. Most people are working from home, putting pressure on old systems and encouraging organisations to rapidly adopt new ones. Business priorities are changing and people are increasingly socially isolated.
Cyber criminals are successfully taking advantage of this crisis. The UK NCSC and US Department for Homeland Security report that, although there has not been a large increase in cyber crime, the techniques being used are increasingly focused on exploiting Covid-19 – and are proving effective.
With the merger of the home and office security environments, there is even more pressure on chief information security officers (CISOs) and their teams to maintain the protection of their organisations.
Even when organisations were in a relatively stable state, CISOs and security professionals were feeling highly pressured. A recent Nominet study found that 71% of CISOs thought their work-life balance was skewed heavily towards work and 98% reported difficulty being able to switch off from work.
This has a number of business and personal impacts which cost the UK economy £34.9bn a year, according to the Centre for Mental Health, including:
-
Higher levels of absence – in 2019, the Health and Safety Executive (HSE) reported that stress, depression or anxiety were responsible for 54% of working days lost in the UK.
-
Higher staff turnover – in 2020, the Department for Digital, Culture, Media and Sport (DCMS) report on cyber security skills found that the average cyber firm expects 31% attrition per year.
-
Lower quality of work and lower response times.
-
Degrading personal relationships – 32% of CISOs reported repercussions on their romantic relationships.
-
Degrading physical health – 23% reported potentially abusing medication or alcohol due to stress.
With the extra pressure of the Covid-19 response, if well-being was a hot topic before, it is now on fire.
Improving mental well-being
Most people know that there are things they could and should do to establish a healthy routine and adapt to the new situation. But knowing those things doesn’t mean they end up doing them. It is easy to get overwhelmed by the situation and all the advice being provided, do nothing, and end up worse off both mentally and physically. There are, however, some activities that CISOs and leadership can do now which will help manage the pressures of the current crisis:
-
Support your teams: Covid-19 affects your people’s lives in different ways. Some of them care for elderly relatives, are facing childcare challenges or home schooling children, or simply struggle to work from home. Providing your team with greater flexibility and autonomy on working hours will lead to a more productive, happier team. Check in with your staff regularly, especially those you know live alone.
-
Provide useful well-being advice: You don’t need to be an expert, but you can point your team to expert advice. Help them to recognise symptoms of poor mental well-being like low concentration, worrying more, sleeplessness, indecision and low motivation. There are plenty of resources available that help people to identify and address mental health issues, such as mental health charities or the NHS website.
-
Run interactive well-being campaigns: Consider setting your employees well-being challenges that can help them through these difficult times. PA Consulting is doing this across its business and now provides a free version of an experiential toolkit – Coping with Covid-19: 19 well-being challenges – to clients to set up their own well-being programme. This will help keep your teams engaged, improve their resilience and form a well-being support network.
-
Provide certainty in uncertain times: Leadership can reduce stress for their employees by providing honest and transparent communication. Your people need more certainty about what each Covid-19 development or government guideline means for them and the organisation. Where you don’t yet know, just say so, and provide updates as you know more.
-
Make a plan: CISOs can provide their teams with stability and confidence by proactively creating a plan of action to get through the crisis response and recovery phases and into the post-crisis era. Clear tasks and responsibilities will also help keep teams engaged even though they are isolated from each other, maintaining quality and team motivation.
-
Embrace technology: Technology is providing novel ways of connecting and collaborating with others, which is critical to well-being. Keep curious – are there new ways of working that help teams feel more connected? Consider how new tools can be used to keep your people engaged and motivated, and provide pragmatic advice on how to use them securely. This can also help improve the perception of the CISO team as proactive, helpful and a key part of keeping the organisation working.
Look to the future
These are difficult times for everybody, but they are encouraging us to think differently, to be more innovative and people centric. The skills the CISO and their teams develop during this crisis can lead to better ways of working, which can be taken into the post Covid-19 world.
If leaders engage positively with their people, focus on their mental well-being, help teach them skills to improve their resilience and encourage new ways of working, it is likely that organisations will not only survive this crisis, but will thrive in the “new normal” of the future.
Chris Goslin is a cyber security expert, Daniel Edwards is a people and performance expert and Caroline von Koenig is a well-being expert, at PA Consulting