Cybersecurity defense: Racquetball, rest, and service
I frequently talk to MSP owners or their technicians and often find them harried and stretched for time. While those descriptors could apply to scores of professions, the stakes of feeling frazzled are high for MSPs.
The world of cybersecurity is a cesspool of existential threats. Ransomware, malware, worms, state-sponsored attack threats, phishing, and increasing IoT vulnerabilities, make the cybersecurity landscape tougher and tougher to navigate.
The security threat from burnout is genuine. Some studies show that 95 percent of breaches are caused by human error, and at least part of that is from cybersecurity professionals overlooking something or missing a threat.
Overlooked cybersecurity weapons MSP owners have plenty of weapons in their arsenal to combat cybersecurity threats, from pen testing to firewalls and robust patching regimens. Perhaps one of the most overlooked weapons your technicians forget to employ is at home: a pillow (i.e. adequate rest).
Recent studies point to technician burnout as posing a genuine risk to #CyberSecurity defense. #Burnout leads to mistakes, which account for 95% of breaches.
In other words, we don’t want the people who are tasked with keeping our ever-complicated cyber world safe to feel like they have the weight of the world on their shoulders. We want them to have well-rounded lives.
A raft of recent studies point to technician burnout as posing a genuine cybersecurity risk. ZDNet analyzed some British studies on the topic and declared that “cybersecurity staff burnout risks leaving organizations vulnerable to cyberattacks.” BitSight is even more strident in its analysis: “Stress and burnout are emerging as perhaps the biggest threat to corporate security.”
Researching technician burnout
Hussain Aldawood is a cybersecurity specialist who has researched the issue of cybersecurity burnout and the inherent security risks.
Aldawood points out that the early days of development and coding were based on “do it slow, do it right.” However, that has gradually morphed to “need more, need it fast.”
“With all the pace and promises of the cyber world in our daily lives, the two most dominant anxieties engulfing our thoughts are of cybersecurity and time pressure,” notes Aldawood.
Time is the most valuable currency an MSP has, and the lack of time can influence biases and form responses to IT security or organization policies in general, warns Aldawood.
“Countermeasures need to be developed in order to avoid or reduce the likelihood of insecure cybersecurity practices under pressure,” advises Aldawood.
However, the concern doesn’t end there. Cybersecurity professionals are also increasingly concerned about human cybersecurity behavior (HCS). Security professionals are too often pressed for time, which causes stress to build, and that can lead to burnout or sloppiness.
#CyberSecurity professionals are too often pressed for time, which causes stress to build, and that can lead to #burnout or sloppiness.
“Human users, in both their professional and personal lives, are acting under various levels of time pressure. These originate due to the responsibility to complete multiple tasks in a limited amount of time, often leaving individuals racing against the clock to meet deadlines,” states Aldawood.
From my talks with teams and technicians, here are five suggestions for reducing burnout on your team:
Listen to your employees
The job of an MSP owner isn’t just to care for your clients, but also to care for your team. You need to be able to read between the lines. If a technician mentions missing their child’s soccer game because they were on call, make a note of that and implement a more flexible work scheduling system.
An employee that feels overworked or overwhelmed should not surprise you. Pick up on cues before they become a problem.
Invest in rest
If your technician is taking a 90-minute lunch break, that might seem excessive and expensive, but how costly is a breach in a major client’s defenses?
Six quality hours from a tech beat eight frazzled ones. Make sure a technician is getting adequate “downtime” each day, so your client’s uptime isn’t impacted.
Artificial intelligence can never replace the experience and wisdom of a seasoned tech, but it can help them do more with less. AI could be one of the great saviors of MSP burnout because of its increasingly potent predictive tools.
Pay to play
So much of this suggestion is dependent on your MSP’s size, budget, workload, team chemistry, and the like, but having one day a month or once a quarter where a technician can take the day off to do something just for themselves can be like a tonic to burnout.
Don’t just give them a paid day-off; some employees will use that for doctor’s appointments or paying bills. Instead, make arrangements for them to go zip-lining or deep-sea fishing. Have a set budget for the activity.
Another variation of this is to set aside one day a month or once a quarter for community service. Send your team to help clean up the yard of an elderly resident in town or prepare meals at a homeless shelter. Sometimes a person just needs to get out of their own way for a day and either of these suggestions would accomplish that.
Isolation can be a significant stressor for cybersecurity professionals. Cybersecurity professionals often work solo, staring at a screen. Invest in sending your technicians to conferences and symposiums where they can learn about the latest trends and connect with others. The knowledge at conferences will make your business better, and the networking will decrease isolation.
Investing in keeping your cybersecurity team rested and refreshed will help ensure that there is no burnout that can lead to a breach.
Photo: Eduard Goricev / Shutterstock