Lately, I have been thinking about the mental health effects that stem from working in the cybersecurity industry. And in my research, I came across an Afternoon Cyber Tea podcast that sparked my interest. During their talk, host Ann Johnson and Dr. Ryan Louie, MD, PhD, dissect parallels between those who work in cybersecurity and those who work in healthcare, and uncover how these types of jobs affect mental health.
As I listened to this podcast, I reflected on the importance of communication and transparency within the workplace. So in this blog, I will dive deeper into the discussion that took place in the podcast and describe how communication can improve mental health in the cybersecurity field.
While it may not be intuitive, Dr. Louie reveals just how similar it can be to work in healthcare and cybersecurity. Both roles require their teams to make time-sensitive decisions, often without a complete picture of the situation. These individuals must work well under pressure while focusing on quick responses to urgent events and problem-solving.
Unfortunately, both healthcare workers and cybersecurity teams alike, are prone to burnout, anxiety, and depression because of these high-stress environments. This makes it that much more important to talk about mental health in these fields and identify support methods to improve job satisfaction.
Something that this podcast fails to mention, though, is how these professionals are also tasked with being on-call, requiring them to be available outside of working hours to tend to time-sensitive events, potentially making a larger impact on their health.
As mentioned previously, cybersecurity workers may have increased burnout, anxiety, and depression due to their daily tasks. However, when they are also tasked with being on-call, there are added mental health effects including being less calm, a worsened mood, and lower energy.
The impact of on-call on mental health stems from their unconventional sleep schedule and the need to be constantly available outside of working hours. Because of this, it can be difficult to fully detach from work, even when they aren’t called in. The anticipation of a security event can significantly disrupt sleep and limit the ability to fully rest when at home during an on-call shift.
Considering the impact of on-call on mental health, it is crucial for managers to prioritize team mental health and implement strategies that will reduce the effects. So, I have compiled a list of effective strategies for improving mental health among cybersecurity teams here:
Encourage Open Communication
It is normal to feel overwhelmed sometimes, especially in such a high-stakes environment. Teams should be encouraged to speak out if they are experiencing too heavy of a workload. Managers need to facilitate a culture of openness and transparency to ensure that security teams are comfortable expressing these feelings. Dr. Louie shared his own experience, in the healthcare setting, explaining that his attending physician empowered his team to openly communicate, which removed the added pressure of feeling overworked and contributed to his team working together incredibly well.
Take Breaks and Make Time for Yourself
Cybersecurity workers should set time away for themselves and take breaks during their regular working hours to enable a better mindset and mood. During stressful times, it is easy to react quickly and not take time to calm down, so teams should be given more opportunities for breaks during the day after high-priority, stressful security events occur. Additionally, it is important to allow more flexibility to on-call workers. For instance, if they dealt with an incident after hours, the responder should be able to start their work day a few hours later. This gives them time to reset and catch up on lost sleep, leading to a more productive workday.
Limit Alert Noise
Another contributing factor to decreased mental health in the cybersecurity field is the presence of alert fatigue. Team members often get alert fatigue when alert thresholds are set too low and they are receiving an excess number of unactionable alerts. So, it is important for security teams to implement an alert management solution that enables them to distinguish between high and low priority alerts to make on-call more manageable. With these systems, only high-priority notifications from cybersecurity systems cut through the noise, enabling staff to receive distinctive, loud alerts on their phone app that even override the silent switch when a vulnerability is detected.
Create Equitable On-Call Schedules
Teams must create equitable and fair on-call schedules to improve employee mental health. There should never be one person or team taking on the bulk of incidents. And, without an on-call management solution, this can be hard to track. Most teams employ a solution that enables them to create equitable on-call schedules and allows the creation of escalation policies that further enhance employee satisfaction and incident response.
One of the main ways to improve mental health for cybersecurity teams is through better communication and more transparency. This can be achieved by employing incident management tools, like OnPage, that enable teams to:
Deliver High-Priority Alerts
OnPage delivers high-priority alerts to security staff members to ensure that they are immediately mobilized to critical cyber incidents. Additionally, teams can integrate the solution with their existing cybersecurity monitoring tools to ensure that the moment a vulnerability or threat is detected, teams are aware of the situation, improving communication speed.
Securely Collaborate
Teams have access to secure two-way messaging that is SSL-encrypted, which can improve collaboration during time-sensitive events. This enables teams to swiftly contact their team members about potential questions they have or deliver relevant information that allows them to make more informed decisions in a timely manner. OnPage’s chat collaboration solution operates independently from the company’s in-house chat application, ensuring resilience in case their main systems are compromised.
Create Equitable On-Call Schedules
When creating on-call rotations, it is important for teams to maintain a schedule that works for them. OnPage is the perfect tool for that, allowing managers to create personalized digital on-call schedules that are visible to the entire on-call team. Promoting transparency and the sense that no, one individual is on-call disproportionately.
Route Alerts to the Right Team
With OnPage, critical alerts are routed to the on-call team based on on-call schedules and escalation policies. Plus, in the event of human error that results in a coverage gap, the entire team is alerted to the incident to ensure that no critical incident goes unresponded to.
Generate Post-Incident Reports
To further improve transparency, teams must conduct blameless post-incident reviews that will facilitate continuous improvement. These reviews enable teams to learn from their past incidents and enhance their incident management plans. Luckily, OnPage generates audit trails and detailed post-incident reports that can be used during post-incident reviews to gain better visibility into the success of incident response.
Ultimately, the unique responsibilities of cybersecurity professionals can result in high-levels of stress, so it is essential for teams to acknowledge and support their team’s struggles. By prioritizing open communication, managing on-call responsibilities effectively, and leveraging advanced technologies, organizations can create environments where mental well-being is upheld. As cybersecurity continues to evolve, teams must be aware of how the changes in the digital landscape begin to impact their staff and update their support strategies to ensure teams thrive both professionally and personally.
Site Reliability Engineer’s Guide to Black Friday It’s gotten to the point where Black Friday…
Cloud engineers have become a vital part of many organizations – orchestrating cloud services to…
Organizations across the globe are seeing rapid growth in the technologies they use every day.…
How Effective Are Your Alerting Rules? Recently, I came across this Reddit post highlighting the…
What Are Large Language Models? Large language models are algorithms designed to understand, generate, and…
Recognition highlights OnPage's commitment to advancing healthcare communication through new integrations and platform upgrades. Waltham,…