The art of balance has never been more important than in the past two years. The record that employment pressures and Burnout can have on the workforce are at an all-time high and front and center in everyday conversations.
As safety managers, we cannot ignore the list of ramifications that arise from employee burnout, such as apathy, disengagement, or other more serious mental health issues.
Practical Steps to Security
While tackling an issue as big as employee burnout can seem daunting, there are practical steps security teams can take to streamline and alleviate user security stress.
- Cultivate transparency safety culture: Cultivate a proactive and interactive safety culture to create a safe place for employees to ask questions and have transparent and open communications with safety. Promote and ensure that data use policies are clear and concise. Be transparent about what you monitor and collect, and what you do with that data.
- Investigate with empathy and assume a positive intention: More than three quarters insider data breaches this year have been deemed non-malicious. When you see possible data exposure or leaks from an insider, first assume the users had positive intentions and approach the situation with empathy. This means asking questions to get context on the situation and a clear solution to reverse the action before it causes damage to the organization.
- Minimize shadow IT, prioritize user productivity: Provide users with the right tools they need to do their job – and make it easy for users to contact the right people if they want to use an alternative – so they don’t have to or be tempted to circumvent Security . For common business practices such as external file sharing, share the “best practices” method and make this information readily available to users. The more security can prioritize users’ work preferences, the less users will be burnt out in the first place.
Standardize security best practices
I would be remiss to discuss burnout without acknowledging it among security teams. For chronically understaffed security teams operating in an ever-changing environment where threats, zero-day vulnerabilities, and data loss incidents are daily occurrences, there is unfortunately no silver bullet for reduce stress on security and technology teams. However, the one critical piece of advice security teams should follow is to:
- Automate, automate, automate: Turn fire drills into standard operating procedures and automate work where possible. Security should create workflows to handle the most common security alerts that require the most standard response, freeing up time to focus on the most pressing security issues – not just running unnecessary cycles and fiery exhaustion among security teams.
As we look to the second half of the year, I encourage security leaders to consider factors such as employee burnout and retention rates, alongside the general move towards cultures of more empathetic work.
The notoriously stoic culture of cybersecurity is changing. I expect to see more organizations adapt to this change, changing traditional titles such as “Security Manager” to “Security Culture Manager” to align with the need to recognize that the culture that a team security brings to the entire business is also as important as the protections it brings to the business.
Security managers – and their teams – play a strategic and impactful role in helping to create a safe space for employees at work. When they work across the organization, they can have more impact on the company’s safety culture and innovation so that mental health and wellbeing is a priority for everyone.