By Nir Polak, CEO, Exabeam
While 2020 impacted nearly every business, the pandemic was not the only obstacle leaders faced last year. As we begin 2021, it’s important to remember the factors that shape company morale can also play a role in determining potential security risks for your business. Changes made to teams, uncertainties around the economy and job security, employee wellness, shifting to remote work, and rising cyberthreats are just a handful of the issues leaders must combat to avoid the negative impacts on company culture.
Whether we look around the room or analyze statistical data, it’s clear that job satisfaction and company culture play a vital role in navigating tough times. A survey of 351 international security professionals showed that despite high-stress levels, cybersecurity professionals are satisfied and feel secure in their jobs. While this is good news, business leaders must constantly consider the different ways that a negative company culture may lead to frequent employee turnover, less loyalty or even disgruntled employees, which may result in increased security risks due to negligence and/or malicious insider threats.
There are many ways organizations can improve company morale and top leadership must be behind it. Great morale will help companies get through any storm, whether unexpected turnover, data breaches, the challenges of not seeing each other in-person, Zoom fatigue that comes with 100% remote work, and the initial and ongoing shock of living through a pandemic.
Constant communication is key.
As the effects of the pandemic and remote work carry over into 2021, managers can be empathetic in their endeavor to understand and address factors contributing to any high stress levels on their teams.
Check in on your employees through regular team meetings and encourage opportunities to unwind. At Exabeam, we’ve implemented a mix of offerings, from virtual meditation and yoga, to online trivia and happy hour sessions. To further lift morale, you can also:
- Build new communities that encourage frequent meetings between employees from different departments.
- Establish or resume mentorship programs that provide employees with a safe space to discuss their professional life goals and any obstacles, personal or professional, that stand in the way of achieving them.
- Ensure all managers and employees are working towards transparent and shared business objectives. This will improve performance, increase trust in leadership, build confidence and increase engagement. And most importantly, drive loyalty, commitment and passion for the work.
Manage Stress and Recognize Employee Needs
The survey of international security professionals also revealed that despite an increase in cyberthreats in the early days of the pandemic, three-quarters of organizations had to furlough members from the SOC team. Combating new and familiar threats with fewer people on staff to help naturally leads to added stress. The 2008 recession saw higher rates of unemployment and increased anxiety for those who kept their jobs. Just over a decade later, those who kept their jobs in cybersecurity are facing a larger threatscape. Compounding the issue, remote work has made it more difficult to mitigate growing threats, hindered communication with IT departments and led to more mistakes due to distractions at home.
The blurred lines between work and home also mean employees both within and outside of the SOC are working longer hours and finding it difficult to completely shut down every day. As our employees juggle the need to work with the distractions that come along with home life — taking care of aging parents or helping children with virtual learning, for instance — burnout should be on every business leader’s radar. While the idea of vacation might mean stepping away from your desk for a few days rather than traveling to new locations or visiting loved ones, encourage your employees to take that time off and truly unplug.
Set boundaries with work schedules and offer flexible hours to those who would benefit from them. In short — listen to your employees’ needs. Fatigue across departments can lead to more mistakes, such as falling for phishing emails, and on the security side, burnout can lead to SOC employees missing key attack indicators. Paying attention to employees’ mental health will help them, their teams and the company’s security posture.
Keep Cybersecurity Training and Education Top of Mind
Reminding employees of basic security hygiene will also go a long way in mitigating risk and reducing the impact of negligent insider threats, such as forgetting to log out of a work computer or utilizing weak passwords. This also serves as an opportunity to remind administrators to change default passwords and apply security patches. Another useful tactic with remote work is continuing to conduct regular anti-phishing training across the organization. Regularly sending phishing emails and identifying users who do not recognize the email as phishing attempts will help reduce the number of employees and contractors who may become compromised insiders. Investing in training can also help employees develop advanced skills, open up new job opportunities, and enable organizations to deal more effectively with new, emerging threats.
Provide Employees with Tools for Success
For organizations operating with a smaller team or fewer SOC staff, automation tools are essential in mitigating security threats. Automation provides security professionals with an opportunity to transition from lower-valued activities to other high profile, strategic projects. User and entity behavior analytics (UEBA), which tracks, collects and analyzes user and machine data to detect threats within an organization, is one such tool. Using various analytical techniques, UEBA determines anomalous from normal behaviors. This is typically done by collecting data over a period of time to understand what normal user behavior looks like, then flagging behavior that does not fit that pattern.
UEBA can often spot unusual online behaviors – credential abuse, unusual access patterns, large data uploads – that are telltale signs of insider threats. More importantly, UEBA can often spot these unusual behaviors among compromised insiders long before criminals have gained access to critical systems.
Unsettling recent SOC research shows that the pandemic has forced 60% of companies to defer investments in security technology, which were previously planned. While it’s tempting to cut corners for the sake of budget, investing in automation tools now will not only assist with minimizing security team exhaustion and increasing productivity. Paradoxically, doing so could help save thousands or even millions of dollars in breach and legal costs down the line as well as the immeasurable cost of the toll on company morale.
Working in technology means your employees are tasked with difficult work that needs constant protection to keep up with the fast-paced nature of the industry. For many of us, we were able to continue that work remotely once lockdowns spread throughout the world, but as we look towards maintaining business continuity and resilience throughout this new year, we must prioritize company culture and understand the important role it plays in ensuring both employee and security wellness.
Committing to the health of our company culture will continue to ensure customer and security wellness, too.
About the Author
As CEO and Co-Founder of next-gen SIEM company, Exabeam, Nir Polak is an experienced entrepreneur and successful leader in the cybersecurity market. Nir can be reached online at www.exabeam.com