Cybersecurity is tough work, so beware of burnout

Making sure that information security staff are taking care of their mental wellbeing is vitally important.
Written by Danny Palmer, Senior Writer

Working in cybersecurity can be challenging, but it's important for information security professionals to maintain a healthy work/life balance – otherwise they risk burnout.

All parts of the technology industry have their own pressures, but the demand on security staff has certainly increased recently. Businesses of all sizes need a cybersecurity team to help keep users secure and the organisation safe from phishingmalwareransomware, and other cyber threats. Defending the network against data breaches and cyber criminals was already tricky, but things have only got tougher in the past 18 months as many cybersecurity teams have needed to adapt to the rise of remote working, which has made keeping users safe from online threats even more difficult

On top of that, many cybersecurity staff are doing this activity while working from home themselves, an environment that can make it difficult to separate working life from home life. It's become common for people to work extra hours now their day isn't being broken up by travelling to and from an office, and research has identified increasing hours and workloads in cybersecurity – already a high intensity environment for people to work in.

SEE: A winning strategy for cybersecurity (ZDNet special report) 

While many security professionals feel as if working those extra hours is necessary to help keep the business secure and safe from cyberattacks, it could be coming at the cost of their own wellbeing.

Cybersecurity workers get a real buzz out of solving problems, John Donovan, chief information security officer at Malwarebytes, told the ZDNet Security Update video series. 

"But I think we've got to balance that – there are definitely some folks on the team who do handle it well, but even they need to remember to take a break and to deal with their stress," he said. 

In order to help this process along, human resources teams or senior managers need to get involved in the activity to encourage people to take breaks and make sure that they're not working overly long hours. 

"If you have a people or human resources team, it's really important to take in the human element, not just for cybersecurity training and awareness, but making sure that people are taking care of their mental health, making sure that people do take time off, and when you take time off, to actually really take time off," said Donovan. 

SEE: Ransomware: This new free tool lets you test if your cybersecurity is strong enough to stop an attack

Small tweaks can help, like for staff working remotely, it could be useful to mark holidays, breaks and lunchtime in the calendar, so there's actually an alert reminding them that they should step away from the screen for a bit. 

Doing this can help staff better divide up their work time and their personal time. Not only is this good for the mental wellbeing of people in cybersecurity, being well rested and in a good place will help if they do need to react to a cybersecurity incident. 

"It's important to make sure that you figure out how to have that work/life balance, because you're not going to be any good if you're stressed out when that big incident happens. You need to be ready and prepared to take it on," said Donovan. 


Editorial standards