Overview
In times of increased cyber threats, your organization’s systems, processes, and staff face significant challenges. This guidance provides insights into how to maintain a robust cyber security posture sustainably and efficiently, while also prioritizing the mental health and wellbeing of your employees. Taking care of your workforce is crucial not only for human resources but also plays a vital role in enhancing your organization’s overall security and resilience.
Defining Extended Periods of Heightened Threat
There can be times when cyber threats escalate significantly over an extended duration, often due to geopolitical tensions. Organizations may experience:
- an initial acute phase, requiring enhanced defenses and addressing vulnerabilities, followed by
- a protracted phase where a reinforced cyber posture must be maintained to address the ongoing residual risks from the heightened threat level.
Eventually, the threat level may decrease, but it is unlikely to revert to prior levels. Accordingly, organizations might need to maintain certain enhanced security measuresLong term to adapt to a permanently altered threat landscape. The National Cyber Security Centre (NCSC) will continue to provide guidance for organizations to assess the current threat level.
Impacts on Organizations
Maintaining an elevated security posture over a long duration can be challenging, particularly as increased workloads for cybersecurity personnel can adversely affect their health and reduce productivity, potentially leading to unsafe practices or errors.
The following strategies can assist your organization in sustaining security measures while safeguarding staff wellbeing.
Achieve Fundamental Security Measures
Staying vigilant during heightened cyber threat periods involves ensuring that essential security controls within your organization are active and functioning properly, in line with our guidance on Actions to Take When Cyber Threats Are Heightened. A lack of successful cyber attacks against your organization does not imply a reduction in adversaries’ capabilities or intentions; rather, it may indicate that your cybersecurity defenses are working effectively.
Review Risk-Based Strategies
At the outset of a heightened cyber threat phase, organizations typically implement risk-based strategies to deploy temporary additional defenses. If the threat persists, revisiting those initial risk assessments is crucial to ensure that ongoing defenses are applied effectively and efficiently for the long term.
Enhance Long-Term Cyber Resilience
Prolonged heightened cyber threats may indicate lasting changes in adversaries’ capabilities or intentions. As a result, strengthening your cybersecurity measures may need to be a permanent strategy. Accelerating efforts to fortify networks and boost resilience will help reduce ongoing strain on your employees. The NCSC has provided valuable guidance on this, including:
Empower Staff in Decision-Making
During heightened cyber threat periods, senior leaders often seek more oversight, which can inadvertently pressure frontline teams. It may be more efficient for leaders to delegate everyday decision-making to appropriate levels, allowing them to concentrate on longer-term goals. This approach fosters an agile response, leveraging the knowledge and experience of frontline employees. Staff on the ground can provide valuable insights into reporting about escalating cyber threats in the media or on social platforms, thereby informing your organization’s strategy.
Distribute Workloads Equitably
Workers and teams at the frontline of responses can quickly become overburdened. Organizations build resilience by distributing workloads more evenly among a broader employee base, which also offers developmental experiences for less experienced staff. Consider rotating personnel in and out of frontline roles to enhance overall workforce sustainability. Be prepared to deploy additional staff if threats escalate.
Ensure Staff Take Breaks
Periods of heightened cyber threat can prompt staff to work longer hours and take fewer breaks, leading to detrimental effects on wellbeing and an increased risk of burnout, especially for those involved in continuous monitoring or on-call roles. It is essential that employees take time away from their tasks and engage in less demanding activities. This will allow them to rejuvenate and enhance organizational resilience. Consider:
- ways to empower employees to take breaks and disconnect from work (both during and outside of hours)
- options for allowing staff time off for personal care, including flexible work arrangements.
Support One Another
Employees involved in addressing cyber threats may encounter distressing material, difficult choices, or high-pressure scenarios, which can negatively impact their wellbeing. This is especially pertinent if the heightened threat coincides with notable events in the media, such as geopolitical conflicts. Managers and colleagues should be vigilant for signs of distress among their coworkers and ensure they have access to necessary support resources. The NCSC’s guidance on Putting Staff Welfare at the Heart of Incident Response offers further advice for protecting employee welfare during crises.
Involve the Entire Workforce
While this guidance primarily addresses the most exposed staff, engaging the entire workforce is essential for strengthening your organization’s cyber defenses during heightened threat periods. Swift action may hinder effective communication between teams, resulting in reduced productivity due to siloed efforts and lack of collaboration. Ensure the following:
- that effective internal communication processes are in place to synchronize all involved in response efforts
- that staff are equipped to identify and report suspicious activities (the CPNI has created various security awareness campaigns to assist with this).
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/guidance/maintaining-a-sustainable-strengthened-cyber-security-posture
