The UK’s leading cybersecurity agency has urged organizations to follow best practices and take care of their infosecurity staff in order to weather an extended period of elevated cyber risk due to the ongoing war in Ukraine.
The National Cyber Security Centre (NCSC) guide, Maintaining a sustainable strengthened cyber security posture, comes on the back of warnings that organizations must “prepare for the long haul” as the conflict enters its fifth month.
Alongside basic hygiene controls, the strengthening of cyber-resilience and revisiting of risk-based decisions made in the earlier acute phase of the war, organizations should pay special attention to their security staff, the NCSC said.
“Increased workloads for cybersecurity staff over an extended period can harm their wellbeing and lead to lower productivity, with a potential rise in unsafe behaviors or errors,” it said.
With this in mind, the guide highlighted several steps IT security managers should consider:
- Empower staff to make decisions in order to improve agility and free-up leaders to focus on medium-term priorities
- Spread workloads evenly across a wider pool of staff to reduce the risk of burnout and enable less experienced employees to benefit from development opportunities
- Provide opportunities for staff to recharge through more frequent breaks and time away from the office, as well as work on less pressured tasks
- Look after each other by watching for signs colleagues are struggling and ensuring they always have the right resources to hand
- Engage the entire workforce with the right internal communications processes, and support so that all staff are able to identify and report suspicious behavior
“From the start of the conflict in Ukraine, we have been asking organizations to strengthen their cyber-defenses to help keep the UK secure, and many have done so,” said NCSC director for national resilience and strategy, Paul Maddinson.
“But it’s now clear that we’re in this for the long haul and it’s vital that organizations support their staff through this demanding period of heightened cyber-threat.”