As much as 85% of IT Security staff engage in leisure activities during working hours. Typically, these hobbies account for six hours a week, which is an hour more than staff across the company overall. A reason for these breaks may be to find a distraction from high workloads, which was also cited as the most common reason to leave a cybersecurity job. These are findings extracted from a new Kaspersky report titled ‘ Managing your IT security team’.
Cybersecurity can involve routine and repetitive tasks, which affects both productivity and motivation to work. A shift to remote work has further blurred the lines between working and personal time. This combination of factors can lead to situations where employees are often distracted from work.
Kaspersky’s report surveyed more than 5,200 IT and cybersecurity practitioners globally. According to the research, among the most common activities IT security staff participated in at work included reading the news (42%), watching videos on YouTube (37%), and watching films or TV series (34%). A third of the respondents managed to do physical exercise (31%) and read professional literature (33%).
Additionally, almost half (46%) of IT security employees believe that their colleagues left a job because of these high workloads, while 41% of employees across all departments shared this opinion. This may seem contradictory, with so much working time being spent on leisure activities, but 48% actually explained their distractions from work were due to a need for a break between tasks, rather than because of boredom or a lack of work. In addition, when working from home, some duties and meetings may now be scheduled outside the standard 9-5 workday. During longer workdays it is even more important that workers take breaks, so they are able to remain productive over this extended period.
“I don’t think that it’s an issue that employees are distracted from work. There should be control over task performance, not how many working hours are spent on a hobby. Also, it may be normal for people to watch videos, as it may give insights into how to solve a problem. All in all, if work is not interesting for someone and there is a lack of task management, an employee will find a way to do something different, even from the office,” – comments Andrey Evdokimov, Head of Information Security at Kaspersky.
“Employees should have goals, KPIs, objectives and metrics that characterize the quality and speed of their work. If performance is not affected, there are no problems with the fact that a person is distracted from work. If efficiency has fallen or differs from colleagues, it should be paid attention to. The aim of the manager is to inform employees about poor productivity as early as possible so they can find ways to solve the issue,” agrees Sergey Soldatov, Head of Security Operations Center at Kaspersky.
Kaspersky experts responsible for IT security and SOC share the following recommendations on how to manage IT security teams:
• Ensure that your company is fully equipped with IT security staff. Optimal numbers can be estimated as one cybersecurity employee for every 10 IT professionals;
• For round the clock SOC operation, there should be at least five employees responsible for monitoring. Organize shift work to avoid overworking;
• Outsource typical IT security tasks. It grants in-house employees more time to focus on company-specific requirements and the protection of legacy IT infrastructure;
• Ensure that you give employees different, non-standard tasks so they are not stuck in a rut and can develop their skills.