Information Overload Leads to Security Oversights
Are you guilty of working ahead on Sunday in order to get your coming week under control? According to a recent editor's pick on LinkedIn originating from the Wall Street Journal, you're not alone. Apparently, more people are taking to their phones and computers to catch up on work from the prior week and jump-start work for the coming week to make Monday morning less painful. Dubbed the "Sunday Scaries," this working-ahead tactic impacts many people in negative ways.
A LinkedIn study found that 80% of working adults experienced a surge in stress related to their jobs on Sunday nights. Additionally, a Microsoft study found that every hour bosses spent online meant 20 extra minutes of work for their direct reports outside of normal business hours. What does this excess work mean within the context of information security? A lot.
Skills Shortage or Distraction?
Everyone is under pressure. There's always a time crunch — do this now, fix that immediately. It's our mode of operation in America and it's unhealthy, to say the least. Distraction, which often correlates with a lack of priorities and/or discipline, is at the root of many security challenges, and it's why the Wall Street Journal findings are so telling. This way of doing business is seeping into our personal lives, making a lot of us miserable.
Many people say that we have an information security skills shortage. As it relates to actual skill sets, I disagree. I've yet to meet anyone working in IT that didn't "get" security, especially on the technical side of things. The problem with security and why we keep experiencing breaches has nothing to do with a lack of security skills. Instead, I believe it's distraction. This constant distraction keeps IT professionals from:
- Finding the security flaws that matter
- Developing relationships vital to a strong security program
- Doing what's needed to address existing vulnerabilities
- Focusing on what's both urgent and important to the exclusion of everything else
Finding a Solution
I truly think that a work-life balance can be achieved and information security can be maximized if the proper groundwork has been laid to set everyone up for success. It all starts at the top in terms of how executive management leads the organization. Are your employees completing tasks because everything's urgent, and they're scared of you? (That's a recipe for disaster, according to Inc.) Or, is the business culture such that employees continually find ways to work smarter and are given the resources to do so? It's rare for me to come across anyone working in security who takes a course or attends a conference in order to improve their security skills. Even rarer is when the same professionals take courses or attend conferences to learn soft skills like goal setting, time management, communication, interpersonal skills, etc.
If your business is going to stay out of the data breach headlines and thrive over the long haul, something must change. If security is your primary responsibility, think about how distractions, being overworked and the "Sunday Scaries" are impacting the resilience of the business. Communicate these to executive management. Likewise, business leaders must realize that they can't just keep tightening the screws and expecting the same results. Work people long and hard enough, and they'll eventually break. Weary IT and security professionals can easily overlook something critical that could end up being a security incident or even the next big breach.
It's important that both sides of this discussion realize these challenges along with what's at stake, and then do something about it. Whether it's better education, streamlined business workflows, improved technology or hiring more people to fill in the gaps, change before you must.