Findings from the latest findings Kaspersky report titled “Managing your IT security team” reveals that as much as 85% of IT security staff engage in leisure activities during working hours. Typically, these hobbies account for six hours a week, which is an hour more than staff across the company overall.
Kaspersky believes a reason for these breaks may be to find a distraction from high workloads, which was also cited as the most common reason to leave a cybersecurity job.
Cybersecurity can involve routine and repetitive tasks, which affects both productivity and motivation to work. A shift to remote work has further blurred the lines between working and personal time. This combination of factors can lead to situations where employees are often distracted from work.
Break not distraction
Kaspersky’s report surveyed more than 5,200 IT and cybersecurity practitioners globally. According to the research, among the most common activities, IT security staff participated in at work included reading the news (42%), watching videos on YouTube (37%), and watching films or TV series (34%). A third of the respondents managed to do physical exercise (31%) and read professional literature (33%).
“I don’t think that it’s an issue that employees are distracted from work. There should be control over task performance, not how many working hours are spent on a hobby. Also, it may be normal for people to watch videos, as it may give insights into how to solve a problem. All in all, if work is not interesting for someone and there is a lack of task management, an employee will find a way to do something different, even from the office,” said Andrey Evdokimov, head of Information Security at Kaspersky.
Almost half (46%) of IT security employees believe that their colleagues left a job because of these high workloads, while 41% of employees across all departments shared this opinion. This may seem contradictory, with so much working time being spent on leisure activities, but 48% actually explained their distractions from work were due to a need for a break between tasks, rather than because of boredom or a lack of work.
When working from home, some duties and meetings may now be scheduled outside the standard 9-5 workday. During longer workdays, it is even more important that workers take breaks, so they are able to remain productive over this extended period.
“Employees should have goals, KPIs, objectives, and metrics that characterize the quality and speed of their work. If performance is not affected, there are no problems with the fact that a person is distracted from work. If efficiency has fallen or differs from colleagues, it should be paid attention to. The aim of the manager is to inform employees about poor productivity as early as possible so they can find ways to solve the issue,” said Sergey Soldatov, head of Security Operations Center at Kaspersky.
Kaspersky experts responsible for IT security and Security Operations Center (SOC) share the following recommendations on how to manage IT security teams:
- Ensure that your company is fully equipped with IT security staff. Optimal numbers can be estimated as one cybersecurity employee for every 10 IT professionals;
- For round-the-clock SOC operation, there should be at least five employees responsible for monitoring. Organize shift work to avoid overworking;
- Outsource typical IT security tasks. It grants in-house employees more time to focus on company-specific requirements and the protection of legacy IT infrastructure;
- Ensure that you give employees different, non-standard tasks so they are not stuck in a rut and can develop their skills.