Mental Health in Cybersecurity: How to Find Help

It’s time to get real about cybersecurity and mental health.

If you’ve ever been hacked on a personal device, you know how anxiety-provoking it can be. The hackers have access to your data. They are probably trying to phish people on your contact list. And you are kicking yourself for whatever you may have done to let them in. Stress, anxiety, depression and burnout are likely outcomes of this scenario.

Now imagine it’s your job to keep a department, company, customer base, agency or even an entire nation secure and a malicious actor finds their way in. How do you handle knowing your uncrossed “t” released thousands of social security numbers to hackers? Or that our nation’s secrets have been accessed by our enemies on your watch?

These are the kinds of fates every cybersecurity professional faces on a daily basis. And, like with many things, the fear of it happening is as bad (or worse) as dealing with the fallout of an actual occurrence. With that sword hanging over their every action, it’s no wonder that 84% of cybersecurity professionals are experiencing burnout or that 54% report that ransomware threats have a negative impact on their mental health.

With workforce shortages, continually changing mandates and unrelenting pressure to ensure security, it’s no wonder mental health is becoming a major issue—and vulnerability—in the field. Here are some suggestions for combating that and securing the mental health of your team.

Create a workplace culture that supports mental health.

There will always be deadlines, compliance issues and other pressures. That won’t change much. But what you can change is how the organization deals with mental health issues.

First and foremost is to break the stigma. Talk about mental health. Watch out for signs of change. Educate your team. And don’t be afraid to pull an employee aside and ask how they are doing. Communication and normalization of mental health issues in the workplace can break down barriers and make people more likely to share. That, alone, can make a huge difference for someone with depression or burnout.

Use the professional services available to employees.

If your insurance options don’t include mental health services, they should. Employees should have the option to get help from:

• A primary healthcare provider
• A specialized doctor
• Therapy/counseling
• Group support
• Hotlines

Not only should they have access to those services, but they should also know that using them is OK. While 50% of the population (more in the cybersecurity field) will experience a mental health issue in their lifetime, only 16.5% of those with depression will seek help. A major reason for this is the stigma around it.

It is key to take the issue out from under a rock and shine light upon it. Depressed, burned out, anxious people make mistakes. Their head isn’t entirely in the game. And when the game is national security, the stakes are too high to keep shoving the issue under the rug. You have to erase what is in your head about these issues and replace it with compassion, understanding and support. The bottom line is that doing so is key to keeping your mission secure.

Leverage techniques that ground you in the moment.

If you have ever obsessed over anything, thought too hard about something or turned something over in your head repeatedly, then you know how these kinds of thoughts take you out of the moment. You may even feel like you’re in a different world.

Mental challenges work the same way. So you can help yourself by just reconnecting with the here and now using one of these techniques:

• The H.A.L.T Technique. Instead of indulging your issue, address it. Most negative behaviors happen when you are hungry, angry, lonely or tired (HALT). The HALT technique reminds you to stop, check in and see if you are feeling any of those things, and respond appropriately. This brings you back to the moment by making you assess your current state. And if you are hungry, eat. Lonely? Reach out. Angry? Process that. Tired? Take a nap.
• 54321 Grounding Technique. When thoughts start spiraling out of control, especially with anxiety, it’s important to get away from the whirlwind of thoughts and into a more a peaceful mindset. The 54321 Technique asks you to stop, look for 5 things you can see, 4 things you can touch, 3 things you can hear, 2 things you can smell and 1 thing you can taste. This awareness of the moment can remove you from your previous thoughts, clear the slate and allow your thoughts to calm.
• 4-7-8 Breathing. This technique can calm you when you’re anxious. When you feel the feelings building up, stop, breathe in to the count of four, hold your breath for seven counts and slowly exhale for eight counts. Repeat three to seven times.

The great thing about all of these techniques is that they are easy to do in the midst of a workday and nobody ever has to know you’re doing them. They are stigma-free!

Utilize automation tools that ease the stress.

SteelCloud has found that using our compliance automation software— ConfigOS and ConfigOS MPO—reduces much of the metal weight cybersecurity professionals carry around, including:

• Easing stress. Automating cybersecurity compliance takes a heavy load off the shoulders of IAs.
• Reducing burnout. With much of the stress and mind-sucking tedium of manual STIGging removed, burnout won’t be as much of an issue.
• Enabling completion. The fact that tasks will never be done and backlogs won’t be addressed weighs heavily on the minds of professionals. Automation simplifies compliance, allowing your people more control over their workloads and outcomes.
• Eliminating error. If your people are overly stressed, the chances they will make mistakes rise. Automation never makes mistakes, and it eases the pressure on professionals to be perfect.
• Simplifying processes. Need to do more with less? Automation is your friend. Better yet, it can cut weeks out of the STIG or CIS automation process, bringing new apps and updates online faster and making your people heroes.
• Addressing workforce shortages. Everyone is understaffed because the entire cybersecurity profession as a whole is grossly understaffed. Automation can extend the capabilities of your existing team and lessen the stress of an overly ambitious workload.

No single approach will fully address mental health issues. Combining all the techniques mentioned here can go a long way in improving the situation, however. As you can see, the responsibility for mental health is distributed across many parties—the individual, healthcare professionals and employers. It takes a team effort, combined with communication, de-stigmatization and awareness, to truly secure the minds of security professionals and, by doing so, fully secure your systems.

To learn more about the mental health benefits of automation, schedule a chat today.