MSP Mental Health: The Toll of Cybersecurity and Tools to Cope

MSP Mental Health: The Toll of Cybersecurity and Tools to Cope

Week three of Cybersecurity Awareness Month is 'Explore. Experience. Share.' The theme encourages people to promote and explore careers in the dynamic field of cybersecurity. In addition, the week of October 18^th is Cybersecurity Career Awareness Week, and October 10^th is World Mental Health Day.

In recognition of these holidays coming together, we're focusing on the mental health of MSPs. While the role of an IT professional may not seem as stressful as that of a doctor, police person, or firefighter, just like any other career, it comes with challenges. With the importance of mental health becoming a more mainstream focus, our 9 to 5's impact is becoming more evident.

In this article…

• Gain an understanding of what mental health is.
• Dive into how the unique demands of the job affect cybersecurity professionals.
• Get tools and resources for managing your mental health and helping others do the same.

What is Mental Health Anyway?

The term 'mental health' has rightfully become a buzzword in many spaces today, but what does it actually mean? It's essential first to define mental health and differentiate it from mental illness to dispel any negative connotations or inaccurate definitions. Misconceptions around these terms can prevent honest, open, and accurate discussions.

According to the Centers for Disease Control and Prevention (CDC), "Mental health includes our emotional, psychological, and social well-being. It affects how we think, feel and act. It also helps to determine how we handle stress, relate to others, and make healthy choices. Mental health is vital at every stage of life, from childhood and adolescence through adulthood.

Although the terms are often used interchangeably, poor mental health and mental illness are not the same. A person can experience poor mental health and not be diagnosed with a mental illness. Likewise, a person diagnosed with a mental illness can experience periods of physical, mental, and social well-being."

With the understanding that mental health involves nearly everything that makes us human, it's no surprise that a person's mental health has a big impact on their profession and vice versa. Many U.S. workers spend more than 40 hours a week at their job. Connecting the dots between your professional duties and environment and your mental health is important to maintaining overall health.

"The British Interactive Media Association (BIMA) recently revealed that tech workers are 5x more likely to suffer from a mental health problem than the wider population."

MSPs and Constant Crisis Intervention

MSPs work round the clock to maintain, protect and secure their client's IT infrastructure. While that time and effort typically go unnoticed, when something does go wrong, all eyes are on you.

Channel veteran, Dave Sobel of Business of Tech, explains the stress of MSP responsibility in a recent article. "The cliché: 'No one calls up the network administrator to tell them that the network is running well. They just call when things break.' Cliches happen because they are based on some element of truth. This is a brutal business on your brain. The criminals have to be right only once. Support organizations need to be right every single time. Risk management is what we do, and you know what that means? A lot of risks! Risk comes with strain and stress, and it can be intense pressure."

The role of an MSP is one of risk mitigation and crisis intervention. The high stakes of business IT require MSPs to not only take responsibility when a breach happens or data goes missing, but to solve the problem and assure business continuity immediately. The cost of downtime is too high for businesses to sit patiently, which puts a lot of stress on MSPs to act quickly and correctly. Unfortunately, MSPs have to be ready 24/7/365 - no holidays, vacations, or time off. It's those universal days away from the office when hackers attack most.

Remote Work Fuels New Challenges for MSPs

The pandemic changed the cybersecurity threat landscape to make it easier for hackers to do what they do best. With millions of workers out of the office, unprotected by corporate firewalls, and accessing business-critical data over unsecured Wi-Fi connections - successful attacks continue to rise. Workforces are now highly distributed, and many workers have returned to the office, while many other organizations have embraced the work from anywhere culture.

As the risks increase, so do the pressure and stress for MSPs. New solutions are necessary to combat and overcome inevitable attacks on remote endpoints. As MSPs grow their stack, they also risk the consequences of vendor sprawl, lost profits, higher management costs, and the need for more technicians.

MSPs must educate clients on the new risks and emphasize cybersecurity training and phishing awareness to help users avoid potentially catastrophic mistakes. In addition, marketing and sales departments have to shift communication strategies, develop new campaigns, and help clients justify increasing their cybersecurity budgets. All while reassuring clients that their businesses are safe and the solutions you're implementing are necessary for business continuity.

The culmination of these stressors has resulted in the following notable statistics cited in Dave's article, IT Industry Must Open Up About Mental Health.

• • 8 in 10 technologists say their job became more complex during 2020 due to rapid innovation and a sprawling technology stack.
  • 89% of technologists say they feel immense pressure at work.
  • 84% of technologists found difficulty switching off from work.
  • 68% of tech workers feel more burned out than they did when they were at an office.
  • 60% of tech workers are working more hours than before the pandemic.

CISO Stress Levels Rise Alongside Attack Frequency

It's not just technicians feeling the mental strain of escalating attacks. A majority (88%) of chief information security officers (CISOs) consider themselves under moderate to high stress. Like the professionals they oversee, CISOs are also working overtime without compensation in an uphill battle to stay ahead of the bad guys.

Security Magazine reports, "The FBI recently reported that the number of cyber attack-related complaints to the Cyber Division has risen to almost 4,000 a day. Microsoft reports that COVID-19-related attacks, where cybercriminals gain access to a system through phishing or social engineering, have jumped to almost 30,000 a day in the US alone. The increased effectiveness of the attacks means that workloads are increasing faster than people can be employed. It also means that CISOs are rarely afforded downtime between incidents. For many in the security department dealing with incident response, stress levels are sky-high."

Cybersecurity Labor Shortage Strains Industry Workers

Even before the pandemic, there was a significant shortage of cybersecurity professionals worldwide. A report from late 2019 showed 2.8 million professionals working in cybersecurity jobs globally. However, estimates show that the industry needs another 4 million trained workers to properly defend organizations and close the skills gap. Thus, what was already a challenge - protecting organizations from rising cyber threats - is compounded by the demand for capable employees.

An article in the United States Cybersecurity Magazine says, "The global staffing shortage in information security means that many departments are operating with half the staff needed. Indeed, this increases stress exponentially. The stakes to protect information online are extremely high, and so it stands to reason that levels of stress are escalated too."

On the flip side, the need for cybersecurity professionals creates opportunities for people who want to enter the field. The average salary for these skills in the U.S. is $90,000 a year, and with security certifications, people can earn even more. Remote work has also expanded the job market, and these positions don't typically require employees to work on-site. The cybersecurity industry offers many opportunities with the proper training and the soft skills necessary to prioritize well-being and tolerate stress.

Avoiding Burnout While "Fighting Fires"

You may not think cybersecurity professionals face the same type of professional stress as firefighters, but both are responsible for emergency management. It's that constant knowledge that an impending emergency - be it data loss, a data breach, or server failure - will happen, and when it does, you've got to fix it. As an MSP, your clients rely on you to keep their business running no matter what. Anticipating emergencies adds additional stress, overtime, and burnout before recovery is even on the table.

The Federal Emergency Management Agency (FEMA) studied burnout and workplace safety on firefighters, and we can also apply these findings to cybersecurity professionals. They discovered three ways to help reduce burnout:

1. Emphasize a safety-conscious transformational style of leadership.
2. Require team leaders to provide rest and healing while fighting fires and allow for post-event rest.
3. Promote health and wellness goals and a positive safety climate.

In the cybersecurity world, this translates to setting your team up for success.

• Allow employees to focus on the emergency response tasks by eliminating external and unnecessary requests that can be delegated or don't fall within their strengths.
• Empower employees to achieve by streamlining processes, giving them the tools necessary to accomplish, avoid delays, don't create bottlenecks, and have their back.
• Require rest after emergency events, especially if remediation was necessary outside of regular working hours or on weekends.
• Encourage self-care through regular breaks throughout the day and ergonomic workstations to avoid eye fatigue and body aches while supporting mental acuity and focus.
• Respect the human in everyone by giving employees the space and understanding to take care of their mental health and well-being in the manner that works best for them - it's not a one-size-fits-all equation.

Thankfully for MSPs, the Channel Offers Support

The spirit of the channel is a unique sector of the cybersecurity and IT industry. Surrounded by a community of provider peers, cooperation comes first, and competition comes in second. MSPs have a built-in support system within the channel with an agreed-upon villain - the hackers - and a unified goal - to protect data. Ideas, solutions, feedback, and advice are generally shared candidly for the benefit of the channel as a whole.

When things get tough, such as when the pandemic first hit, after natural disasters become catastrophic, or widespread attacks prove a new level of sophistication, channel competitors come together. This was evident after the Kaseya attack in July 2021 breached a number of MSPs. Huntress Labs took a community-first response via Reddit, providing a central point of information throughout the incident while offering free, non-sales webinars to help providers recover.

The Huntress Labs post generated the most upvotes and comments of any other post in the subreddit history and was cross-posted to four additional subs. The Mods created and presented Huntress Labs with the first-ever Vendor Contributor award in honor of their continued efforts, dedication, and unwavering support during the Kaseya attack and other cyber incidents. It's that community recognition, support, and encouragement that makes the channel a valuable place to seek help, understanding, and guidance.

Mental Health Resources for MSPs

In addition to the support of your peers, Richard Tubb, the IT business growth expert, compiled an impressive list of mental health resources for MSP business owners. In addition to emphasizing the importance of a strong support network, Richard also suggests meditation, reading, and calling a friend to feel good every day. His resources include:

Mental Health in Information Security by FRSecure also offers general tips from an information security perspective. Additionally, the article provides ways to help others who are struggling with their mental health. One way is to take a course in Mental Health First Aid. If you want to help but are unsure where to start, these courses teach skills like listening nonjudgmentally, giving reassurance and information, and encouraging professional health and self-help.

MSP Xperience Keynote: "The Risk of Not Adopting a Strong Self-Care Tool Stack"

Axcient is putting mental health and personal well-being center stage at this year's MSP Xperience. The virtual event on Tuesday, October 26, 2021, is curated to help MSPs navigate our increasingly complex threat landscape - without compromising their mental health. Keynote speaker Todd Kane, a former MSP and mental health advocate from Evolved Management Consulting - is speaking about how and why MSPs need to adopt a strong self-care stack.

Looking for help for yourself or someone you know? Here are some resources recommended by the author that are well-suited for the MSP community:

• Richard Tubb's curated list of mental health resources for MSP business owners, with tips and tools he recommends, from one MSP pro to another.
• Mental Health First Aid Training with the National Council For Mental Wellbeing: If you have a friend, family member, or other loved one experiencing mental health challenges, but you have no idea where to even start to help, consider taking a course in Mental Health First Aid. This course teaches skills like listening nonjudgmentally, giving reassurance and information, and encouraging both professional help and self-help.
• Ready to talk to someone? This straightforward guide from NAMI can help you navigate the system and find a mental health professional. You can also call the NAMI Helpline at 800-950-NAMI or chat with them. If you are in a crisis, you can text "NAMI" to 741741.

About the Author:Carissa Johnson // Product Marketing Manager, Axcient

Carissa Kohn-Johnson has a background in marketing healthcare technology and information technology and currently works as the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in technology, and working with MSPs in particular. She serves on the Information Services Advisory Board for her community and feels most at home with other technology-forward people.

Carissa clearly loved attending college as she studied Sociology and Gerontology at Nazareth College and Biological Sciences at NC State University and has taken several courses since then. In pursuing her goal to be a bona fide polymath, she is a voracious reader who tries to consume a minimum of 300 pages per week.

Connect with her on LinkedIn - perhaps you can contribute to the Axcient blog?

More Great Stuff From Our Blog:

Check out some other interesting pieces from our blog: we dove into how chain-based backup works and why chain-free is the way to be, we talked with Jason Phelps from Huntress Labs about planning for the next ransomware attack, our CEO David Bennett explains why the current cybersecurity landscape means traditional backup is dead, or learn how you can ditch pricey on-site appliances with Local Cache for Direct-to-Cloud BCDR.

Public link

Please use the above public link if you want to share this noodl on another website.