IT Security staff as many as 85% engage in leisure activities during working hours, according to new findings from Kaspersky’s report ‘Managing your IT security team.’
Typically, these hobbies account for six hours a week, which is an hour more than staff across the company overall. A reason for these breaks may be to find a distraction from high workloads – cited as the most common reason to leave a cybersecurity job.
Cybersecurity can involve routine and repetitive tasks, which affects both productivity and motivation to work. A shift to remote work has further blurred the lines between working and personal time. This combination of these factors can lead to situations where employees are often distracted from work.
Kaspersky’s report surveyed more than 5,200 IT and cybersecurity practitioners globally.
According to the research, among the most common activities, IT security staff participated in at work included reading the news (42%), watching videos on YouTube (37%), and watching films or TV series (34%). A third of the respondents managed to do physical exercise (31%) and read professional literature (33%).
Pic. 1 Types of hobbies IT security employees take during working hours
Additionally, almost half (46%) of IT security employees believe that their colleagues left a job because of these high workloads, while 41% of employees across all departments shared this opinion.
With so much working time being spent on leisure activities may seem contradictory. But 48% actually explained their distractions from work were due to a need for a break between tasks, rather than because of boredom or a lack of work.
In addition, when working from home, some duties and meetings may now be scheduled outside the standard 9-5 workday. During longer workdays it is even more important that workers take breaks, so they are able to remain productive over this extended period.
“I do not think it’s an issue that employees are distracted from work. There should be control over task performance, not how many working hours are spent on a hobby. Also, it may be normal for people to watch videos, as it may give insights into how to solve a problem,” Andrey Evdokimov, Head of Information Security – Kaspersky.
“All in all, if work is not interesting for someone and there is a lack of task management, an employee will find a way to do something different, even from the office,” added Evdokimov.
“Employees should have goals, KPIs, objectives and metrics that characterize the quality and speed of their work. If performance is unaffected, there are no problems with the fact that a person is distracted from work,” said Sergey Soldatov, Head – Security Operations Centre (SOC), Kaspersky.
“If efficiency has fallen or differs from colleagues, it should be paid attention to. The aim of the manager is to inform employees about poor productivity as early as possible so they can find ways to solve the issue,” added Soldatov.
Kaspersky experts responsible for IT security and SOC share the following recommendations on how to manage IT security teams:
- Ensure that your company is fully equipped with IT security staff. Optimal numbers can be estimated as one cybersecurity employee for every 10 IT professionals;
- For round the clock SOC operation, there should be at least five employees responsible for monitoring. Organise shift work to avoid overworking;
- Outsource typical IT security tasks. It grants in-house employees more time to focus on company-specific requirements and the protection of legacy IT infrastructure;
- Ensure that you give employees different, non-standard tasks so they are not stuck in a rut and can develop their skills.