Security professionals need to become wellness experts

Want to boost your defences? Take some inspiration from health gurus

Illustration of office workers meditating

If you work for a large organisation, you’ve probably noticed that health and wellness have become an area of focus over the past several years. Companies have started offering classes on yoga and meditation to their employees, while promoting mental health and emotional wellbeing. 

There’s a very good reason for this; not only does it aid workforce retention by creating a positive environment, multiple studies have also shown that healthy and fulfilled workers are more productive. This trend has driven companies to expand their focus on employee wellbeing beyond simply reducing work-related stress to elements like diet, sleep, and exercise, all of which play a major role in how effective people are when they’re at work.

The theory is that, because human beings aren’t robots that can compartmentalise their experiences, every element of a person’s life will feed into every other part. Put simply, you’re not going to be able to do your best work if you’re exhausted, depressed, or suffering from an avoidable health condition. Therefore, it’s in employers’ best interests to keep their staff as healthy as possible both in and out of the office.

The same thinking can also be applied to an organisation’s security for a similar effect. This isn’t to suggest that you start a morning pilates session with your incident response team or bring puppies into your SOC once a week (as adorable as that would undoubtedly be) - instead, this is about applying the principles of holistic wellness to your security strategy.

Just like its employees, an organisation’s security is large, and contains multitudes. Most security teams have tools to manage network firewalls, threat detection, API security, and DDoS mitigation, but looking at these areas in isolation is markedly less helpful than thinking of them as smaller parts of a larger whole. Without looking at the bigger picture, it’s easy for gaps in your security to go unnoticed.

Even this, though, is arguably taking too narrow a focus on security. If corporate wellness involves looking at employees’ health outside the workplace, then security wellness must involve considering your defence posture outside the confines of the operations centre. Take file-sharing as an example; if staff are using a grab-bag of different shadow IT applications to share documents, it’s next to impossible to track what data is being shared and clamp down on unauthorised access. By standardising on one central system, it’s much easier to account for filesharing as part of an overall security profile.

Business culture is also important to consider, even beyond the usual advice of making sure that employees are using good password hygiene, not opening suspicious attachments and the like. If there’s an established process in place for requesting things like financial transfers or sensitive document access, spearphishing attempts involving ‘urgent’ emails for wire transfers purporting to be from a C-suite executive will stick out like a sore thumb.

Multi-vector attacks have been the norm for years, and everything from your application front-end to your staff’s personal laptops are a potential target for hackers. Security teams can no longer afford to look at their IT estate in isolation, but by boring some of the strategies of the modern corporate wellness programme, they can de-stress their operations and bring some harmony and balance to their strategy.

To learn more about how you can bring a holistic attitude to your web protection, register now for our free webinar, in association with Cloudflare and Frost

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021
Fujitsu taps Trend Micro to secure private 5G networks in smart factories
5G

Fujitsu taps Trend Micro to secure private 5G networks in smart factories

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO
Hardware

Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO

8 Apr 2021