At CyberUK2022, The NCSC published fresh guidelines on how organisations can prioritise staff welfare in their cyber incident response plans: https://www.ncsc.gov.uk/guidance/putting-staff-welfare-at-the-heart-of-incident-response
In response to the announcement, Laurie Mercer, Security Engineer at HackerOne – the world’s most trusted provider of ethical hacking solutions – has provided his personal thoughts on why its so important for organisations to put staff welfare first when a cyber-attack strikes.
When a cyberattack happens, guilt and blame often follow – but this is counterproductive. Openness, transparency, and speed are pivotal in effectively resolving a breach. It is generally a time of high stress and short tempers; however, as with most things in business, proper planning and processes are paramount.
Planning must include ensuring that an up-to-date roster of expert contractors is available, restoring critical infrastructure quickly, and taking care of staff wellbeing – both psychological and physical. Workloads will invariably spike, leading to people working longer hours with shorter breaks, and managers must be prepared to step in to monitor activity levels and ensure their staff members are not burning out as these instances can be marathons rather than sprints.