MSP Mental Health: The Toll of Cybersecurity and Tools to Cope
Week three of Cybersecurity Awareness Month is ‘Explore. Experience. Share.’ The theme encourages people to promote and explore careers in the dynamic field of cybersecurity. In addition, the week of October 18th is Cybersecurity Career Awareness Week, and October 10th is World Mental Health Day.
In recognition of these holidays coming together, we’re focusing on the mental health of MSPs. While the role of an IT professional may not seem as stressful as that of a doctor, police person, or firefighter, just like any other career, it comes with challenges. With the importance of mental health becoming a more mainstream focus, our 9 to 5’s impact is becoming more evident.
In this article…
- Gain an understanding of what mental health is.
- Dive into how the unique demands of the job affect cybersecurity professionals.
- Get tools and resources for managing your mental health and helping others do the same.
What is Mental Health Anyway?
The term ‘mental health’ has rightfully become a buzzword in many spaces today, but what does it actually mean? It’s essential first to define mental health and differentiate it from mental illness to dispel any negative connotations or inaccurate definitions. Misconceptions around these terms can prevent honest, open, and accurate discussions.
According to the Centers for Disease Control and Prevention (CDC), “Mental health includes our emotional, psychological, and social well-being. It affects how we think, feel and act. It also helps to determine how we handle stress, relate to others, and make healthy choices. Mental health is vital at every stage of life, from childhood and adolescence through adulthood.
Although the terms are often used interchangeably, poor mental health and mental illness are not the same. A person can experience poor mental health and not be diagnosed with a mental illness. Likewise, a person diagnosed with a mental illness can experience periods of physical, mental, and social well-being.”
With the understanding that mental health involves nearly everything that makes us human, it’s no surprise that a person’s mental health has a big impact on their profession and vice versa. Many U.S. workers spend more than 40 hours a week at their job. Connecting the dots between your professional duties and environment and your mental health is important to maintaining overall health.
“The British Interactive Media Association (BIMA) recently revealed that tech workers are 5x more likely to suffer from a mental health problem than the wider population.”
MSPs and Constant Crisis Intervention
MSPs work round the clock to maintain, protect and secure their client’s IT infrastructure. While that time and effort typically go unnoticed, when something does go wrong, all eyes are on you.
Channel veteran, Dave Sobel of Business of Tech, explains the stress of MSP responsibility in a recent article. “The cliché: ‘No one calls up the network administrator to tell them that the network is running well. They just call when things break.‘ Cliches happen because they are based on some element of truth. This is a brutal business on your brain. The criminals have to be right only once. Support organizations need to be right every single time. Risk management is what we do, and you know what that means? A lot of risks! Risk comes with strain and stress, and it can be intense pressure.”
The role of an MSP is one of risk mitigation and crisis intervention. The high stakes of business IT require MSPs to not only take responsibility when a breach happens or data goes missing, but to solve the problem and assure business continuity immediately. The cost of downtime is too high for businesses to sit patiently, which puts a lot of stress on MSPs to act quickly and correctly. Unfortunately, MSPs have to be ready 24/7/365 – no holidays, vacations, or time off. It’s those universal days away from the office when hackers attack most.
Remote Work Fuels New Challenges for MSPs
The pandemic changed the cybersecurity threat landscape to make it easier for hackers to do what they do best. With millions of workers out of the office, unprotected by corporate firewalls, and accessing business-critical data over unsecured Wi-Fi connections – successful attacks continue to rise. Workforces are now highly distributed, and many workers have returned to the office, while many other organizations have embraced the work from anywhere culture.
As the risks increase, so do the pressure and stress for MSPs. New solutions are necessary to combat and overcome inevitable attacks on remote endpoints. As MSPs grow their stack, they also risk the consequences of vendor sprawl, lost profits, higher management costs, and the need for more technicians.
MSPs must educate clients on the new risks and emphasize cybersecurity training and phishing awareness to help users avoid potentially catastrophic mistakes. In addition, marketing and sales departments have to shift communication strategies, develop new campaigns, and help clients justify increasing their cybersecurity budgets. All while reassuring clients that their businesses are safe and the solutions you’re implementing are necessary for business continuity.
The culmination of these stressors has resulted in the following notable statistics cited in Dave’s article, IT Industry Must Open Up About Mental Health.
- 8 in 10 technologists say their job became more complex during 2020 due to rapid innovation and a sprawling technology stack.
- 89% of technologists say they feel immense pressure at work.
- 84% of technologists found difficulty switching off from work.
- 68% of tech workers feel more burned out than they did when they were at an office.
- 60% of tech workers are working more hours than before the pandemic.
CISO Stress Levels Rise Alongside Attack Frequency
It’s not just technicians feeling the mental strain of escalating attacks. A majority (88%) of chief information security officers (CISOs) consider themselves under moderate to high stress. Like the professionals they oversee, CISOs are also working overtime without compensation in an uphill battle to stay ahead of the bad guys.
Security Magazine reports, “The FBI recently reported that the number of cyber attack-related complaints to the Cyber Division has risen to almost 4,000 a day. Microsoft reports that COVID-19-related attacks, where cybercriminals gain access to a system through phishing or social engineering, have jumped to almost 30,000 a day in the US alone. The increased effectiveness of the attacks means that workloads are increasing faster than people can be employed. It also means that CISOs are rarely afforded downtime between incidents. For many in the security department dealing with incident response, stress levels are sky-high.”
Cybersecurity Labor Shortage Strains Industry Workers
Even before the pandemic, there was a significant shortage of cybersecurity professionals worldwide. A report from late 2019 showed 2.8 million professionals working in cybersecurity jobs globally. However, estimates show that the industry needs another 4 million trained workers to properly defend organizations and close the skills gap. Thus, what was already a challenge – protecting organizations from rising cyber threats – is compounded by the demand for capable employees.
An article in the United States Cybersecurity Magazine says, “The global staffing shortage in information security means that many departments are operating with half the staff needed. Indeed, this increases stress exponentially. The stakes to protect information online are extremely high, and so it stands to reason that levels of stress are escalated too.”
On the flip side, the need for cybersecurity professionals creates opportunities for people who want to enter the field. The average salary for these skills in the U.S. is $90,000 a year, and with security certifications, people can earn even more. Remote work has also expanded the job market, and these positions don’t typically require employees to work on-site. The cybersecurity industry offers many opportunities with the proper training and the soft skills necessary to prioritize well-being and tolerate stress.
Avoiding Burnout While “Fighting Fires”
You may not think cybersecurity professionals face the same type of professional stress as firefighters, but both are responsible for emergency management. It’s that constant knowledge that an impending emergency – be it data loss, a data breach, or server failure – will happen, and when it does, you’ve got to fix it. As an MSP, your clients rely on you to keep their business running no matter what. Anticipating emergencies adds additional stress, overtime, and burnout before recovery is even on the table.
The Federal Emergency Management Agency (FEMA) studied burnout and workplace safety on firefighters, and we can also apply these findings to cybersecurity professionals. They discovered three ways to help reduce burnout:
- Emphasize a safety-conscious transformational style of leadership.
- Require team leaders to provide rest and healing while fighting fires and allow for post-event rest.
- Promote health and wellness goals and a positive safety climate.
In the cybersecurity world, this translates to setting your team up for success.
- Allow employees to focus on the emergency response tasks by eliminating external and unnecessary requests that can be delegated or don’t fall within their strengths.
- Empower employees to achieve by streamlining processes, giving them the tools necessary to accomplish, avoid delays, don’t create bottlenecks, and have their back.
- Require rest after emergency events, especially if remediation was necessary outside of regular working hours or on weekends.
- Encourage self-care through regular breaks throughout the day and ergonomic workstations to avoid eye fatigue and body aches while supporting mental acuity and focus.
- Respect the human in everyone by giving employees the space and understanding to take care of their mental health and well-being in the manner that works best for them – it’s not a one-size-fits-all equation.
Thankfully for MSPs, the Channel Offers Support
The spirit of the channel is a unique sector of the cybersecurity and IT industry. Surrounded by a community of provider peers, cooperation comes first, and competition comes in second. MSPs have a built-in support system within the channel with an agreed-upon villain – the hackers – and a unified goal – to protect data. Ideas, solutions, feedback, and advice are generally shared candidly for the benefit of the channel as a whole.
When things get tough, such as when the pandemic first hit, after natural disasters become catastrophic, or widespread attacks prove a new level of sophistication, channel competitors come together. This was evident after the Kaseya attack in July 2021 breached a number of MSPs. Huntress Labs took a community-first response via Reddit, providing a central point of information throughout the incident while offering free, non-sales webinars to help providers recover.
The Huntress Labs post generated the most upvotes and comments of any other post in the subreddit history and was cross-posted to four additional subs. The Mods created and presented Huntress Labs with the first-ever Vendor Contributor award in honor of their continued efforts, dedication, and unwavering support during the Kaseya attack and other cyber incidents. It’s that community recognition, support, and encouragement that makes the channel a valuable place to seek help, understanding, and guidance.
Building Your Mental Health Stack
Axcient put mental health and personal well-being center stage at this year’s MSP Xperience. The virtual event on Tuesday, October 26, 2021, was curated to help MSPs navigate our increasingly complex threat landscape – without compromising their mental health. Keynote speaker Todd Kane of Evolved Management Consulting, a former MSP and mental health advocate from Evolved Management Consulting – spoke about how and why MSPs need to adopt a strong self-care stack.
Todd shared his experience with a mid-pandemic panic attack and described the pandemic as a magnifying glass that brought mental health challenges forward in so many people’s lives. As an MSP consultant/coach, he sees it in the industry.
“The quality of your mind will define the quality of your life.” – Todd Kane, Evolved Management Consulting
He shared tools and approaches that he found helpful – his own “Mental Health Stack”. He said that you need to start with yourself when exploring the mental health topic and make sure you are giving yourself the tools, systems, and time to be effective as a leader, parent, or friend. If you are drowning in the pressures, you won’t be very effective. Platitudes aside, look after yourself to be as useful as you can to those around you. “Put your oxygen mask on first.” He stressed the fundamentals:
- Sleep above all other things. “The typical IT person who is running and gunning and working 40-80 hours a week and there’s also hustle culture… and I am in the anti-hustle culture camp – I have this Twitter expression #banbusy. …’I got two hours of sleep and I am running on coffee and barely getting by is not something to be proud of”.” Quality is as important as quantity, and it is critical to know what you personally need. You can get the data! Bio-hack with a device to measure your sleep quality.
- Think sleep isn’t that critical? Consider what happens without enough sleep:
- Memory impairment
- Increased stress
- Reduction in good food choices (who doesn’t crave sugar when they are tired?!)
- Slowed responses and cognition
- Emotional impairment
- Misjudgment of risk
- Think sleep isn’t that critical? Consider what happens without enough sleep:
- Food and meal breaks should nourish your body and your mind – Todd recommends a simple 80/20 ratio: 80% of what you are eating should be nutritionally sound and nourishing for your body. The other 20% is that “fun” stuff that makes you happy. Be motivated by the gut/brain connection research – the vagus nerve is directly connecting your gut and your brain. Think about it: when you are stressed or anxious, you get butterflies. That is a mental force causing a physical response. Inversely, if you have a positive or negative gut reaction to the food that you are or are not eating, it can cause a corresponding reaction in your brain.
- Slow down! Take that lunch hour, rest, and recharge.
- Eat whole, natural foods every day.
- 90% of your serotonin is in your gut, making it even more important in how it interacts with your brain.
- Get moving – take a walk! Todd doesn’t say you need to run marathons, but even just a walk every day can be key. Activity has been proven to provide positive neurological benefits and avoid injuries.
- Perhaps make this a cultural element in your MSP
- You could gamify the process of getting more active with your team or family.
- Sitting and standing still is just not good for you, and one of the best recourses for back pain and “text neck” can be walking.
- Play! Fun is critical – make time for games, hobbies, or a favorite sport.
- Getting into a “Flow State” is key to relaxation. Your brain needs the time to detach from the things it wants to ruminate and think about.
- How do you know you are in a “flow state”? You lose track of time. Find something that will help you find this critical relaxation state, and nurture it.
- Playtime is critical, and if you can involve friends and loved ones, it can make those relationships better and stronger as well, which has its own positive benefits on your mental health.
Todd urges you to find the time – you can find 20-25 minutes in a day if you acknowledge how critical your mental and physical well-being is. Right now, consider trying a single, simple minute of Box Breathing, you will be surprised!
Mental Health Resources for MSPs
In addition to the support of your peers, Richard Tubb, the IT business growth expert, compiled an impressive list of mental health resources for MSP business owners. In addition to emphasizing the importance of a strong support network, Richard also suggests meditation, reading, and calling a friend to feel good every day. His resources include:
- Business owner-focused mental health podcasts
- Guides for IT business owners
- Mental health tools and apps
- Mental Health for MSP Owners on Atera
Mental Health in Information Security by FRSecure also offers general tips from an information security perspective. Additionally, the article provides ways to help others who are struggling with their mental health. One way is to take a course in Mental Health First Aid. If you want to help but are unsure where to start, these courses teach skills like listening nonjudgmentally, giving reassurance and information, and encouraging professional health and self-help.
Looking for help for yourself or someone you know? Here are some resources recommended by the author that are well-suited for the MSP community:
- Richard Tubb’s curated list of mental health resources for MSP business owners, with tips and tools he recommends, from one MSP pro to another.
- Mental Health First Aid Training with the National Council For Mental Wellbeing: If you have a friend, family member, or other loved one experiencing mental health challenges, but you have no idea where to even start to help, consider taking a course in Mental Health First Aid. This course teaches skills like listening nonjudgmentally, giving reassurance and information, and encouraging both professional help and self-help.
- Ready to talk to someone? This straightforward guide from NAMI can help you navigate the system and find a mental health professional. You can also call the NAMI Helpline at 800-950-NAMI or chat with them. If you are in a crisis, you can text “NAMI” to 741741.
About the Author: Carissa Johnson // Product Marketing Manager, Axcient
Carissa Kohn-Johnson has a background in behavioral and physical healthcare technology and information technology and currently works as the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in technology, and working with MSPs in particular. She serves on the Information Services Advisory Board for her community and feels most at home with other technology-forward people.
Carissa clearly loved attending college as she studied Sociology and Gerontology at Nazareth College and Biological Sciences at NC State University and has taken several courses since then. In pursuing her goal to be a bona fide polymath, she is a voracious reader who tries to consume a minimum of 300 pages per week.
Connect with her on LinkedIn – perhaps you can contribute to the Axcient blog?
More Great Stuff From Our Blog:
Check out some other interesting pieces from our blog: MSP-friendly resources and tools to help MSPs educate clients to combat phishing attacks and Fight the Phish!, we dove into how chain-based backup works and why chain-free is the way to be, we talked with Jason Phelps from Huntress Labs about planning for the next ransomware attack, our CEO David Bennett explains why the current cybersecurity landscape means traditional backup is dead, or learn how you can ditch pricey on-site appliances with Local Cache for Direct-to-Cloud BCDR.