guidance  Download / Print article PDF ##### ShareCopied to clipboard ##### Share##### Facebook##### Linkedin##### X##### Copy LinkCopied to clipboard ##### Share##### Facebook##### Linkedin##### X##### Copy LinkPutting staff welfare at the heart of incident response=======================================================Guidance for staff responsible for managing a cyber incident response within their organisation. Invalid DateTime  When an incident hits an organisation, it is important to consider the welfare of staff actively involved in the incident response, **and** those working in the wider business who may become aware that an incident has taken place. This guidance includes five recommendations that help managers put welfare at the forefront of their incident response processes, and bolster their organisation’s resilience to a crisis. *** ** * ** ***Why is staff welfare so important during an incident?—————————————————–When an incident occurs, it’s your staff that provide the problem-solving skills and adaptability that allows you to respond effectively. It’s important not to underestimate the impact that increased workload, pressure and stress can have, which can lead to mistakes being made and (if staff welfare goes unchecked) can lead to employee ‘burn out’. Ensuring that your staff are looked after throughout an incident is not only good from a HR perspective, but also has direct security benefits in reducing the impact of an incident. ### Note:Much of the advice given here takes time to implement and to mature to a point where it is effective. Therefore, you should follow these recommendations as soon as possible, rather than waiting for an incident to occur. *** ** * ** ***1. Include all staff in the incident response plan————————————————–Whilst designing your incident response plan (which will include work patterns, communication channels, and much more besides), it is important to identify the staff that will be affected by it. Think about the practical steps you can embed in the response plan to alleviate potential stresses. For example, will you require deputies in place in case key staff are absent? Are you able call on staff who can handle incidents outside core hours? Such considerations will be unique to every organisation, and being sure that your plans align with how your incident response staff actually work is crucial in reducing unnecessary blockers and stresses. *** ** * ** ***2. Build a culture where staff feel safe to speak up—————————————————-Everyone copes differently in a crisis. Whilst some personnel are likely to ‘thrive’ during an incident, others won’t. Equally, those who thrive might become overly invested and unable to spot signs of burnout in themselves. You want your staff to be able to speak up:* if they are feeling overwhelmed, burnt out, or need help in any way* if they spot worrying signs in their colleagues (who may feel unable to raise it with managers)Developing a [positive secure culture](/blog-post/growing-positive-security-cultures) will help to encourage staff to raise concerns, and help you to identify problems before they become too serious. *** ** * ** ***3. Plan your internal communications————————————During the early phases of an incident, being able to provide clarity to staff directly involved in the response can remove some of their personal uncertainty and help reduce stress. This might include setting expectations around working times, especially if this involves working outside core hours, or in a different location.However, you must also consider those in the organisation that are **not** directly involved in the incident response. A large number may be affected by the disruption of services, and will have to plan their work accordingly. Others will want to help with the organisation’s response. Suffice to say, all staff will expect to be kept informed about what is going on. Prepare your organisation-wide internal communications so that:* staff who are **not** directly involved are kept up-to-date with the latest developments* staff who are involved are not interrupted from the task at hand (nor feel pressurised into providing constant updates) *** ** * ** ***4. Be conscious of staff concerns———————————During severe incidents which threaten the integrity of an organisation, staff are likely to be concerned with how this could impact their own livelihoods (such as loss of personal information, job losses, or salary impacts). It is important to clearly communicate how the organisation plans to get through the incident, reducing the uncertainty and helping your staff to focus on the incident response. *** ** * ** ***5. Practice your response————————-Whilst no practice scenario will fully replicate the pressures of a real-life incident, exercising (and other techniques) can help your staff feel better prepared, and reduce some of the immediate stresses that an incident can cause. This is especially important for staff who may not work in incident response routinely, but are ‘surged’ into a response that’s away from their typical day job. Even table top exercises, designed to reiterate the processes involved in the immediate aftermath of an incident, will help reduce the stress. The NCSC offers a free online resource, [Exercise in a Box](/section/exercise-in-a-box/overview), which helps organisations test and practise their response to a cyber attack. *** ** * ** ***Downloads———[* pdf* 202 KB#### Managing staff welfare infographicRecommendations to help put welfare at the forefront of incident response processes, and bolster organisational resilience to a crisis.](https://www.ncsc.gov.uk/files/managing-staff-welfare-infographic.pdf) Topics——[Incident management](https://www.ncsc.gov.uk/section/advice-guidance/all-topics?topics=Incident management)|  | Back to top |  | Download / Print article PDF || ##### Share|| Copied to clipboard || ##### Share|| || ##### Facebook|| || ##### Linkedin|| || ##### X|| || ##### Copy Link|| Copied to clipboard || ##### Share|| || ##### Facebook|| || ##### Linkedin|| || ##### X|| || ##### Copy Link|| * || ##### Published|| * 10 May 2022| *|| ##### Reviewed|| * 10 May 2022| *|| ##### Version|| * 1.0| *|| ##### Written For|| * [Large organisations](/section/advice-guidance/large-organisations)| * [Small -& medium sized organisations](/section/advice-guidance/small-medium-sized-organisations)| * [Public sector](/section/advice-guidance/public-sector)| * || ##### Published|| * 10 May 2022| *|| ##### Reviewed|| * 10 May 2022| *|| ##### Version|| * 1.0| *|| ##### Written For|| * [Large organisations](/section/advice-guidance/large-organisations)| * [Small -& medium sized organisations](/section/advice-guidance/small-medium-sized-organisations)* [Public sector](/section/advice-guidance/public-sector)  Back to top
Related Tags:
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 92 – Public Administration
NAICS: 928 – National Security And International Affairs
Blog: NCSC Reports
Guidance and Blog-post
Associated Indicators: