Cyber Security is one of the most prevalent challenges on the minds of today’s IT leaders. In a Twitter chat led by Myles Suer of CIO.com, participants listed cyber security among their top organizational, talent development, and investment priorities for 2019. In the same conversation, CIOs admitted that they continue to struggle with tension between IT and the rest of the organization, and that reducing business friction remains one of their top concerns.
Relationships, compliance and cyber security:
Every IT leader has struggled at one time or another to find strategies that increase compliance and improve cyber security within their organization. The answer is the human factor. Relationships. It’s not faster or even easier, but it’s better. Better relationships mean better compliance. And better compliance means better security.
Let’s look at a couple of reasons why users don’t comply with IT security standards for enterprise software solutions, and how relationship-building can tip the odds in your favour.
The solution doesn’t meet their needs.
If we take collaboration software as an example, there are dozens of products on the market with varying functionality, usability, pricing, and security features. If employees need to collaborate to make their work lives easier and more productive — which most do — they inevitably have an opinion about what is and isn’t going to work for them. Implement a collaboration software solution without talking to employees about their needs and you are asking for trouble.
Working through a software selection and implementation process with end-users takes time. If you engage people from the outset, ask them for feedback early, and land on solutions that they love, you are going to see increased ownership, accountability, and cooperation. If you don’t work with them, users are more likely to go around security protocols and download unapproved apps to get what they want.
They don’t understand why they should care.
Sometimes user security breaches are innocent mistakes – some people honestly don’t know any better. It’s not because they’re stupid. It’s because their job is not in IT and/or Cyber Security, and they don’t understand the “why” behind corporate IT security policies. Going back to the example of collaboration software, how many users in the organization realize that end-to-end encryption is essential for safe file sharing and web conferencing? How many even know what end-to-end encryption is?
IT security education and training for employees is essential. Regular education sessions are an opportunity to talk about the importance of security and how security risks can impact the organization. Security talks can be conversational and informal, like lunch-and-learns, and limited to one hour at a time. Share your passion for your work and your industry, and listen while your fellow colleagues share theirs. The more users understand about cybersecurity challenges, and the reasons behind IT security policies and procedures, the more likely they’ll be to comply.
Digital Security threats aren’t going anywhere – neither are end users.
Cyber Security has reached the point where it’s not just an IT problem anymore. At every level of the organization, every employee has a hand in making sure the organization is protected and in enabling the organization’s IT security experts to do their jobs. Increased focus and attention on developing better relationships will help IT leaders create an environment where users understand Cyber Security and their role in it.