Anyone who’s worked in an office environment is familiar with the disconnect that sometimes exists between IT and non-IT staff. It’s understandable, really. People naturally have different ideas about what’s important and how to get things done. And for the most part, nobody talks about how one affects the other.
It’s no surprise, then, that a recent survey by Grant Thornton says CIOs are looking to transform IT from a cost center to a trust center by delivering better value and — perhaps more importantly — building better relationships. CIOs are keenly aware that, even after more than four decades of IT in the workplace, conflicting priorities remain between stakeholders.
The “human factor”
People are unpredictable and emotional beings, often with divergent priorities and motives. In the context of choosing and implementing collaboration software solutions, the “human factor” is a critical IT security variable. Why? Because end-users are often uninformed about or disinterested in security risks, leaving them most vulnerable to would-be attackers.
When there’s tension between work units in an organization, and relationships are strained, everything is harder than it needs to be. We’ve all experienced something like this. A deadline, for example, that relies on information from a colleague who isn’t motivated to help. That colleague could be unmotivated for any number of reasons. Maybe they don’t know the deadline, or maybe they don’t understand the assignment. What if they are swamped with other work, and the last time they asked for help, nobody had their back?
A simple task can be complicated by poor communication, misunderstanding, and lack of trust: in short, a bad relationship. Whatever the case, the outcome is the same – you can’t get your work done. It’s no different in the world of IT security and compliance.
Relationships and compliance
There are a few reasons why users don’t comply with IT security standards for software. Understanding the attitudes and reasons behind the behaviour is the first step. When you’re struggling with compliance in your organization, think about the relationship dynamics at play, and ask yourself these three questions to identify areas for improvement.
Does the solution meet users’ needs? Were they involved in the software selection and implementation process?
If the answer is no, you might have a group of end-users who don’t like the product and probably aren’t going to use it. That means they’re more likely to circumvent IT security policies to download and use apps that more closely suit their preferences.
Are there well-developed IT security policies that clearly outline roles, responsibilities and expectations?
Golden rule of compliance – tell users what they can and can’t do, and be explicit. If your organization doesn’t have clear, plain-language policy and user sign-off processes, the odds of getting any form of compliance on a reliable basis are pretty slim.
Have users been involved in regular, ongoing cybersecurity education and training activities?
No? Try to remember, not everyone in the organization understands cybersecurity. Just like some probably don’t understand marketing or accounting. Sharing knowledge and insights within an organization builds awareness and trust – and users are more likely to comply with rules that make sense to them.
The end game
Remember, your goal at the end of the day is to protect the organization’s data, infrastructure, and other assets. We already know, the absence of good working relationships and the prevalence of business friction are barriers to success for IT leaders. That’s why the vast majority of CIOs, when surveyed, talk about transforming IT from a cost center to a trust center. IT leaders who can shift people away from friction — and towards trusting, work relationships — are going to achieve higher rates of compliance and stronger cybersecurity culture as a result.
To learn more about building trust with end-users, read about Ignite’s Collaboration Adoption program and how we help set your employees up for success. For ways to protect your organization’s data, infrastructure and other assets, check out Ignite Security and learn how we partner with clients to build Cyber Resilient organizations. We’ve got you covered!