Cybersecurity is one of the most prevalent challenges on the minds of today’s IT leaders. In a recent Twitter chat led by Myles Suer of CIO.com, participants listed cybersecurity among their top organizational, talent development, and investment priorities for 2019. In the same conversation, CIOs admitted that they continue to struggle with tension between IT and the rest of the organization, and that reducing business friction remains one of their top concerns.
Relationships, compliance and cybersecurity
Every IT leader has struggled at one time or another to find strategies that increase compliance and improve cybersecurity within their organization. The answer is the human factor. Relationships. It’s not faster or even easier, but it’s better. Better relationships mean better compliance. And better compliance means better security.
Let’s look at a couple of reasons why users don’t comply with IT security standards for enterprise software solutions, and how relationship-building can tip the odds in your favour.
The solution doesn’t meet their needs
If we take collaboration software as an example, there are dozens of products on the market with varying functionality, usability, pricing, and security features. If employees need to collaborate to make their work lives easier and more productive — which most do — they inevitably have an opinion about what is and isn’t going to work for them. Implement a collaboration software solution without talking to employees about their needs and you are asking for trouble.
Working through a software selection and implementation process with end-users takes time. If you engage people from the outset, ask them for feedback early, and land on solutions that they love, you are going to see increased ownership, accountability, and cooperation. If you don’t work with them, users are more likely to go around security protocols and download unapproved apps to get what they want.
They don’t understand why they should care
Sometimes user security breaches are innocent mistakes – some people honestly don’t know any better. It’s not because they’re stupid. It’s because their job is not in IT and/or cybersecurity, and they don’t understand the “why” behind corporate IT security policies. Going back to the example of collaboration software, how many users in the organization realize that end-to-end encryption is essential for safe file sharing and web conferencing? How many even know what end-to-end encryption is?
IT security education and training for employees is essential. Regular education sessions are an opportunity to talk about the importance of security and how security risks can impact the organization. Security talks can be conversational and informal, like lunch-and-learns, and limited to one hour at a time. Share your passion for your work and your industry, and listen while your fellow colleagues share theirs. The more users understand about cybersecurity challenges, and the reasons behind IT security policies and procedures, the more likely they’ll be to comply.
Cybersecurity threats aren’t going anywhere. Neither are end users.
Cybersecurity has reached the point where it’s not just an IT problem anymore. At every level of the organization, every employee has a hand in making sure the organization is protected and in enabling the organization’s IT security experts to do their jobs. Increased focus and attention on developing better relationships will help IT leaders create an environment where users understand cybersecurity and their role in it.
Want to read more on the human factor and building better relationships with your end users, visit 3 questions that can fix your relationships with end users. For more information on Cyber Security and compliance, visit our sister company Ignite Security Services Group.