As the person with the CIO job, you realize the importance of information technology and just how important it is to keep your company’s network secure from all of the bad people out there in the world who are always trying to get in. You make investments in firewalls, intrusion detection devices, and highly paid IT security staff. However, we all realize that if we want to keep our network secure, we’re going to need each and every employee of the company to lend a helping hand. Since in most cases they just don’t seem to care about network security, what can we do to get them to care?
All Threats Are Personal
In order to get your company’s employees to take network security seriously, you are going to have to find a way to make this stuff “real” for them. One great way to go about doing this is to take the time to explain to them exactly what is going on. By doing this you’ll be able to make something that is as generic as “network security” very, very personal.
During your explanation you need to discuss just exactly why the bad guys are trying to break into the company’s network – what is it that they want? Yes, some of the information that they’ll be looking for will be related to company products and projects. However, a real source of gold would be all of the information that the company keeps on its employees such as date of birth, home address, and social security number. When you explain what is at risk, their motivation to participate in keeping the network safe will increase.
Help Them To Understand The Threats They Are Facing
In order for the users in your company to take the actions that are necessary to keep them and your network safe, they need to be motivated. What this means for you is that you’re going to have to make sure that they really understand what is going on.
One way to go about making this happen is to explain to them that it may seem as though the bad guys are targeting everyone else besides your company, they really are out there and they are trying to get in. You can use security logs to make this point hit home. Additionally, when it comes time for users to apply updates, take the time to explain why the new software will make their lives better – not just that it’s got better antivirus detection codes.
Make It Easy To Stay Safe
We all know that if we ask our end users to do too many things, take too many steps, it just is not going to happen. What this means is that we need to take steps on the IT side of the house to make it easier for folks to do the right thing.
This can be accomplished by reducing the number of steps that users have to go through in order to make updates to their computer. Additionally, since none of us like to wait for things to happen, if the changes can be downloaded in the background and be ready to be applied when we are ready, then that would speed things up significantly.
What All Of This Means For You
When you are in the CIO position, you are effectively a cheerleader for corporate network security. What this means is that not only do you have to do all of the right things, but you also have to find ways to motivate the rest of the company to do their part also. This is the hard part.
In order to get each employee in the company to play their role in securing the network, you need to carefully explain that the threats that the company can impact each and every one of them personally, make them understand that the bad guys may be targeting them in particular, and simply the steps that employees have to go through in order to remain secure.
The good news here is that yes, it is possible to secure the company’s network. However, as the CIO you can’t do this alone. Instead, you are going to have to enlist everyone else who works at the company. You can make this happen by making the security threats that the company is facing personal and then by showing them what they need to do to keep themselves safe from the bad guys.
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™
Question For You: What’s the most effective way to communicate security information to every employee?
Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
The day-to-day challenges of being a CIO and teaching the rest of the company about the importance of information technology are enough to keep most of us fully busy. Just imagine if you were handed the additional responsibility of creating a plan to merge the IT operations of two large airlines. You could not screw this up – even the smallest error could result in a drop in ticket sales that the company could not deal with. The blending of systems would have to go off flawlessly. Do you think that you could do this?