In an organization it is very important for the IT team and business to be in alignment on data security. Unfortunately, for lack of communication, many times this need is not met. In fact, discussion in favor of C-Suite and overall business involvement on risk management matters has been widely voiced by industry experts; yet a streamlined communication process for security is still in the works for enterprises.
One of the things CIOs can do to resolve the issue involves creating an open information exchange between the IT team and other departments. This can be established with the formation of a committee. The security committee would include executive managers and the C-Suite.
Another component to closing the communication gap includes setting up a communication platform where team managers can discuss risk management priorities. This not only opens communication across the entire company, but it also creates a security culture across the organization. Furthermore, all the information relevant to implementing the appropriate security measures would be accessible and available to decision makers and employees.
This brings us to awareness and education programs. They are also needed if an organization wants to effectively communicate information on risk management. With these initiatives being established by leadership, employees feel supported in sharing their security concerns, questions, or suspicious behavior. Only when you make it normal to talk about a topic can others feel free to express their concerns without fear of negative repercussions. With awareness and education, CEOs can expect to see a change in employee behavior for the better.
Setting up an email or online group for employees and concerned parties to ask their questions and discuss issues, can remove additional communication barriers that hinder security within an organization. Furthermore, the security committee could take those questions and discussions, review them, and come up with solutions to those problems; as well as address the issues in an education program set up specifically around the topics listed in the emails or online group.
A barrier CIOs and executive managers can expect with these changes includes a change in methods of communication. Instead of input being restricted to leadership only, input would also include questions and concerns from employees overall. This implies added information work-load for leadership, but it is an opportunity for organizations to promote a collective effort when it comes to the risk management process and involve all parties (in particular the employees, who are renowned for insider threat due to their lack of knowledge and awareness on good security practices).
Lastly, CIOs need to learn to ask for help. If resources and outside assistance is required to ensure the security of sensitive information, this must be addressed. Without this component, a CIO could end up losing their job; not to mention the damage that would incur were a breach to take place due to the absence of the extra help required to avoid it.
Communicating security information in a continuous manner and the CIO ridding themselves of fear to ask for help are surefire ways for organizations to truly resolve the communication gap that hinders the security efforts taken by a business to remove data risks.
How are you working to close the security communication gap within your enterprise?
Photo courtesy of Maksim Kabakou