Building a Positive Security Culture with Change Management

Positive security posture has evolved to be a measurement not simply of the practices and features used by an organization to thwart breach, but also the organization’s investment in people and their ability to be agile in confronting threats. In addition to physical security and cybersecurity, business leaders must endeavor to shape attitudes and behaviors across all business lanes to align organizational culture with organizational security directives.

A common mistake businesses make is relying on a one-size-fits all approach to governance, risk, compliance and privacy. Typically, this is performed annually through a bulk training program that all employees are required to complete. While the learning objectives may be sound and the delivery proven, the only way to realize an ROI from this type of training is in the event it actually prevents security breaches . By employing an array of change management tools and tactics, organizations can realize and maintain a positive security culture that keeps up with the acceleration and sophistication of cyber security attacks. Some examples include:

Harness Point in Time and Discuss Current Affairs
Mainstream privacy and security incidents present a great opportunity to engage employees in rich and diverse discussions on the importance of data security and concepts of privacy. Harnessing momentum from current events in team meetings not only generates awareness but also sparks discussions that can drive bottom line. However in the wake of recent Facebook privacy revelations, I did a quick, unofficial poll of colleagues and friends at big tech firms and found that not one had a group discussion led by peers or management related to data security during or after the intense media coverage. Business leaders and their counterparts across the organization can capitalize on these opportunities for quick and impactful strides in building a positive security culture.

Leverage Unrealized and Untapped Potential

As teams grow and evolve, new skill sets are introduced and refined. Identifying and leveraging those skills and resources that stimulate a positive security environment can be key in creating the culture you’ll need to maintain high-levels of data security. In my time working as a member of the business operations team at Microsoft and now the Valorem Digital Strategy team, I have had the fortune of working with a diverse set of colleagues with equally diverse backgrounds. This people and skills variance has played a key role in raising awareness about data security and compliance throughout my career. Some common skills I have found to support a positive security culture include:

• Strong organizational skills
• A thirst for knowledge
• A natural passion for problem solving
• Strong communication skills
• Desire to innovate

Does this sound like anyone on your team? Managers striving to raise their organization’s security posture should take stock and leverage such resources to raise awareness of security challenges and pragmatically address nascent issues. Harnessing the skills of your existing team can go a long way in addressing security and compliance challenges.

Understand Your Organization’s Digital Maturity
A key differentiator of a digitally mature organization, is the degree of efficiency for approval workflows and security group administration management. These digitally mature business processes are typically under the supervision of decentralized resources who understand the importance of security. In addition, digitally mature organizations consistently evaluate the risk associated with data exposure and rules for confidentiality. A Digital Maturity Assessment can help business leader establish a baseline for their organizational maturity and identifying initiatives to drive great digital change. Regardless of where an organization is positioned in terms of its services infrastructure or organizational culture, digital maturity and security posture often go hand-in-hand in leading maturation and ultimately driving results.

Prioritize Experts in Hiring
The CIO from IDG identified Cybersecurity as the “most important hiring need.” As businesses start and progress on the journey to digital maturity, a growing skills gap has arisen and many have found hiring security professionals to be extremely challenging. How organizations recruit and retain security experts will have to evolve based not on wishful thinking but in reaction to the actual security posture of the organization. The longer security roles remain vacant the greater the risk to your organization. When addressing security needs to mitigate risk of breach, security roles should naturally rise to the top of your talent procurement priorities whether partnering with a consultant or hiring from the available talent pool.

Take a Holistic Approach
Building a culture of security through organizational change management tactics like these pays long-term dividends, reinforces corporate culture and reduces security risks. Creating a logical change management plan and leveraging the skills of your organization as well as the issues of the day, can drive lasting change and create security advocates to maintain a safe environment in the face of today’s security challenges and those of the future.

Valorem’s approach to digital transformation is a comprehensive strategy tailored to your current state, guided by your business goals and propelled by proven change management tactics. We embrace the Prosci change management model, ADKAR (Awareness, Desire, Knowledge, Ability, and Reinforcement), to guide our clients through their digital journey with confidence and ease. For more information on our Digital Strategy and Change Management solutions, email marketing@valorem.com.