How can CISOs make cybersecurity positive, productive, inclusive, and maintain best practices across the enterprise?
Do your staff feel valued and important in their roles? More than 65 percent of employees report they do not feel recognized at work, and 31 percent say they’re “engaged but feel my company could do more to improve the employee experience.” How can CISOs (who are already busy fighting fires, cloning themselves, and plate juggling) empower their security staff to be productive and empower the wider company while maintaining stringent security standards?
Are employee autonomy and cybersecurity mutually exclusive?
Autonomy in the workplace fosters a more efficient and inspired company culture, however, autonomy and IT security don’t traditionally go hand in hand. Individual responsibility, supporting the wider team, does. Finding a person’s specialisms and asking them, as the “expert”, to champion and report on a single element to support their peers within the wider IT security function, is a great way to show confidence and acknowledge and respect the specific value they bring to the organization.
Initially, a team leader does this while a team member is still working within (and reporting to) the support network of the overall security team. Not only does this give individuals responsibility, but it also gives them a specialism (or two) – mutually chosen during their most recent staff appraisal – and a position of responsibility within the organization, while having the support of their peers. Security team members could, for example, be responsible for (and report on) patching, physical installation, user access controls, working with IT ops to build a shared business continuity/disaster recovery plan, new threats, championing work with HR to educate other company employees on phishing attacks and suspicious activity, security auditing, or one of the hundreds of other areas that busy security teams need to address. Not only is this great for individuals to be able to use their strengths, and interests, but individual task responsibility helps to communicate a clear vision and demonstrates trust. Reporting at regular team meetings gives…