IT Security: How To Make People Listen And Take Action To Protect Your Organization

Is IT security getting the attention it deserves in your organization? With the rise of remote access and cloud-based services, IT security has become more important than ever before. Everybody’s online and we all want to access our work anywhere, anytime. The truth is, IT departments just can’t control all actions in the digital world anymore.

What’s so important about security awareness?

IT departments always do everything in their power to keep the IT infrastructure safe from potential threats. They try to limit the network and can keep a close eye on it, but you’ll never be 100 percent secure, 100 percent of the time. You can also invest a lot of time and money into training other employees in exact procedures and checklist for using the network and dealing with threats, but that doesn’t mean that they won’t make mistakes.

If I work in IT, how can I get security awareness on the agenda in my organization?

There are basically two ways to go about getting IT security awareness on the agenda. The best option is to promote security awareness with managerial staff, starting with your own IT manager. If they’re convinced you’re on to something here, it’s much easier to get them to participate in an awareness program. Point out the benefits to the business. Having excellent IT security policies can make your company very attractive to potential customers, and being tech-savvy means you’re keeping up with the times.

And how do I get all my colleagues on board?

If IT security awareness isn’t getting the priority it deserves, point out the potential consequences of bad security. Major data leaks are incredibly damaging to the company’s reputation, because customers need to be able to trust you with their data. If you end up on a list of companies with security issues, the financial department is going to notice it in turnover. So if you want to improve attitudes towards IT security awareness, you need to talk about the scary stuff too. But be realistic. You could go on a spending spree and get the best security money can buy, but what you need is the right balance. The important thing is to reduce risks to an acceptable, manageable level. Basic awareness among the rest of the staff is often a big step in the right direction.

Once I have the organization’s support for our IT security awareness goals, what’s the best way to get there?

The right security awareness strategy is different for every company. If you want to keep things informal, you can provide short training sessions and present information in ways that are fun and light-hearted, but still get the message across so people will remember. It’s definitely a good idea to provide training to all new employees in their first few weeks on the job. But there are other little things you can do, such as putting up a simple, attractive poster with the basics so people are reminded of them regularly. Sending the occasional email to remind people to be vigilant can also be very effective, but keep it short and to-the-point. Essentially, do what’s needed to keep people aware, but don’t distract and annoy them with a constant flow of information.

How can I see if my approach is paying off?

People tend to think that if there are fewer incidents, their approach towards IT security awareness is working. But we’re noticing something very different. If there are no incidents, that doesn’t guarantee that nothing is going wrong. There could be other reasons why the IT department doesn’t hear about problems. Perhaps people are just hesitant to admit they made a mistake.