Security teams are responsible for overseeing the well-being of an organization’s people, assets, locations, brand and reputation. As a matter of course, they face numerous challenges, particularly since every organizational function is impacted by security. With such widespread influence, it is imperative that security has an internal voice in the form of communications representation, ensuring policies, procedures and relevant breaking news items are universally and regularly communicated. Dedicating some portion of communications personnel time to the security team can drive global awareness of programs and initiatives critical to the safety of the organization, thereby increasing programmatic success.
Make the Case for Policy Awareness
While employees may sign off on receipt of the policy handbook upon hire, the number who actually read it, commit the contents to memory and adhere to all of the rules and regulations is debatable. Compliance has a lasting impact on organizational safety and security, but is reliant on thorough policy knowledge and acceptance. Conducting research on the current state of compliance can be beneficial; it may be a surprise just how many employees are either unaware of or simply do not follow well established regulations. Regular audits of security policies ranging from wearing security badges above the waist or piggybacking through controlled access for others without credentials can reveal exactly how wide that gap may be. Uncovering a lack of adherence may provide evidence of a need for increased communication and an allocation of communications mindshare to the security team.
Security teams are in need of a delegate to lead the charge in ensuring that policies are adequately communicated and understood. An internal communications representative is capable of identifying the most powerful vehicles and compelling messaging for sharing policies so employees understand their own personal roles in maintaining safety. A security-branding initiative distributed to the employee base through the right channels and with the right message can inspire their focus long enough to fully understand the potential ramifications of noncompliance.
For example, specific security pages can be included within the corporate intranet, serving as an information clearinghouse, and a security logo can be developed so when late-breaking events happen, with just a glance, employees understand that the need to pay attention and take any recommended action is crucial and immediate. This partnership can also serve as a starting point for creating a more security-minded culture and the more natural integration of security processes and concerns into a wide range of regular business operations.
Back It Up with Financial Data
Those outside of the security team may not be familiar with the costs an organization must expend to safeguarding against a security breach. Simple tasks like the administration of security badges carry meaningful dollar figures when scaled globally. When an employee loses a badge, working to track it, disable it and replace it requires funding, time and attention of the security team. If employees were more aware of the consequences of carelessly losing their identification, they would be more apt to take responsibility for the important role they play in the security hierarchy.
Because of their ubiquity, badges are a good place to begin an internal communications effort. But there are additional informational campaigns that can be developed to educate employees on how much corporate security hinges on their compliance. Lost laptops have the potential to contain large amounts of proprietary and confidential information and are expensive to replace. With cyber incidents, the actions of each individual employee can have wide-ranging effects on the whole organization. Whether wittingly or not, clicking the wrong link in a suspicious email could open the organization to a host of dangers.
Drive Interdepartmental Collaboration
Since security affects every aspect of an organization, the department has a unique ability to drive a culture based on interdepartmental cooperation and collaboration. The internal communications representative could serve as an emergency communications liaison, sharing the earliest indications of an issue identified by security to other applicable functions. A workflow can be developed to show how other departments like human resources, legal, regulatory and corporate communications all interconnect in managing a crisis. Sharing information cross-functionally helps each team maintain awareness and carry out their individual efforts as necessary, while supporting a more cohesive organizational response.
Having experienced internal communications representation providing employees with information about security awareness training, coupled with the real hard costs to identify and mitigate risk factors, can go a long way in encouraging cooperation as well as increasing compliance in maintaining a safe and secure organization.