Steve Gickling is the CTO of Calendar, a place for unified calendars and all your scheduling needs.
Cybersecurity management isn’t a responsibility retained in the IT department. Cybersecurity is every team member’s responsibility as it impacts the entire organization.
While team members aren’t yearning for yet another training module to complete, aligning cybersecurity priorities with the business is critical. IT colleagues may focus on technical aspects of cybersecurity, but leaders must understand how cybersecurity impacts their departments.
To protect the organization and its ability to achieve its mission, learn how to bring IT and business leaders together. When you do, you’ll integrate cybersecurity into the business‘s strategies, organizational culture and daily operations.
1. Decipher cyber-speak into common language.
If you can’t understand what someone is saying, you’ll likely tune them out. Before you launch an internal initiative to overhaul your cybersecurity practices, focus on education. Technical jargon of any type can feel overwhelming and make even the most intelligent person feel out of touch.
Consider the business leaders you’re trying to align with and reframe cybersecurity relative to their comfort zone. Financial executives may be more comfortable discussing ROI or value-based priorities. Leverage this understanding to align how cybersecurity risks can threaten shareholder value and consumer confidence if not prioritized.
Get granular with your internal education program and invite cybersecurity leaders to provide education and updates during weekly executive meetings. Resist the urge to dive deep. Instead, deliver engaging, smaller batches of education that reinforce your most recent presentations.
2. Align cybersecurity risks with business risks.
Thankfully, most people don’t think like a hacker. However, understanding the global scale of cyber risk is critical for leaders. IT leaders should unpack the realities of cyber risk, and how they can impact your business, your people and your clients.
Regulatory expectations are only expected to increase as cyber risk is the new frontier of crime. Start with a more familiar risk, like a data breach, that can become more likely with open system access. Invite leaders into the minds of bad actors and explain how system gaps and human oversight have a trickle-down effect.
The reaction may be a mix of fear, disbelief and disregard, but hold true to your expertise. Convey the realities that a data breach would incite beyond the initial risk of unmanaged data. Customer trust, shareholder value and lost productivity are among the initial wave of risks, but they don’t end there.
A data breach presents a widespread, long-lasting public relations problem, as your brand now aligns with cyber risk. Clients may lose faith in your ability to protect more than just their data and may decide to exit. Your employees will lose traction on key priorities, focusing instead on damage control and recovery, instead of new product development.
By prioritizing cybersecurity now, your organization can protect its future and sensitive data.
3. Build relationships to identify business leadership priorities and concerns.
If you don’t have regular conversations with your business leaders, it’s difficult to understand what’s most important to them. Set a regular meeting on the calendar to align priorities and understand their concerns. Keep the conversation general, but strive to find out what’s on their mind and what keeps them up at night.
Often, there’s a cyber component to their worries and goals, and you can become an essential partner in their success. Convey your desire to leverage technology and cybersecurity best practices to align with their goals and initiatives.
Customer care teams, for example, regularly interact with sensitive customer data and personally identifiable information. This may spark a productive conversation about access to sensitive information and how that data is transferred internally. Identify potential gaps, include them in your security plan, and link them to the company’s strategic plan and objectives.
This can help align team priorities and gain buy-in from leaders for budget and strategy discussions.
4. Instill a cyber-aware organizational culture
Outside the boardroom exists dozens or even hundreds of people whose cybersecurity behaviors greatly impact the business. Collaborate with your human resources team to integrate security education into employee expectations. Name a cybersecurity champion to help guide education, training modules and regular communication regarding cybersecurity best practices.
Meet with department leads and frontline managers to engage them with your training goals. As you did with the executive team, align how cybersecurity matters to their teams’ daily work. Invite them to collaborate on targeted training in both systems and behaviors, which can provide otherwise inaccessible insights.
Make sure the sessions are accessible and simplify topics, using humor and relatable scenarios to help modules stick. Include knowledge checks to foster engagement and identify potential risks and gaps. Knowledge check performance can help to identify where additional training may be needed in the future. Layer education with in-person sessions, engaging activities and online experiences to make learning fun and relevant across the organization.
Share the responsibility of cybersecurity and achieve more.
Bring your organization together to protect against threats to your mission and vision, as well as your teams’ well-being.
Cybersecurity efforts support strategic business goals, and by putting forth the effort to align priorities, organizations can protect their assets. Build relationships and rapport to align shared goals and integrate cybersecurity into the business for a stronger, more resilient future.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
This post was originally published on here
