When implementing a new business plan or technology, it’s easy to draw parallels between coaching employees on best practices and coaching an athletic team in pursuit of a victory. Both require teamwork, extensive training and careful consideration of how the individual strengths of each player come together to create a cohesive working unit.
As the Major League Baseball championship series approaches, we explore some of the lessons security professionals can draw from time-honored baseball adages as they seek to build the internal case for a data protection solution.
Communicating the Benefits of Data Protection
The enterprisewide benefits of implementing a data protection solution are clear and numerous. From increasing customer trust and brand loyalty to avoiding regulatory fines and safeguarding your most sensitive intellectual property, data protection enables security organizations to demonstrate value.
Many employees outside the security practice are far more concerned with the negative impact a data protection solution could have on their workflow. Fears around degraded system performance and loss of access to essential information may overshadow the bigger picture of why data protection is a necessity. These concerns can ultimately lead employees to disregard best practices and ignore important policies, undermining work that is ultimately for their benefit. In fact, a study by Forrester Research revealed that 47 percent of information workers willfully circumvent security policies because they feel it is the most efficient way to get a job done.
As a security professional, what can you do to help other employees understand the importance of data protection and assure them that it won’t negatively impact their day-to-day operations? While there’s no silver bullet, the way you plan for, communicate and implement your data protection solution can have a dramatic impact on how your colleagues perceive and adhere to it. To ensure that you don’t strike out on data protection, focus on collaboration, education and integration to drive successful adoption and favorable impressions throughout your organization.
Teamwork Makes the Dream Work
As Babe Ruth once said, “The way a team plays together as a whole determines its success.” The same concept applies to implementing a data protection solution. As you begin establishing your strategy, evaluating vendors and creating policies, ensure that your security team is not operating in a vacuum. Involve teams such as legal, marketing, human resources, finance, customer experience and even your executives to understand limitations, set expectations and align processes to ensure that your data protection solution won’t unknowingly disrupt existing workflows across the enterprise.
Remember the 47 percent of information workers who circumvented security policies? Twenty-nine percent of that group did so because they felt like the policies were unreasonable to start with. Involve those who will be impacted by your policies as you create the rules so you can avoid this kind of miscommunication from the get-go.
This approach can help you create realistic processes and a greater sense of shared responsibility across departments. Furthermore, involving leaders across various business units will allow you to develop champions that can help you relate and communicate the value of data protection to all employees.
Practice Makes Perfect: Three Tips to Develop Proper Behaviors
Any baseball pro would tell you that the training that happens before the start of the season is one of the keys to a winning record. Likewise, as you preach proper employee behaviors regarding data protection policies, you need to make sure users are prepared to make the right decisions. This only happens if they’re educated and trained effectively on proper procedures and their importance.
Much of the challenge related to data protection stems from misconceptions about the value of security itself. Many employees who are removed from security fail to understand just how much data protection impacts them. It is crucial to educate employees about the relevance of data security, which comes in three parts.
1. Increase Cybersecurity Awareness
First, employees need to be made aware of the overall security landscape. Communicating the increasing investments made in data security each year and across all industries can help employees realize that this concern isn’t going away, and failure to comply may result in your organization falling behind its competitors. Furthermore, providing an up-to-date and engaging overview of ongoing threats will help contextualize the focus on data protection, illustrate the growing risk of data breaches and support preventative measures.
2. Communicate the Business Value of Security
Everyone in the organization must be made aware of the centrality of data to the business itself. According to a recent IBM report, 70 percent of a company’s value lies in its intellectual property. Thus, sensitive data is vital to any organization’s success, and its protection is tantamount to enabling a competitive advantage.
Taking it one step further, enhanced security measures can lead to improved brand perception among your company’s customers, higher levels of loyalty and greater revenue. When employees understand how safeguarding critical data enables better business results, they become more supportive of the solutions put in place.
3. Address Insider Threats
It’s critical to help employees realize the key role they play in ensuring the success of data protection across the enterprise. A BakerHostetler study revealed that 24 percent of security incidents happen because of employee action or mistakes. How many of these breaches could have been avoided if employees realized that their own negligence could be the biggest risk of all?
When data protection is seen as a necessity embedded in your business processes, factored into project timelines and embraced by corporate culture, it can function as an enabler rather than a hindrance. This change, however, won’t occur on its own. Your internal education efforts need to be carried out through an engaging communications plan that respects how different types of employees consume and relate to information. Work with the champions you created across various departments during the planning stages to determine the best course of action here. Once your employees understand the criticality of data protection, they’ll be more likely to accept the slight disruptions it may entail.
Drafting the Right Players
When drafting new players, the general manager of each baseball team must consider how each individual will fit into the existing lineup. Where are the gaps? How will emerging stars work in conjunction with existing standouts?
Similarly, the actual data protection technology you select and how it works with your existing systems has a major impact on overall success. Compatibility issues are major roadblocks to successful implementation of a data security solution, so do your research to make adoption as easy as possible. The technology you choose should integrate with your existing infrastructure and processes so as not to disrupt current workflows. It should also be scalable enough to accommodate inevitable data growth.
When it comes to growth, the solution you choose should be compatible with other security platforms and emerging technologies so that it won’t limit your technological maturity down the road. Choosing a vendor that enables this type of flexibility and longevity will help you avoid continuously reteaching employees new solutions or steepening the learning curve in an already challenging environment.
Covering All the Bases: Collaborate, Educate and Integrate
In theory, getting employees to accept and adopt data protection should be easy given the prevalence of cybercrime and the increasingly central role data plays in businesses operations and our day-to-day lives. As stated earlier, however, minor inconveniences can overshadow the broader need to maintain best practices, requiring the security organization to build an internal case for data protection.
By working with leaders across teams that will be impacted, educating your workforce and carefully selecting vendors, you’ll build a data protection program that circumvents many of the operational problems encountered by security teams with less foresight. As you step up to the plate in your data protection journey, these measures can help you hit a data protection home run within your organization.