Data protection should be more than policy
Data protection is everyone’s job.
That idea needs to be talked about and implemented in your company, but, of course, that is easier said than done. As Andrew Plato said during his July 2016 WebTracks webinar, “Security is fundamentally about people. People are the greatest resource, threat and challenge.”
Data protection as company culture
To get everyone to commit to security means you need to commit yourself to employees. You need to make changes at your company to make data protection more than a policy employees sign when they join the company; you need to make it a part of your everyday company culture. Here are three tips for making data protection a part of company culture:
1. Everyone needs to follow the same rules
Another wise insight Plato shared during his webinar was that “Schizoid Security” doesn’t work. When the leadership says, “Security is a top priority… that does not apply to me” they are setting a bad example for the entire company – an example that is enough to void the importance of your data protection policy in the minds of employees.
The C-Suite needs to follow the same rules as the rest of the company. When you start allowing exceptions or providing service based on title, you are headed down a slippery slope that will cost you your employees’ trust and put your data at risk as we described in our “Bad IT” blog post.
2. Team up with HR
The HR department is your most important ally. While it is vital to get the C-Suite to follow the security rules to set an example, the HR department has the most influence over and contact with employees. The HR team is who onboards new employees, explains new policies to current employees and handles the employee exit strategy. HR needs to full understand security so they do all these things correctly and if you team up with them, they can offer you advice on how to make security more accessible and understandable for employees.
3. Reduce shadow IT
One way you can make security more accessible to employees is by reducing shadow IT through embracing employee-favorite technologies, such as the cloud. People like things to be easy, especially when it comes to completing their work. Security protocols that unnecessarily get in the way of the easy route will be ignored. Let’s use the cloud as an example. If your company doesn’t have a cloud account, employees will just open their own to store data and work more efficiently.
Talk to your employees about what they need to do their work; provide them the cloud or other technologies they want so you can set security parameters on them. Employees will find a way use the tech they want, so it is better that you provide it with your security built in versus them using whatever they find online.
Effective data protection requires that you give up on long meetings and memos. It requires you to communicate and work with every department on a regular basis. It requires you to be a great leader.
