Cyber security is becoming more relevant every day, but what's being done to inform and educate an organization's first line of defense...the staff. Change Management is imperative when expecting staff to take precautions in keeping the organization safe.
Consider how you – a leader - in technology were exposed to the need for cyber security. It’s likely an awareness campaign drove your desire to invest in cyber security solutions, from there you probably attended a webinar, researched the topic or shadowed an expert to help build knowledge to successfully implement a solution. As an IT leader you are likely continuing to stay abreast of security risks by subscribing to blogs or other services to ensure you have current information at your fingertips. This ongoing learning is the last phase of any change management strategy, reinforcing the change by continually evolving the knowledge and skills necessary to avoid cyber security attacks.
Exposing staff to security initiatives is no different. We must consider our staff, the first line of defense in protecting personal and confidential information within our organization. This will require staff to change their behavior and even how they work in some cases. If you’ve been following our blog, you’ll know that any change requiring people to change a behavior or the way they work requires change management strategy planning and execution.
Take phishing or ransomware, for example. If my objective is for staff to avoid malicious attempts to capture information or hold it hostage…they must work differently with a heightened level of awareness. Curious about how will we get them to work differently? It’s simple when outlined in a planned change management strategy. I’ve outlined an easy-to-follow change management strategy below as an example:
While the above is the foundation of a strong change management program, further risk analysis is required at each juncture, to plan a strategy that will achieve your objectives at every level within your organization.