Tech research giant, Gartner, has outlined a new approach to building awareness for good data security hygiene standards within business enterprises. Gartner argues that as companies expand, as cultural diversity increases and as business becomes more and more virtual and global, there is a need to help champion security through the deployment of “people power”.
Gartner believes this can help balance the constant struggle faced by IT bosses by promoting a “culture that is security-aware”. This can be achieved at near zero-cost by building a network of volunteers within the organisation who will go out and spread good practice within the wider workforce.
Gartner’s four step plan includes:
- “Make clear connections between the security champion program and business objectives to get executive support for the program. Resist using the “My program is the most critical investment you will make” approach. Rather, security leaders will have a much more persuadable audience if their program is a cornerstone of any effort intended to achieve business objectives.
- Build a network of champions that is inclusive of all roles and geographies across the enterprise. The right mix of representatives will come through manager nomination and volunteering. It is important to identify employees who have a solid understanding of how their respective communities work, and have the influence to be heard and drive change.
- Present the role of a champion as a developmental opportunity and integrate it into performance development plans. The champions should have a way to assess their performance, the contributions they are making to the team and the impact they are having on their community. Build in a recognition and reward system to drive interest and output.
- Allow champions to take creative liberties with the content to better suit their audiences. Package all materials into toolkits for consistency across the enterprise, but allow champions to tailor the content and the execution in their local markets.