Building a Culture of Security
Get Organizational Buy-In
Part of a successful security culture is also ensuring buy-in across your organization to your security plan. Critically this must include strong, vocal support and guidance from organizational leaders who will, in many cases, be the ones making the final decision to allocate time, resources, and energy towards developing and implementing an effective security plan. If they do not take it seriously, no one else will. To achieve this buy-in across the organization, think carefully about when and how to introduce your plan, do so in a clear manner, make sure leadership reinforces the messages, and walk everyone through all the elements and steps of the plan so that there is no mystery or confusion about what you are trying to achieve. When talking about security, avoid scare tactics. Sometimes the threats that your organization and staff face can be scary, but try to focus on sharing facts and creating a calm space for questions and concerns. Making the dangers seem too threatening can cause people to dismiss you as sensationalist or simply give up, thinking nothing they do matters – and nothing could be further from the truth.