A Virtru Guide to Cultivating Security-Conscious Teams
We've all made mistakes. That's just part of being a human on planet Earth.
And, whether you're a CISO or an intern, you've also made mistakes when it comes to security—whether that’s accidentally hitting “Reply All” (so embarrassing), mistakenly sending a report to Sarah in sales instead of Sarah in human resources (oops), absentmindedly clicking on a questionable link (oh no), or quickly forwarding an email that turned out to contain sensitive information farther down the thread (oh NO).
So, what's a mere mortal to do when entrusted with vitally important information?
Don't panic: For all our flaws, humans can also make pretty great decisions IF we're empowered with the information and tools we need to do so.
Whether it’s an HR team onboarding a new employee,
A healthcare provider sharing test results with a patient,
An insurance agent managing a claim,
A special education teacher sharing a student’s individualized education plan with a parent,
Or sharing any other kind of potentially sensitive information,
It’s important that every team is empowered to do their jobs well, and that includes the ability to share data securely and confidently.
When you think about it, cybersecurity is ultimately about people. Yes, technology plays a big role — but, at best, your tech is your Best Supporting Actor. Without the star of the show (that's you and your teams), things would be pretty boring.
But you and your team, working valiantly day in and day out to quash cyber attacks and mitigate risk? The brave heroes mightily protecting your customers' privacy and security? You're the Meryl Streep of this performance.
But, before you start writing your Oscars acceptance speech, you need to get buy-in from your entire cast and crew. To get people invested in security, lead with positivity and enthusiasm for the important work you do. Don't just tell people what to do: Show them why they should care, and what’s in it for them. Get them involved in the story.
Have you ever watched someone in a niche field speak passionately about their subject matter? It doesn’t matter what the topic is: marine biology, Kubernetes, tomato gardening, or their favorite band. When the speaker is visibly engaged and excited about the topic, it’s compelling to listeners, regardless of how much knowledge those listeners have on the subject.
This is the power you wield as a security leader. If storytelling isn’t your forte, start by just sharing what you know in a positive way. Explain to employees how quickly the security landscape is evolving—both in the workplace as well as personal contexts. Talk about data privacy and emerging technology. Show them what kinds of threats you and your team have mitigated. Demonstrate the real-world impact your team have, whether it's reporting a phishing attempt, encrypting a student's health record, or protecting a client's private information against compromise.
Ultimately, strong security leads to more confidence and more freedom. Regardless of your role in a company, that’s something to get excited about.
“Culture change is tough,” said Leroy Cunningham, Information Security Manager at CMI. “And people are used to doing things the way they’ve always done it. We try to create an educational shift, so if there’s anything that allows me to empower employees, and at the same time educate them, it’s win-win.”
Cunningham’s team uses Virtru’s configurable Data Loss Prevention (DLP) rules to encrypt some types of data by default—such as credit card information—but for some categories, Cunningham prefers to issue a warning, using that as a teaching moment.
“While Virtru provides us with a safety net, we also like the idea of being able to educate our users at the same time. So, instead of automatically encrypting something sensitive, we can let the users know and advise them to encrypt it. That way, there’s always a learning process in place.
"I think that’s key: keeping security top of mind and not creating complacency. It just reaffirms that thought process and, over time, it becomes second nature to them… These aren’t things that I can just teach them, it has to be something they can see and touch for themselves.”
If you want to engage your teams around security, you need to give them the tools they need to succeed.
That means simple tools that don't interfere with their ability to get their jobs done.
With Virtru, you can deploy human-friendly cybersecurity that:
We'd love to talk security with you and explore ways to help empower your teams to share information quickly, easily, and securely.