Security teams are vital to any company’s safety and efficiency. Not only do they keep important data secure but, through doing so, they prevent serious hacks and breaches from occurring that can result in severe financial losses and reputation damage. 

Their job isn’t easy, either. Security teams need to constantly keep up with the “arms race” with hackers, staying abreast of new hacking trends, techniques, and technologies. They need to monitor vast amounts of data and, often, thousands of users and applications. 

Most of the burden on security teams is unavoidable and dictated by the work needed to deal with external and internal threat exposures. They have little to no control over that. But there’s an added stressor that can readily be reduced – the friction that often exists between employees and their security teams.

There are numerous facets to the issue, and many reasons (whether valid or not) that employees may not “like” security teams. 

One of the main reasons employees do not like security teams is that they often view them as an obstacle to their productivity. Security teams are seen as being too restrictive and preventing employees from getting their work done. This can create a culture of resentment towards security teams, making it more difficult to implement strong security measures.

Employees may also end up feeling paranoid about their security teams, largely due to pressure they might feel to complete security training and pass tests, or because they are worried about phish testing. The statistics support some of this anxiety: each year, 25% of employees who made cybersecurity mistakes in 2021 were indeed terminated. 

It takes two to tango, though. Security teams themselves can become frustrated with employees if they continuously see the same simple mistakes being made, or data being leaked, or phish testing being failed. It’s easy for them to start thinking that employee security issues just make their job harder.

So, what are some solutions? 

 

• CISO Prioritization of Security Team – Employee Relations

For one, CISOs can leverage their expertise, wisdom, and power to help bridge the gap. It’s a task that should be prioritized for them.

A study by Wolf Security, in collaboration with HP, elaborates: “CISOs have been increasingly successful in driving cybersecurity higher up the boardroom agenda, emphasizing the need to include it in every aspect of corporate strategy. They now need to partner with all areas of their business to embed security into the organization’s DNA.” 

Cybersecurity teams need open lines of communications with employees. Clear, compelling communication is key. Simple adjustments such as providing the rationale behind a security decision can dramatically change how they are received. 

To build these bridges, CISOs need to take advantage of their management and communication skills, and rely on skilled managers, to promote cybersecurity and its virtues to all employees.

 

• Threat Awareness

Additionally, organizations can shift their security training away from traditional models of rote learning and testing to a more effective method: threat awareness. Threat awareness programs focus on educating employees about the specific threats and risks they may face. This personalized approach to cybersecurity can help employees understand the importance of strong security measures.

A threat awareness platform (such as HackNotice) notifies employees about active PII and security threats that affect them, lets them review their own personal risk-levels, and gives them the power to protect themselves. Instead of a one-time course and test, threat awareness instills ongoing security habits in employees and cultivates a solid security culture within organizations. By becoming actively, meaningfully involved in the security process, employees become allied with their security teams and help perpetuate good security culture in their company.

Employees’ negative perception of security teams can have a significant impact on the security culture of a company. To bridge the gap between employees and security teams, CISOs need to devote extra time and effort to helping reduce friction via good communication and effective policies. And by providing employees with personal threat intelligence via threat awareness platforms (such as HackNotice), organizations can help build a strong security culture. Both these measures have one goal: to create a culture of collaboration and teamwork, making it easier to implement strong security measures.

 

References:

1.  Segal, Edward. “25% Of Workers Lost Their Jobs In The Past 12 Months After Making Cybersecurity Mistakes: Report.” Forbes, March 29, 2022. https://www.forbes.com/sites/edwardsegal/2022/03/29/25-of-workers-lost-their-jobs-in-the-past-12-months-after-making-cybersecurity-mistakes-report/.
2.  HP Wolf Security. “Rebellions and Rejections Report.” HP Development Company, 2021. https://press.hp.com/content/dam/sites/garage-press/press/press-kits/2021/hp-wolf-security-rebellions-and-rejections/hp-wolf-security-report-rr-final.pdf.