We’ve talked before about how important it is to influence and educate your workforce on cybersecurity best practice in order to support your efforts to make your business better protected, but sometimes you need greater support to get your job done.
It pays to build alliances with other departments across your company such as:
The list goes on.
So how do you build relationships with these different departments in order to make your life easier and get better results?
As a cybersecurity professional, you’re highly knowledgeable in your field and are likely to use a range of specialist terms when communicating with your team. Our case in point – we have a whole glossary just on vulnerability management acronyms! That’s ok, marketing, legal, finance teams will be the same. Every department has its own special “language” and way of communicating.
But to communicate across departments, you need to drop the technical language and present things in terms that others can understand. After all, how can you get someone’s help when they don’t understand what you’re asking for?
As an example, say you want to speak to the finance department about securing budget for a new vulnerability prioritisation platform. You present a case in which you talk about all the processes that’ll be made easier with the tech. The result? Your finance director is lost. Conversely, if you talk about the benefits of this technology in terms of savings in time, headcount and salaries, and demonstrate how over time this far exceeds the cost of the tech, you’re speaking their language. For other methods to secure more budget, read our guide.
Across the board, when it comes to getting people to help you, you have to let them see how they’ll benefit. We’re not suggesting your colleagues are selfish; we’re assuming that they are very busy and have priorities and deadlines of their own that sometimes keep them awake at night. How can you expect them to add your work to their list if there isn’t something they’ll get in return?
Being able to present a case to them that shows clearly how they can benefit is really key. For example, when asking the Finance department for the budget for a certain piece of technology, it would help to explain that it could protect the business against the high risk of a security breach in the next year, avoiding financial damage of millions. Not only that, but it could enable them to negotiate a better renewal price with their cyber insurer.
Issuing demands for help at the last minute won’t help anyone. The more notice you can give, the better.
As an example, let’s look at internal communications, which as we mentioned can be a powerful ally in ensuring that details of new security policies and news of potential breaches can be shared company-wide and taken notice of.
Internal comms doesn’t sit around all day waiting for news to come to them. They will plan their communications weeks and sometimes months in advance. Not only that, but each of their announcements or campaigns will involve copywriting, design, approvals and coordination across channels. Therefore, if you want their help in communicating a message, you’ll need to get in early. Think weeks before it should be announced, if you can.
Even if there’s a breach and you need actions to be shared company-wide immediately, there are steps you can take ahead of time that the Internal Communications team will appreciate. For example, can a template article be created in advance and then you fill in the gaps with the specifics as and when an incident occurs? You could also agree in advance who in the Internal Communications team should be notified and set a policy that such news always takes top spot on the intranet.
By working with them in advance, you give them the opportunity to put their incredible skills and creativity to use, taking your news from dull and technical to something that the company is desperate to read every word of.
In our Internal Communications example above, notice is important but so is giving your time and plenty of information.
Be prepared to make yourself available for meetings and follow up calls to discuss a story further, provide additional information and to sign off what has been prepared. This is important as you want to ensure that the message isn’t miscommunicated and has the biggest impact possible.
Being open and available can also help your reputation. Should a breach happen, the impact could be disastrous and people might be looking for someone to blame. To have invested time beforehand demonstrating to the Board how you’re working to protect the company, and working with HR and Internal Comms to communicate cybersecurity measures will help this.
On the subject of HR, when protecting your business, it’s vital that your workforce is adequately trained in cybersecurity best practice. The quality and depth of training courses vary wildly so it would be beneficial to you and HR if you are involved in the decision making process of which training provider to go with. Make yourself available for planning meetings, to review their training course suggestions constructively and to present your own. This way you can be sure that the workforce receives the training they need.
A lot of benefits can come from working more closely and collaboratively with other departments. Make the effort, invest your time and help, and communicate in a way they’ll understand and you’ll have powerful allies in no time.
By using RankedRight, teams save hours each day on manual triage, enabling them to get to critical remediation more quickly. You simply create users and assign them rules. Here's how it works.
Find out how to effectively set the service level agreement (SLA) for vulnerability management activities. Learn about the steps that are involved when setting levels of assurance and why these metrics matter.
While some risks can be mitigated with the right precautions, others are simply impossible to avoid. That is where risk acceptance comes in and RankedRight can help.
Are your vulnerability management services as good as you think they are? Try our checklist to find out.
Give your business the opportunity to engage with clients all year round by adding vulnerability management to your portfolio.