How to talk to stakeholders about security

Jun 11th, 2014 / Category: Managed File Transfer

The Target breach and a string of other high-profile data exposure incidents brought the importance of digital security to the forefront of the national consciousness. Although discussions continue to unfold over whether the next phase of payment security should include different types of cards or how passwords could be re-imagined, it's important not to lose sight of the more immediate lessons. Every organization, large and small, is vulnerable to cyberattacks— particularly as enterprises become more digitized and cybercriminals more sophisticated.

Sometimes, IT teams struggle to implement a robust security solution in their organizations due to limited support from key stakeholders. Here are a few tips for having fruitful conversations about security with decision-makers:

  1. Explain what's at stake. At the forefront of an executive's mind is usually the bottom line. Even concerns such as customer trust and public relations can ultimately tie back to profits, and leaders care about all of these aspects. Arm yourself with some data that points to the frequency at which organizations experience breaches as well as the average price tag, such as the Ponemon Institute's findings that data breaches cost a average of $3.5 million, as InformationWeek reported. For smaller organizations, it can help to drive home that these events don't just afflict enterprises like Target—anyone can be affected.
  2. Note BYOD and mobile concerns. Even if companies aren't having their workers utilize personal devices in the office, many employees access corporate data and tools remotely. A less centralized IT infrastructure can introduce additional vulnerabilities, so to get stakeholders on board with the appropriate secure file sharing tools, IT should explain the way mobile devices are being used and how they can wear down security safeguards. 
  3. Identify important technological support. Come prepared with options and recommended solutions for bolstering network security. This could include the need to establish a BYOD policy, implement appropriate software, and architect the system according to industry recommendations. Stakeholders are usually aware of the regulatory guidelines they need to follow, so explaining how managed file transfer can support PCI compliance, for example, would be of interest.
  4. Emphasize the role of best-practice policies and training. Technology forms a strong foundation for security, but user behavior is the other side of the coin. Point to the high percentage of incidents that are caused by human error or negligence and suggest a training program that teaches workers to adhere to best practices.