An office memo that tosses around terms like “DRM,” “botnet,” “FTP,” “spear phishing” and “worm” could be a quick, easy read for the head of the IT department.
But for everyone else in the organization, it may be one big mass of confusion. And with that bewilderment comes potential danger.
There’s a serious gap in communication skills between cybersecurity pros and their general audiences, and it’s essential for the people on the IT side to bridge it. Increasingly complex security threats demand that cybersecurity professionals use plain language when they are communicating with those less familiar with tech talk. Otherwise, an organization could be vulnerable to hackers even if the staff had been warned about what to look for, simply because the employees didn’t understand the language behind the warning.
After all, cyber threats aren’t just a technology problem — they are a people problem. People are the weakest link in computer security, and many companies don’t promote a company philosophy of “computer security is everybody’s business.”
The following are a few ways to improve communication between those in charge of cybersecurity and everyone else in the organization:
Incorporate this need into the hiring process. When hiring new staff for the IT and cybersecurity team, it’s important to look for experts who have not only tech skills but also the skills necessary to comfortably interact socially and clearly communicate in lay terms with all the stakeholders in the organization.
Focus on training. Cybersecurity teams can be trained to become solution designers who can connect the dots. They can then capture, clarify and address all stakeholders’ concerns, helping them determine and keep their goals aligned. Such cybersecurity pros enable success by listening to everyone involved before sharing their own viewpoints.
Realize this is an ongoing process. It’s important to ensure that the improved communication is sustained over the long haul, and people don’t revert to old ways down the road. Businesses will want to monitor the situation so they can quickly spot and head off any problems. They can create a feedback loop so the employees are encouraged to let the business’s management know how things are working.
Data breaches, data ransom plots and email hacks intimidate us all. Cybersecurity teams, themselves, feel hard-pressed enough to prepare themselves for the onslaught of these gremlins, let alone to accomplish the challenging task of communicating to stakeholders about how to mitigate and deal with cybersecurity risks.
But for organizations to keep their information and systems safe, that communication needs to be done, and in a way everyone can understand.
J. Eduardo Campos is co-author with his wife, Erica, of From Problem Solving to Solution Design: Turning Ideas into Actions; owner of consulting firm Embedded Knowledge Inc., which works with organizations and entrepreneurs developing customized business strategies and forming partnerships focused on designing creative solutions to complex problems; and whose experience includes 13 years at Microsoft, first as a cybersecurity advisor, then leading innovative projects at the highest levels of government in the U.S. and abroad.