Death to the Department of No
Have you heard of the Department of No?
Depending on where you’ve worked, your company probably had a Department of No.
What is the Department of No?
It’s the Cybersecurity Department.
When cybersecurity says ‘NO’ to anything and everything the business wants, they quickly get a reputation, and become known as the Department of No. The business wants to do things faster and easier. Cybersecurity wants to eliminate risk and be secure. Often these two agendas go head-to-head, and it ends with frustration.
What’s the risk of always saying no?
- People stop asking
- Cybersecurity loses the opportunity to help the business reduce risk
- A culture of ‘us’ versus ‘them’ builds
What’s that saying? Where there’s a will, there’s a way. Truer words have never been spoken when it comes to the Department of No and employees. I saw it all the time when I worked in Data Loss Prevention at GE. Employees need to get their work done, interact with customers, and collaborate with vendors. If there’s not an approved solution to get the job done, then employees become very resourceful and do whatever they need to do to get the job done.
Why are employees breaking the rules?
- They’re unaware of approved solutions
- The approved solutions are too complicated
- They’re afraid of losing data
- They had to share information outside of the organization
- They were in a hurry
How can your cybersecurity department shake that reputation for being the Department of No?
- Ask ‘How can we do this securely?’ and then find and implement the answers.
- Leverage your cybersecurity awareness program to reach the employees, executives, and the board.
- Woo the business.
Stay tuned, and in the coming weeks I’ll share tips on how to kill your Department of No.
Are you ready to leverage your cybersecurity awareness program to kill your reputation of always saying no? Then let's chat. Book a complimentary discovery session today to get started.