Prime Factors Blog

Leadership Tips for CIOs Needing to Push Security

Posted by Pete Flagella on Feb 23, 2017 10:00:00 AM

Find me on:

CIO_Circle.jpgCIOs are likely seen as the leader of the IT department, as opposed to an executive leader of the entire company. Most IT team members tend to keep to themselves and complete tickets as they arise, but this is a fatal flaw when it comes to the well-being of the company. The CIO has to be as integral to the company's direction as any member of the executive team — especially when it comes to security measures. By taking a passive role, a CIO can cripple a company's security and technology vision. Leadership in this case can't be a show of force, but rather a show of support and passion. It may be the only way to get better security approved and implemented.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption 

The Future is Tech

A CEO may understand what customers are looking for, but the tech department will be the team to turn those dreams into reality. Without fully understanding the demands of effective security, a CEO is almost guaranteed to cut corners. Security represents more than just a lot of effort and time, it also often represents a major monetary investment. When every company is focused solely on being the first one in the marketplace, it makes sense that the number of successful hacks continues to rise. Perhaps a CIO won't understand why and how certain products need to be rolled out in the winter rather than the spring, but they can understand why the rollout might ultimately put the company in danger.

The CIO of Health Care Services Corp, Steve Betts, has a lot to say about the lack of innovation on the part of CIOs. His strong feelings stem from the fact that technology in healthcare has never been as complicated as it is today. Between hackers with their sights set on medical fraud and tightened HIPAA restrictions, his fervor can be understood. Part of the problem is the inability of people to see those in the tech department as creative, and some of it is the tendency for IT teams to stay separate and apart from the rest of the company. By integrating and having more of a role in decision-making though, companies can increase the odds that everyone will be on the same page when it comes to plans moving forward.

Placing Value in Versatility

The CIO can't be expected to be a marketer, a salesman, and a customer service person, but they can be expected to know more about how these departments function. Betts made it a priority to send IT experts to every part of the business from upper management to entry-level employees. Not only does an IT team have to understand what employees are looking for, but also what clients, customers, and vendors want. A customer service employee who is meant to handle a certain number of calls won't appreciate being told via email they'll now have an extra 10 security steps for every call. However, when communication is opened, it can make changes a lot easier to swallow.

When CIOs have a mind for business as well as a mind for technology, they can become the key team member who makes success possible. The architecture of a site, including its security, needs to be discussed in the boardroom as well as in war rooms. The more each department appreciates other department's roles, the more likely it is that both the CIO and the CEO will be able to make more of an impact on employee behavior.

Putting the Human Back in Technology

Improving the efficacy of leadership will always be about being able to handle the human side as well as the mechanical side. Much like integrating with other departments increases understanding, so too will sharing information in person and having more conversations about the state of the business. Unfortunately, most people have a tendency to brush security off in light of more pressing concerns, and it happens at every level. Breaches, much like murders or muggings, often seem abstract until they're not. Beyond just being assertive and smart, a CIO has to know how to persuade people for the benefit and future of the company.

Successful CIOs consistently stress the importance of training and communication, which can only be done right when there's a connection. Security methods like encryption can sound confusing to people, and most have little interest in taking the time to understand the bigger picture. But when the issues can be phrased in such a way that simplifies the threats without minimizing their potential ramifications, then a company stands a much better chance of implementing better practices as the need arises.

A Culture of Security

Ultimately, CIOs need to instill a culture of security through their leadership. This means employees take part in regular training sessions on everything from password protection to file sharing. Security cannot be viewed as just a few random email announcements or seminars, but rather given the importance it deserves. With countless pieces of information lost, there is simply too much evidence to indicate that the amount of attention given to security is nowhere close to where it needs to be.

Whether you're trying to push for better key management, encryption software, or tokenization, it's vital to break it down in terms that everyone can understand. Upper management may be more likely to respond to high fines imposed by PCI DSS regulations. Lower-level employees may need to have privileges taken away if they're unable to follow security practices. Doing this will take time, but the pay-offs will be worth it. Focus on security is a hallmark of companies that last.

Folks in the IT department may be tempted to throw up their hands when it comes to people taking precautions, but doing so will put the company at too much risk. By taking the time to make collaboration the number one goal, the leadership and overall security will follow. Inspiring action is as much trial and error as it is an exercise in people skills.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption.  

Topics: Enterprise Data Protection, encryption, data breach