While the world has opened its eyes to the dangers of hacking, leaks and cyber-terrorism, it remains mostly blind to the threat posed by everyday office technology. Despite budgets growing, it’s clear that not enough investment is going into endpoint protection.
To solve this problem, IT managers need to lobby their company’s leadership to redirect cybersecurity spending into endpoint security. Of course, it’s not always easy to change an executive’s mind. So, here are five tricks I recommend for getting through to company leadership:
Learn Their Language
Only 23 percent of CIOs are considered trusted allies by the CEOs who employ them, according to the Gartner 2016 CIO Agenda. One reason for this may be that many technologists lean toward discussions about malware and specific threats when they should be talking operational efficiencies and revenues.
Security professionals must be able to translate technical risk into business-speak. Quantify the benefits of endpoint devices with built-in security. Explain how such investments might better protect company and customer assets while offering greater return-on-investment (ROI) than other endpoint security products.
To successfully evangelize the need for more secure devices, reframe the conversation in terms senior leaders will understand and appreciate. Yes, it’s about risk and technology, but speak their language.
Make the Issue Real
In addition to explaining the need, it’s important to illustrate and make it tangible for business leaders.
For example, telling the C-suite that printers are easy targets for hackers because they’re all network connected and store sensitive data in their hard drives is all well and good. The conversation becomes more real when accompanied by real-world illustrations, such as describing how any sensitive document sent to an unsecured printer could be hijacked in transit. Alternatively there is the ease at which a hacker could springboard from the printer to another unsecured area of an enterprise’s network to wreak havoc.
Every professional knows the value of clearly outlined issues and recommended solutions, but success also depends on highlighting the likelihood of a data breach to C-Suite execs if they take end point security too lightly.
Prioritize Your Asks
Going into any meeting with senior leadership, it’s critical to fully comprehend what’s most important to the business - and to align all recommendations tied to their objectives, as well as their vulnerabilities.
Stack-rank recommendations according to what’s truly urgent for the near-term. Determine which systems warrant the most attention right now, and where most of the risk lies within the organization. Risk doesn’t tend to be uniformly dispersed across an enterprise.
For example, one or two company departments might operate just 20 percent of all imaging devices but account for more than 70% of all print jobs. If these printers are inadequately secured, it’s clear they are a major potential risk and should top the list for fortification or replacement. Always be prepared to advise senior leadership on where you think security priorities lie – and why.
Don’t Go It Alone
Security is no longer just an IT concern; risk affects every nook and cranny of the organization. That’s why it is important to build cross-functional alliances to press the need for securely designed end user devices.
You might start by engaging someone from the legal team to help describe the potential damage that would result from a data breach. Maybe enlist someone from human resources who is concerned about employee privacy regulations. Or think about teaming with sales leads who might care about go-to-market plans being stolen and winding up in competitor hands.
Strategically coming into a C-Suite meeting as a united front will be much more powerful and effective than going it alone. It will also help top execs see how multi-faceted the device security issue has become, elevating its significance in their minds.
Take the Long View
Every IT professional knows security is a journey, not a destination. Surprisingly, many forget that when lobbying the C-Suite for new security systems. So, always take the long view. Recognize nobody gets everything they want or feel they need in the first few engagements. So, map out where the security strategy needs to go incrementally.
Through thoughtful and prolonged engagement with senior leadership, it’s possible to inspire a corporate culture that understands security and views security pros as valuable strategic advisors.
Deploying protected end user devices, such as mobile phones, PCs and printers, should be a core part of any security strategy. By using these five methods of engaging with C-suite execs, security pros can more effectively explain and advocate the need to invest while leading the business toward a safer future.