Imagine a workplace in which all of the staff support the function of information security. Employees report suspicious events, are committed to data privacy and see the value in completing the regularly scheduled compliance trainings. How much easier life would be for security professionals!

Naturally, it’s hard for people to get behind something that feels foreign or is shrouded in mystery. Much to the vexation of security professionals, skepticism is a common response to the information security function within business.

What problem does managing the internal skepticism to information security solve? Security is a critical element of any successful twenty-first century business. Shifting mindsets to supporting this arm makes the organization more likely to achieve its strategic objectives.

Fortunately, effective communication is often the only strategy required to begin transforming skepticism into support.


Due to the constant firefighting nature of the security field, information security professionals can often be quick to dismiss reports from staff that appear benign on the surface.

Even if an employee reports a false positive, it is our responsibility as professionals to take all incident reports seriously. We will contribute to the culture of distrust and skepticism if we take lightly or ignore the concerns that staff bring to us.

Security teams need to be as approachable as possible. A concrete way to do this is to implement an open-door policy and encourage all security staff to do the same. Make sure that all employees know where to find you and welcome them to visit and contact you directly with any suggestions or concerns. Princeton University recently reported to Secureworld that they implemented an open-door policy to allow for better communication among internal teams and the cybersecurity arm of the school and how it saw tremendous success.

Foster Goodwill Among Teams

It is no secret (Read more...)