Back to blog

Your Security is Only as Good as Your Employee Buy-In

3 minute read

When it comes to security, the measure of excellence doesn’t stop at having the latest and greatest solutions at your fingertips – instead, organisations need to look to their employee buy-in to ensure the security success that sticks.

With the recent boom in both remote working and evolving cyber threats, securing organisations has never been more important. Suddenly, there’s more data at stake, more employee devices to watch over, and more to the security strategy than simply investing in the right tools.

Instead, organisations are having to go one step further to ensure security practices are as effective as possible – and that step is cementing employee buy-in. But why is it so important, and how can it make the difference between a locked-down perimeter and open season for hackers?

People Are the Solution

Instinctively, in our digital world, we look to people as the ‘weak link’ in cybersecurity – for good reason, of course. Verizon’s Data Breach Investigations Report examined 80,000 incidents from 2020 and found that 85% of those incidents featured some human element.

But while employees sharing logins and making malicious mistakes are all reasons to be nervous, it’s surprisingly easy – and far more productive – to re-frame people as the solution. That’s because they’re the individuals attackers are going after, and they’re the ones using (or not using) the security tools on a daily basis.

By securing their buy-in – that is to say, encouraging employees to engage with the security conversation and do their bit to protect the perimeter – an organisation can ensure their investment in security isn’t wasted, and that future strategies are a success.

What Does Buy-In Look Like?

We know it’s important because people are on the frontline of protecting a business, and that their disinterest can make or break the security perimeter, but do we know what buy-in actually looks like? When can we be sure that we have our people on side, and that we’re all moving in the same direction?

While employee buy-in will look different from person-to-person, there are a few tell-tale signs you can still measure against:

  • Are employees participating in cybersecurity training?
  • Do they apply their knowledge to their day-to-day job?
  • Are newly adopted security solutions being utilised across the organisation?
  • How many third-party apps still count as Shadow IT?

There’s a strong possibility that you may struggle to monitor the responses to one or two of these questions without the likes of the Surveil platform or an honest one-to-one discussion with each member of staff. They are, however, useful starting points for determining who’s in and who’s out.

How Do We Secure Buy-In?

We knew this question would arrive eventually, and its answer varies the most. Successfully securing employee buy-in will vary from organisation to organisation, though once again there are a few fundamentals to follow:

Engage with employees through cybersecurity training, as well as clear communication between IT and other departments around the security efforts being introduced, why they’re important, and what employees are expected to do.

Lead by example with line managers visibly using the security options on offer, while also able to answer employee questions around Shadow IT and device protection.

Develop a clearer understanding of your security estate through the Surveil platform, monitoring adoption and usage of measures such as multi-factor authentication (MFA) and device management to highlight areas of potential improvement and further training.

From here, it’s possible to further tailor the buy-in experience to resonate with your individual teams, aligning your approach to security with the organisation’s values. Suffice to say, it’s an exercise that will be worth it in the end.

A United Front

However you approach your organisation’s security, it’s crucial that people are included along for the ride, every step of the way.

Being realists, we know that it won’t be 100% buy-in, 100% of the time, but by properly monitoring and managing usage, adoption, and engagement, you’ll be in a better position to secure your organisation – all behind a united front.

Want to know more about how Surveil can help to monitor your security uptake and support employee buy-in? Get in touch for a discovery call and let’s set you up with a tailored demo.

Related articles