People #11: How you encourage others to adhere to the security policies
Tip of the day!
Be a hero, not a zero.
When people see you as an example, an inspiring leader who is empathetic and talks their language, you are more likely to drive them towards following cybersecurity rules. You can set the standard and encourage them to support it.
Theme of the day
As professionals, we have high standards regarding business and personal ethics; we adhere to enforced security policies, and obviously, follow applicable procedures and guidelines regarding secure (tele-)working.
Within this context, how can YOU be our inspiring teleworking hero providing discipline or coaching to others?
This blog is about what you, manager or not, should be drawing attention to when other people insufficiently comply with applicable security measures.
In my opinion, the first thing you have to do is to inspire others by playing a game great business people play. It is the game of ‘How you express positive feelings and affinity toward others and, at the same time, insist on following enforced (security) rules.’
If you play this game according to the rules, then you will have a considerable impact. Others will experience you as inspiring, committed to, and responsible.
The rules are:
- Express positive feelings and affinity towards others;
- Insist upon enforced security rules being followed. Read also my previous blog in which I touch relevance and performance barriers.
Let me summarize it as follows: If you have a strong tendency to enforce necessary rules with full commitment, you rarely behave permissively or harshly. Behavior that makes you from a leadership point of view our HERO in driving others towards living by enforced security policies. Isn’t that nice?
Do you remember our previous case? You need to solve a security breach in a web application.
AppSec requirements are also good examples of security rules like security policies are. Applying these rules on the software code of our web application will solve, in many cases, the breach. Software developers may pay particular attention to functionality. However, building secure code is not always their cup of tea. It is your responsibility to delegate the job to someone who has the right skills, experience, and who is motivated to work within this AppSec frame-of-mind.
The following processes and questions will help you to become more self-aware about your tendencies and potential to develop. Playing the game in the correct way results in recognition by others and personal satisfaction. The more aware you are about your tendencies regarding the rules of this game, the better you are in inspiring and driving other people, and the higher your enjoyment.
Am I harsh or permissive? Or am I in balance regarding driving others to enforce cybersecurity rules?
- “In general, are you rather ‘harsh’ when you have to motivate other people?” Yes/No
If you are harsh, then you tend to enforce rules without sufficient emphasis on building rapport or being empathetic.
- “Are you rather ‘permissive’?” Yes/No
If you are permissive, then you tend to be warm and empathetic without sufficiently enforcing rules or holding others accountable.
- “Do you enforce necessary (security) rules with full commitment?” Yes/No
If this situation applies to you, then you are entirely in balance regarding driving and motivating other people. Isn’t that nice!
TWO PROCESSES that will help you enforce (cybersecurity) rules to others.
Process_1: Reflect on past enforcing experiences
Step1 – “What has been your experience when it comes to others enforcing rules on you?”
Step2 – “What has been your experience when it comes to enforcing rules on others?”
Step3 – “In what ways have you been too permissive when enforcing rules?”
“In what ways have you neglected enforcing rules?”
“In what ways have you been too soft when enforcing the rules?”
“In what ways have you neglected to confront poor performance of colleagues?”
“How has trying to please others or trying to avoid upsetting others affected your rule enforcement?”
“In what ways have you communicated too evasively when enforcing the rules?”
Step4 – “In what ways have you been too aggressive when enforcing rules?”
“In what ways have you been too strict when enforcing the rules?”
“In what situations have you become angry or resentful when enforcing the rules?”
Step5– “What could you have done to be more effective when enforcing rules?”
“How could you deal more effectively with colleagues who perform poorly?”
“How could you explore any rule breach in a more neutral manner?
“How could you document any rule breach more effectively?”
Process_2: Enforcing a rule in a current circumstance. In our case ‘the security breach in the web application.’
Step1 – “What do you need to enforce in these current circumstances?”
Step2– “What specifically do you want the person to do?”
Step3– “What is the purpose of the rule that has to be imposed or what is the necessity of the performance that is required?”
Step4– “What disciplinary action is required?”
Step5 – “Discuss the breach or poor performance directly with the person.”
My next blog post is about a crucial interpersonal question. “How do you manage directness and tactfulness when communicating with others?”
We make the bridge toward the third step of our simplified project management methodology. And that is implementation.
Share the post