Call To Action-Include Change Management
We are at war as criminals attack organizations to get people’s information. Reform is needed in the way we defend ourselves and our organizations. The call for action to change is all around us and our response has been slow. Low user adoption, which is among the leading causes of security weaknesses, can help. Change Management is about increasing adoption, while decreasing resistance.
Currently, the cybersecurity conversation is primarily about controls and standards. It is seen as an “IT issue”. What if we shift our thinking to addressing users’ roles in cybersecurity? Organizations are made up of people who can help defend themselves, and the organizations they represent. This is where change management can help. Change Management’s goal is getting people to embrace and adopting a specific change to how they work.
Upside of Organizational Change Management (OCM) with Cybersecurity firms:
- Reduces the risk of a cyberattack, which can:
- Be a significant cost savings to restore systems
- Protect confidential information, reducing privacy complaints in data breach lawsuits, especially for children
- Protect the organization’s name and brand reputation
- Ensure no downtime due to infected systems, impacting productivity
- Provide a faster recovery and reduced impact when a breach occurs
- Decrease moral
- Increase engagement across the organization
- Provides a culture of “change-able” vs. a “change resistant” culture
Downside of Organizational Change Management (OCM) with Cybersecurity firms:
- Additional cost and effort to focus on changing people’s behavior:
- Organizations that are risk adverse may require more time, funding and non-monetary resources to increase change adaptability
- Organizations going through multiple change initiatives might be experiencing change saturation, which make change management more complicated
How Change Management Techniques Defend Against Cyberattacks
Change Management is a collection of behavior, business and psychology applications. Change Managers are often Change Management certified and come from various backgrounds. At a high level, a change manager will follow these 3 phases:
- Assessment of Current State:
- Goals (i.e., clear and measurable goals of the end state identified)
- Organization (i.e., the organization’s flexibility to change, engagement level to succeed, )
- Senior Level Support (i.e., willingness to communicate to organization and get direct feedback from all levels of the organization, ability to inspire and only using fear/pain as a last resort, etc.)
- Time (i.e., amount of time allotted for change, Change Management brought in from the start, etc.)
- Number of people affected
- Design and Implementation of Change Management Plans & Activities
- Resistance Management Plans
- Sponsor Activities Plan
- Communication Plans
- Mid Management Engagement Plans
- Training Plans
- Incorporation of Change Management with Project Team
- Change Management Reinforcement
- Assess change results vs. goals
- Celebrate Successes
- Lessons Learned & Resulting Actions Communicated
How People Can Prevent Cyberattacks
Here are a number of commonly known ways to prevent cybercrime:
- Use Strong Passwords
- Colorado Department of Transportation was hacked by hackers finding an open virtual server and guessing administrator passwords. The incident, which occurred in 2019, cost about $1.5 million to undo the damage.
- Most people use passwords that are based on personal information and are easy to remember. This makes it easier for attackers to guess or crack passwords
- Lastpass, a free app password manager, creates unique random passwords for you. For a fee, there are other password managers like Dashlane and 1Password.
- Recognize Phishing
- Often come by email or text from a company you recognize
- There is a story (your account is on hold)
- Invitation to click on a link
- Update your security software
- While it’s tempting to click on “remind me later”. Don’t do it. Those updates could include security flaws. Not only you are impacted. You could spread the infection to family, friends and business associates.
- Equifax was hacked because they didn’t install a patch that came out 2 months before. As a result, 143 million people had their personal data exposed.
- Avoid USB keys
- Hackers can infect USB keys at conferences, or people can share their flash drives from infected machines
- Use Closed Wireless Networks
- Hackers got into TJ Maxx’s system and stole 45.7 million credit and debit cards
We can do a better job of fighting this war. With cybercrime damage costs predicted to hit $6 trillion annually by 2021, we need to think differently. We can answer the call to action by including Change Management in our efforts to defend cyberattacks.