The mere suggestion that employees should be given greater autonomy on cyber security decision-making would send a shiver down the spine of many C-suite executives. If anything, IT security procedures often revolve around keeping a close eye on employees to ensure they are always doing the right thing. But is such routine micromanaged security truly as effective as it is made out to be?
Micromanaging security is expensive in terms of the time and resources required. Worse still, it does not always deliver the degree of compliance desired. Is it perhaps time enterprises adopted a more trust-based approach?
That doesn’t mean an “anything goes” policy. Rather, it’s about empowering workers to leverage their knowledge, experience, and sense of judgement to make the right security decisions.
Giving your employees more cyber security decision-making leeway requires a fundamental shift from the traditional approach. The new model would be one underpinned by the training and educating of your staff. That will make them bulwarks against cyber security threats.
Increased employee buy-in
By sharing the principles of cyber security with staff and giving them some freedom in every day decision-making, employees will feel a greater sense of personal duty in protecting the organisation’s systems and data.
Preparation for future problems
Every cyber security procedure leaves some room for discretionary decision-making. It’s better to prepare employees with the knowledge and power they need to make such discretionary decisions when they do arise. Don’t leave it to when the incident occurs for them to try and figure out if they should do anything and what it is they should do.
Few things raise a person’s self-belief, motivation, and enthusiasm more than positive affirmation from someone with authority over them. Greater cyber security decision-making autonomy can be a positive for an institution’s overall goals. Of course, there’ll always be instances where an employee wilfully or inadvertently does wrong. Such instances are however not numerous enough to negate the substantial benefits that come with a knowledgeable empowered workforce.