Why Security Needs to Be a Standard Part of Change Management


Alex Bigland Business change, Technology, Blog...

You don’t broadcast your pin number when you get a new credit card or make your passwords visible online when you get a new device. As individuals, we are conditioned to ramp up security during periods of change. We know that change – that brief moment of flux, that hiatus from the status quo – can make us vulnerable to attack. We understand that unseen hackers, lurking in the cyber gloom, are waiting to steal our personal information.

If individual cyber security is almost second nature to us, why then do we not operate the same degree of caution when a company is changing? After all, international collaboration exists to bring down sophisticated cyber terrorists and domestic collaboration advances streamlined security practices between businesses. But why is there no buzzword to denote company collaboration? Why is it that, when it comes to cyber risk at an internal level, manycompanies drop the ball?

The reason, of course, is that they become so focused on driving change that they neglect little security safeguards along the way. Thinking only in traditional milestones and timescales, it’s easy to become blinkered to any potential setbacks.

But cyber security should not be ignored. Just as businesses are constantly evolving, cyber-attackers are becoming more agile and reactive in their approach.

A whopping half of UK businesses were hit by security attacks in 2016. Yours could be next. Unless you take the appropriate measures.

How to make security management part of change management:

  1. Listen to your security team

“Security teams are often marginalised as they are seen as ‘trouble-makers’, when in reality they are business enablers helping create secure environments and improve asset protection,” writes Mike Gillespie. It’s important that all stakeholders recognise the importance of listening to the security team and involving them at each stage of the process.

  1. Build in security as you go

Simply tagging on a security system after implementing a new network or software, it is like closing the stable door after the horse has bolted. You have already made your company vulnerable to threats by not protecting it from the outset.

  1. Send legacy platforms safely to the graveyard

Your software may have undergone vast improvements but that doesn’t mean you can simply forget about the system you had before. Dispose of everything carefully, insuring all potentially damaging data is destroyed.

  1. Do due diligence with security procedures

It is not just the security team that needs to be familiar with the risks of cyber-attacks. Ensure that all members of staff are properly trained on the matter. They should be able to recognise potential risks – helping to minimise breaches.

For more on the intricacies of change and change management, talk to Venquis.