New Guardians of Cyber Security: Unleashing the Power of Security Champions

Written by Keith Batterham

In the digital age, cyber security is more than just a technical matter; it is a vital concern for your business and your people. Your organisation’s success and survival depend on how well you safeguard your data, systems, and networks from cyber threats. However, robust cyber security is not easy or simple; it is a constantly changing and growing challenge that requires your attention and action.

How can you defend your organisation from cyber attacks, while still delivering value and quality to your customers? Well, nobody knows your business, products, data, processes, and clients better than the people within your own organisation – tapping into their passion for the business can really help in fortifying your cyber security.

Here’s your free Secure Configuration Framework for Microsoft Office 365

The secret weapon for solid security

A great way to enhance security posture is to bring people together that have an interest in providing products or services that are safe and secure to use. Ideally, they’ll come from different backgrounds and roles within your organisation, often without formal cyber security experience, but who are curious to learn more and able to highlight where they see potential security issues. We call these ‘security champions’ – the reason is in the term; they are championing good security practices!

As ambassadors of security in their teams and across the company, these security champions advocate awareness, education, and best practices through:

1. Nurturing a security mindset by making security relevant, engaging, and rewarding

• • Bridging the gap between security and other teams, by translating security needs and priorities in a clear and understandable way.
  • Creating a positive and collaborative security environment, by celebrating security wins, recognising security efforts, and providing constructive feedback.

    

2. Improving your company’s security posture through spotting and solving security problems in their teams and projects.

Examples include:

• Identifying where security controls, such as encryption, authentication, or input validation are deficient.
• Verifying and validating security features.
• Responding to and recovering from security incidents, by reporting and escalating security events, supporting incident response activities, or conducting root cause analysis.

3. Saving time and resources for your organisation by reducing the reliance on external security consultants or vendors.

• • Help reduce the cost of security incidents by preventing or mitigating
  • security breaches, data leaks, or compliance violations.
  • Assist with increasing the efficiency and effectiveness of your security processes, by simplifying security workflows, automating security tasks, or integrating security tools.

Read more about our Security Services

Guidelines for a successful security champions programme

By encouraging and developing people to become security champions, you can protect your organisation’s value in the digital world. But this is not a one-time activity; it is an ongoing process that requires commitment and support from both the leadership and employees. To develop a successful security champions programme, you need to:

• Establish what you want to achieve with your security champions programme, such as improving your security culture, capabilities, or performance. You also need to define how you will measure your progress and success, such as using metrics, indicators, or feedback.
• Find and select the employees who have the potential and willingness to become security champions. You can use various criteria to identify your candidates, such as their skills, experience, attitude, or motivation. There are also a range of methods to recruit your candidates, such as inviting them to apply, having their managers or peers nominate them, or hosting a hackathon or a challenge.
• Provide your candidates with the necessary training and education to become security champions. Training can take a variety of forms to suit different learning preferences, such as online courses, webinars, workshops, podcasts, or books. You can also use various topics and levels to tailor your training and education to your candidates’ needs and interests, such as basic security concepts, advanced security techniques, or specific security domains.
• Establish regular communication and collaboration between your security champions and your security team with various channels and platforms, such as email, chat, video conferencing, forums, or wikis. You can also use various activities and events to enhance collaboration, such as meetings, newsletters, webinars, hackathons, or awards.
• Monitor and evaluate the results of your security champions programme on a regular basis using tools like surveys, interviews, feedback forms, dashboards, or reports. Meaningful criteria and standards should be used to assess and improve your desired outcomes, such as quality, quantity, impact, or satisfaction.

In closing, security champions are not just security enthusiasts; they are the ‘boots on the ground’ security leaders who can make a difference in your organisation’s cyber security. By developing security champions, you can boost your company’s security culture, capabilities, and performance, and ultimately protect your organisation’s value in the digital world.

Want to know more about building an effective security champion network? Get in touch.