Over the years, much has been written about how important it is to ‘engage’ staff in information security, but very little about how to do this in practice. And what little advice I see seems to be limited to providing giveaways and trinkets. Surely, there has to be more than this? Researching further into the more general topic of employee engagement, I found what employee engagement actually means.
Here’s a definition that I like: “Engagement can be seen as a heightened level of ownership where each employee wants to do whatever they can for the benefit of the internal and external customers.” Note that there’s no mention of giving away coffee mugs with slogans, trinkets or pasting motivational posters to walls!
So how do we achieve this? We need to follow key elements that contribute to improving employee engagement of end-users in information security in a general business sense:
1. Connect
2. Clarity
3. Convey
4. Congratulate
5. Contribute
6. Confidence
1. Connect - Leaders must show that they value employees. Employee engagement is a direct reflection of how employees feel about their relationship with the boss.
2. Clarity - Leaders must communicate a clear vision. Success in life and organizations is, to a great extent, determined by how clear individuals are about their goals and what they really want to achieve. In sum, employees need to understand what the organization’s goals are, why they are important, and how the goals can best be attained. 3. Convey - Leaders clarify their expectations about employees and provide feedback on their functioning in the organization.
4. Congratulate - Exceptional leaders give recognition, and they do so a lot; they coach and convey.
5. Contribute - People want to know that their input matters and that they are contributing to the organization’s success in a meaningful way. In sum, good leaders help people see and feel how they are contributing to the organization’s success and future.
6. Confidence - Good leaders help create confidence in a company by being exemplars of high ethical and performance standards.
Note that there’s nothing in this list about giveaways to persuade people to attend training sessions, or posters to remind them about security every time they turn a corner, or Flash animations and games in web-based training courses. In fact, the root causes of employee engagement might be less about the employees, and more about effective leadership. And that means end-to-end leadership from the executive ranks to line management. As security educators, if we want to make a real difference to security (not just be compliant with regulations), we need to bear that in mind when putting together our training and communications programs. We need to include training and communications elements for managers and executives.
Monday, April 18, 2011
Subscribe to:
Comments (Atom)