Communication inside a business is not a 140 character tweet, or a comment on Facebook. Communication is what you do within your business to make it work better.
One thing I have noticed in my role to educate the public in business security and the framework needed to be secure, is the fact that ICT and business do not talk. Not at the level that is needed to create a secure business.
Sounds like a broad statement but in most cases it is very true. The more I look after my clients, as well as doing contract work with larger departments and organisations, the more this reality is noticeable. There is a fine line between over commitment and generating a constant barrage of information and no information at all. Most businesses are at the no information at all stage.
I have some thoughts on what both an IT manager, CIO, CEO and a managed services provider can do.
For a small or medium business and not for profit organisation employing an external source to manage their system is becoming the norm. These suppliers can do so much for their clients as part of their business model.
I believe that communication is the best way to build the culture within a business and it always has to come from the top, whether it is management or owner.
Most businesses and organisations do not have regular meetings or a regular email / letter update within the business. This is an opportunity lost. Whether it is keeping the staff informed, talking to shareholders and stakeholders through external means or talking to prospects in general on the website there is so much that business can talk about.
I know one of the major problems is that people do not know or want to write things down. It is very hard to put information into some form of written process, I have this problem with getting people to produce content for web sites so I can understand how difficult it can be.
Once started it is relatively easy to keep going, like most things you just have to have a will to START. An internal email to your staff every Friday, praising an employee, setting internal goals, discussing problems and informing them of progress is a very good place to start. The next question is where do you incorporate the security information.
As a start, look at your internal security policy, start a discussion on social media, teach people how to create complicated passwords. Explaining how and why something is working is also of great business to your organisation. You can even make it competitive, award prizes, look at increasing the knowledge within the business.
The good thing about security information is that it can be recycled. Not too regularly but within reason, once every 10 or 15 comments interspace with new information is good.
You can also beg borrow and steal from the Internet, improve on others information, make it better to suit your industry or business. All relatively easy to do but it will have a marked effect on your business.
So there you have it, communication, a way to keep your universe in touch. In some cases you may even find it easy to do. The interaction between communication and internal security cannot be over emphasised. The important fact is that you are educating your staff which will make them mode secure but will carry through to your business making it more secure as well.