Since Red Clay Renovations is currently promoting the «smart home» and «Internet of Things» technologies in residential buildings, information security is crucial for the company’s executives. Automatization and electrification of household processes require large amounts of information to be stored in databases. Therefore, the company possesses the clients’ personal information and needs to ensure its protection and eliminate the risk of misusage. However, with cyber-attacks becoming more advanced, the chance of data breaches is increasing. This trend is a motivation to update companies reporting policies, and this paper will describe the new methodic and communication strategies for employees and managers.
The previous policy of Red Clay had severe shortcomings in legal and ethical terms. Firstly, the past practice allowed field offices to have undue freedom in reporting data breaches to the CISO, which resulted in a number of unexamined conflicts. Secondly, since data breaches used to be resolved with corporate penalties, according to Agar (2019), their effects on individual customers were not considered. The improvements of the new policy are aimed at establishing acceptable response methods for data breaches and concentrating the responsibilities of the company’s CISO. Since IDG’s (2016) survey results state the need for a top security executive and the new federal laws require higher levels of responsibility, Red Clay assigns the CISO to be solely responsible for any security breaches. His duty will be to communicate any occurring vulnerabilities to the leaderboard. This way, the company plans to achieve better control over cybersecurity incidents and ensure their rapid resolution.
The purpose of this communication strategy is to provide a reliable and comprehensive report about the new policy to all the employees. In Nandikotkur’s (2021) interview, Arwa Alhamad explains the necessity of communication between a CISO and employees: «we need to tell them the best practices they have to do» (00:02.54-00:03:00). This corresponds with the first point of the communication strategy: preparing an easy and understandable outline of the policy emphasizing the updates. In order to ensure adequate information transfer, the hierarchical model will be implied. In other words, the policy description will be given to senior management to pass down to their employees, who will proceed in transferring it through a cascading effect. The information will be shared via email and require a receipt from each person, proving they have been informed. This determines the first step of spreading updated corporate rules, which only includes notification and confirmation.
The second step and crucial part of implementing changes are to establish considerate communication among department leaders and their employees. Communication and feedback will allow us to interpret ideas, facts, opinions, and feelings about the work performance in general and the new set of rules in particular (Radovic Markovic, Salamzadeh, 2018). For this matter, two other pieces of strategy are established. Of course, to receive feedback, all employees will be sent an anonymous form, asking them to share their opinions on the policy without the pressure of having their names involved. Additionally, to ensure the policy is correctly understood and implemented, all key leaders will be trained and educated on answering questions and clarifying instructions regarding any point of the new set of rules. These measures are considered sufficient to guarantee that all the workers mastered the requirements and shared their views on them.
To summarize, since Red Clay had updated the breach report policy and reassigned the CISO’s responsibilities, the new set of requirements needs to be conveyed to every employee. To ensure that, a comprehensive outline will be sent via email using the hierarchal model. Every worker will have to confirm they have been informed and have an opportunity to ask any questions or share any thoughts through a feedback form or their managers.
References
Agar, R. (2020). Who is Responsible and Accountable for a Data Breach? IDERA. Web.
DG Enterprise Marketing. (2016). The CIO/CSO imperative: Strategic conversations, collaborative partnership & technology involvement. Web.
Nandikotkur, G. (2021). Building Accountability for Cybersecurity. Data Breach Today. Web.
Radovic Markovic, M., & Salamzadeh, Aidin. (2018). The Importance of Communication in Business Management. The 7th International Scientific Conference on Employment, Education and Entrepreneurship (pp. 11-28). Web.