Find out how to bring corporate leadership onboard with modern security.
Convincing leadership to make changes for the organization you work for requires hefty effort – but it’s worth it. Those changes might be what helps your business remain competitive in the long run.
In today’s digital-first environment, there are no changes more urgent than adopting better security policies. However, it’s often hard to convince leadership to invest in security technologies that don’t offer immediate returns.
IT professionals presenting new security technologies to corporate leadership need to take a different route than the usual ROI-oriented approach. Making the case for password management tools offers the perfect example.
Password Management Prevents Catastrophic Loss
Password management tools are effective, inexpensive, and valuable technologies for any corporate environment. Up to 81 percent of company data breaches involve weak or compromised passwords, and the average cost of a data breach is $3.92 million.
Additionally, a look at the Marsh Microsoft 2019 Global Cyber Risk Perception Survey highlights cyber risk as a top five concern for 79 percent of respondents – up 17 percent in just two years – yet these organizations’ confidence in their ability to manage risk has steadily declined. Companies surveyed admit their lack of confidence in understanding and assessing cyber risks has increased 9 percent; for preventing cyber threats it’s increased 7 percent and responding to and recovering from cyber events has also seen lack of confidence increase 7 percent.
You would think these figures alone would be enough to convince corporate leadership to invest in password management software, but that is not always the case. This software does not generate profits all on its own — but it does mitigate risk, and improve efficiency, leading to increased productivity.
IT professionals that present risk mitigation as a value-generating initiative have a much easier time getting executive sponsorship for implementing security technologies. The key is framing the ability to prevent a multi-million dollar loss as a profitable investment.
The best way to do this is by reframing the cybersecurity question from an “if” to a “when.” With cybercriminal activity on the rise and an increasing number of small and mid-sized business victims, cybersecurity resilience is a must-have.
Listening Skills: Explore Leadership’s Concerns
One of the mistakes IT professionals often make when presenting new security technologies to corporate leadership is failing to take leaders’ concerns into account. Simply throwing facts at executives and hoping they will connect the dots is not enough.
Instead, IT professionals need to place a priority on listening. Corporate leaders have serious concerns that typically rise above the daily challenges of running a business. They need to keep stakeholders happy while positioning the business for long-term success.
As a result, leaders often think in big-picture terms. Bogging them down with the details of things like password management will not work.
But if you listen to their concerns and find ways to fit superior password management into that framework, you will be able to make a more successful presentation. Often, these concerns will stem from the executives’ personal experience with cybersecurity and password management technologies.
Show — Don’t Tell — How Weak Most Passwords Are
Maybe you won’t be able to convince leadership to implement a major change to your security structure for the entire company. But you can probably convince the company’s leaders to run a small, contained experiment to see if a new approach works better than the status quo.
Because cybersecurity relies on a lot of unknown factors, these experiments have to rely on internal controls. You don’t want to expose the company or its employees to security risks.
But you can collect data on security expenditure, and devise proof-of-concept initiatives that will support your claims. This will give you the upper hand when negotiating the potential for transforming the organization’s approach to cybersecurity, especially when it comes to password management.
One way to demonstrate the value of good password policy is with a tool such as How Secure Is My Password? Input some of the most common passwords that people use (“password”, “123456”, “qwerty”) and see how long it would take a hacker to break it. If you’re hoping for a stronger password from the start, it’s also advisable to utilize Dashlane’s Password Generator.
Anyone using a password cracking tool can see the most common passwords pose no challenge to hackers. Even complicated passwords with numbers and punctuation marks can be broken in a matter of minutes if they are under eight characters long.
Add in the fact that the average IT employee has to remember more than 200 separate account passwords, and you have the perfect case for implementing a sophisticated password management solution.