Building a Culture of Security
Get Organizational Buy-In
Part of a successful security culture is also ensuring buy-in across parliament to your security plan. Critically, this must include strong, vocal support and guidance from leaders who will, in many cases, be the ones making the final decision to allocate time, resources, and energy towards developing and implementing an effective security plan. If they do not take it seriously, no one else will. To achieve this buy-in, think carefully about when and how to introduce your plan, do so in a clear manner, make sure leadership reinforces the messages, and walk everyone through all the elements and steps of the plan so that there is no mystery or confusion about what you are trying to achieve. Make sure to budget appropriately for cybersecurity across the parliament as well. Although finances might be limited, it is essential to invest appropriately in cybersecurity, otherwise, other investments are likely to be put at risk. When talking about security, avoid scare tactics. Sometimes the threats that your parliament and staff face can be scary, but try to focus on sharing facts and creating a calm space for questions and concerns. Making the dangers seem too threatening can cause people to dismiss you as sensationalist or simply give up, thinking nothing they do matters – and nothing could be further from the truth.