KAT LENNOX-STEELE
SHIFTING PERCEPTIONS OF IT AND CYBERSECURITY POLICIES: POLICY SHOULD NOT FILL YOU WITH DREAD By Kat Lennox-Steele, Information Security Analyst and Co-Founder at Cyber Tribe and MVP In conversations about policy you will often be
when they, regulations, or the law are breached.
met with groans, exclamations of boredom and
Often policies are long, verbose and full of technical
sometimes apprehension. Writing and managing
or legal jargon making them difficult to consume,
policies is seen as time consuming and requiring
comprehend and retain.
expertise. And it is expensive, so can easily get tossed into the too-hard basket when the day-to-day running
After many years of conducting cybersecurity
of your business seems more important. This was
assessments in various roles our team found
my perception until I started working with companies
cybersecurity and IT policies were, for most
to improve their compliance and realised the positive
companies, often a shortcut to achieving compliance.
impact that well-structured policies could have.
But why is policy so underrated and underutilised?
Policy is viewed as one of those things you need to
People are at the centre of our businesses, clubs
have to tick a compliance box and to make sure every
and communities with technology as another layer
new employee reads in their first week. Once they
or enabler. Policy at its core is about people. If we
have been through their induction, it is unlikely they
change our perspective, policies represent a tool that
will ever see those policies again.
can be used to help, not just to enforce rules and dish out punishment.
Traditionally policies have been seen as a mechanism
80
to protect an organisation and are brought into
Changing people’s perceptions of policy might
bat when addressing poor employee behaviour or
seem like a hard sell, but when used correctly
W O M E N I N S E C U R I T Y M A G A Z I N E
N O V E M B E R • D E C E M B E R 2022