Lisa Plaggemier

Company: CDK Global

Lisa Plaggemier

CDK Global

Jul 7, 2017

Four Keys to Protecting Your Business from Risk

You’ve built a successful business. Now how do you get your employees to care as much about protecting it as you do?

People are your greatest asset, but some days they can feel like your greatest liability. Humans are fallible, and even the best ones make mistakes. There are only a few bad apples out there that come to work to do harm, not good. So how do you keep well-intentioned people from making mistakes, and let the potential rogue employee know you are not going to let them get away with damaging what you’ve built?

The key is the culture you foster in your business. Company culture sounds like a touchy-feely thing that you can’t control, but more of it rests with you and your leadership than you might realize. As Peter Drucker said, “Culture eats strategy for breakfast.” It’s a powerful tool in running your organization successfully.

Before you can start building a culture that values securing your business and avoiding risky business, you need a foundation to build on. These are the first steps. (Part Two, Building a Culture of Security, my next post, is coming soon!)

1. Open and Honest Accountability

Holding people accountable for their actions doesn’t have to be punitive, but if you don’t have accountability, you will have a culture of chaos. It also doesn’t mean you fire everyone who makes a mistake -- otherwise your employees will simply hide their mistakes. Foster an atmosphere where people own their ”stuff” and everyone learns from mistakes. You still want people to take risks and innovate, but when people don’t follow company policy or process, put the company at risk, or just make a bad business decision, you need to acknowledge and respond appropriately. In my line of work, that could be anything from a friendly “oops!” message to an employee who clicks on a phishing email, to a disciplinary conversation with an employee who breaks a security policy. And when incidents bring insights, generously share with others as a “teaching moment.” Your goal is not to embarrass those involved but instead reframe their mistakes in order to help others learn and avoid the same pitfalls in the future.

2. Just Enough Policy

Do you have written company policies that your employees must acknowledge every year?

Create policies that cover the basics like how we all treat each other (policies regarding discrimination, harassment, etc), how we all behave (ethics, code of conduct, anti-bribery, corruption, workplace violence, etc.), how we remain in compliance (legal, regulatory, and contractual) and how we maintain security (data privacy and security, password practices, network security, access controls, etc.). Take advantage of resources that can help guide your policy creation, like NADA, the FTC, your insurance company, and of course your legal counsel.

3. Just Enough Process

While you don’t want to stifle innovation, a culture without some process is one of organizational immaturity. Errors become commonplace, and even worse, breed inefficiency. Document your processes so that everyone knows “how we do things around here.” Once you’ve documented your processes, it makes it much easier to teach others through training, and more importantly, without it, you can’t do No. 1 – hold people accountable. In the world of security, process includes things like having every potential new vendor complete a security assessment as a part of your procurement process, doing background checks on job applicants, or having a system to track software licenses in use at your company.

4. Influence Human Behavior

Your policies and processes may be complete, but how well do people’s behaviors reflect what is in them? Reading a policy or a process does not mean people change their behavior. It’s essential to continually reinforce the desired human behavior through incentives, disincentives and marketing. The first two – rewarding desired behaviors and creating negative consequences for undesirable behaviors - are pretty straight forward and can be reinforced by pay plans and HR. The third – marketing - is a lot more fun. Security can be a dry topic, so if you can make the topic engaging you’re more likely to create the desired behaviors. Marketing security messages is no easy feat – stay tuned for my next blog that will dig more into this topic, and even make it fun.

Start with these foundational steps, and watch for my next post, “How to Get People to Care About Security As Much As You Do." 

Lisa Plaggemier

CDK Global

Director, Business Security Office

I have a lifelong passion for the auto industry and fervor for security awareness. I help CDK Global, our clients and our partners manage their risk and help them grow their business safely and securely.

2559

No Comments

Recommended Posts

Function + Form

Function + Form builds coilover kits that blend aggressive looks with smooth, responsive ride quality. Since 2005, our team has engineered performance coilovers that handle daily driving without sacrificing comfort or control. Whether you're afte…

Functionand Form

Function + Form

61
May 27th

Handcrafted Silver Candle Holders

Discover Handcrafted Silver Candle Holders at La Plata—where timeless elegance meets artisan craftsmanship. Ideal for weddings, festive events, or luxury gifting, our bespoke creations reflect refined taste and artistic splendor, perfect for co…

Laplata Plata

laplata

31
May 20th

Chrome Hearts Ring: A Timeless Symbol of Luxury and Rebellion

Chrome Hearts is a name synonymous with luxury, rock 'n' roll attitude, and bold design. Founded in 1988 by Richard Stark in Los Angeles, the brand has carved a unique space in high-end fashion and accessories. Among its most coveted pieces, …

chrome hearts riing

36
May 5th

Hyperbaric Oxygen Therapy Orlando Improving Health Naturally and Safely

I remember feeling tired all the time. My body ached, my energy was low, and even small tasks left me exhausted. I tried vitamins, adjusted my diet, and even changed my sleep routine. Nothing seemed to help. Then a friend recommended something I&…

james mark

physicians digital services

75
May 2nd

How a Healthcare Marketing Agency in AZ Is Driving Real Results for Local Medical Clinics

      When I first started working with a local clinic in Arizona, I realized something important: even the best medical care can go unnoticed if patients don’t know about it. That’s where a skilled healthcare …

james mark

physicians digital services

55
April 30th