Will it Play in Peoria?
The old adage that if it works in Peoria it will work anywhere might be true for the United States, but it does not translate across the globe. Every country has its own unique culture, which extends to the office. It is important for security professionals to keep culture in mind as they roll out security awareness programs and policies across international companies.
Cultural norms influence how people react to security policies, and for the greatest success rates, CISOs must ensure their programs are culturally sensitive. While policies should be standard across the organization, the delivery of the policy must be nuanced country-to-country. For example, business people in Japan rarely use the word “no”. A CISO delivering an update on security policy in that country needs to frame policy in regards to permission and positive behavior, not negatives.
Here are our top five tips for CISOs who want to ensure their security programs are effective around the globe.
Speak Their Language
Even those international employees who speak English in business meetings still benefit from hearing and reading policy delivered in their native language. Not only is this a professional courtesy, it can improve retention and reduce the risk of confusion. Thom Langford, the CISO of Publicis Group, an organization with more than 100 offices around the Globe, says “If it is important to hear then say it in their native language. Otherwise you always lose something in translation.”
“When in Rome”
The old adage rings true in business. Follow the accepted norms of the country you are visiting. For example some countries might expect a security policy to be rolled out in person via a company meeting, while others will need to read the policy first and want time to ask questions. Follow the recommendations of on-site employees in rolling out new programs.
Staff Locally, Plan Globally
While a security plan can be administered from headquarters or the CISOs home office, it still makes sense to have a globally distributed team. A security expert in each region establishes a presence for the team, can help reduce language-related confusion and give employees a security partner that can respond more quickly, without time zone challenges.
Open Channels of Communication
Even if you can’t be in their office every day, you can still make sure global employees feel you are a partner. Global offices need to know that even if security is not located in the building the team is accessible and interested. Langford says, “Open lines of communication helps the global offices realize that we want to know them, and we want to hear about concerns.” Create open channels of communication by establishing a security hotline, naming Security Ambassadors in each office and facilitating easy reporting of incidents.
See and Be Seen
Just like a CISO needs to “walk the halls” and get to know the other executives, they also should visit with the remote offices to put a face to the name and establish a personal relationship whenever possible. Just make sure that when you visit with employees in those offices you are mindful of appropriate greetings, dining etiquette and other social norms.
Subscribe
Stay up to date with cyber security trends and more