Strategies & Tactics

Partners in Crime: How to Work With Your Cybersecurity Team

March 4, 2019

[magic torch]
[magic torch]

Major data breaches happen daily, and significant breaches have become so common that, as a consumer, we’re no longer surprised. It’s more of a “Who is it this time?” response.

But when data breaches happen, they cost organizations money — lots of it. A July 2018 study by IBM found that an average data breach costs the affected company nearly $3.9 million. Company reputations also take a big hit, which can then impact employee morale.

I work in health care, which has recently topped the list as the industry most targeted by cybercriminals — the bad actors behind most cybersecurity incidents. In fact, our security team blocks hundreds of thousands of phishing attempts every day. No industry or method is foolproof against cyber threats, so keeping the culprits out is everyone’s job.

As internal communicators, we have many natural partners within our organizations. However, one group you may not have thought of partnering with is your cybersecurity team. Perhaps they’ve already asked you to disseminate messages to educate employees about cyber threats. And if your organization is planning an event, without a doubt you’ll be working with your cybersecurity department to implement that part of your crisis communications plan.

However, I think there is a huge opportunity in the middle of this spectrum. I’ve learned that digging deeper and truly partnering with the information-security department can yield a win-win collaboration on par with any that I have within my organization. I’ve seen interesting ways in which the goals of the communications and cybersecurity groups align.

Our partnership with the cybersecurity department has created a new way to demonstrate the value of communications to the organization. Indeed, there are tangible ways in which you can benefit from having the cybersecurity team as your strategic partner.

Cybersecurity needs your expertise.

Because cybersecurity people protect your organization against serious risks, they need the best of what you and your communications staff offer — your strategy, tactics and creativity. No one knows better than your group how to communicate with the organization. See your collaboration with cybersecurity staff as an opportunity to shine.

Go beyond merely being a conduit for information. Get in and learn yourself. Learn about cyber threats to your organization, and what’s being done to mitigate them. When I did this, I discovered the practical ways in which communications and cybersecurity goals align.

Communications standards thwart cyberattacks.

Many phishing attempts on organizations are designed to look like internal inquiries. If employees know what a legitimate company communication looks like — or better yet, when and how those communications are typically delivered — they will be more likely to spot a fake, a bad actor trying to infiltrate your organization.

Engage with the cybersecurity department to see how your goals for the organization’s internal communications support their efforts by educating employees on what legitimate emails within your organization should look like.

You need to be a strategic adviser.

Communication professionals often have a bird’s-eye view of what’s happening inside an organization. Use that perspective to help your cybersecurity team improve its strategy.

There may be other strategic alliances you can advise them on to benefit their work. For example, we discovered a commonality between the principles of medical care and cybersecurity.

In health care, we spend a lot of time teaching and reinforcing safety practices that help us consistently deliver high-quality, patient-centered care. Many of these error-prevention tools — such as “validate and verify,” “debrief,” and “stop, think, act, review (STAR)” — also apply to how we want employees to think about cybersecurity and keep our data safe.

Our team helped identify that this significant nomenclature, which our clinical staff was already familiar with, had real and practical applications for cybersecurity. The cybersecurity staff might not have made this connection on its own, but these tools provide a great way to reinforce messages that our employees are already learning.

Obstacles are opportunities to engage.

Learning what’s happening in the cybersecurity world may help your own planning.

As an internal-communications leader, if you haven’t had a priority delayed over cybersecurity concerns, you will. But by learning what your cybersecurity team is working on and why, you’ll better understand the “no’s” and “not now’s” that may be frustrating your communications efforts.

Instead of complaining that you can’t get something done, see those obstacles as opportunities to engage with security colleagues and learn how to help them. By understanding where they’re coming from, you’ll be better equipped to help them succeed, which could mean getting what you want sooner.

If I haven’t convinced you yet, consider this: A common question I hear from communicators is, “How do I get a seat at the table?”

In my experience, one of the best ways to make your voice heard is to find out what’s being discussed in the C-suite and then add value to that conversation.

Right now, I don’t know of a single table in corporate America that isn’t talking about cybersecurity. Internal communication professionals can add real value to this discussion.
So, lend your expertise. Align your goals. Be a strategic adviser. Be a cybersecurity advocate. Doing so will benefit you, your team and your organization.

Learn More About Employee Comms

Join hundreds of passionate PR professionals on May 15-17 in Phoenix for the 2019 PRSA Employee Communications Section Conference. Connect 19 is where you’ll discover the hottest trends, effective tactics and proven strategies in internal communications.

Elisabeth Wang

Elisabeth Wang has been in communications for nearly 20 years. She is the executive director of communications and public relations for Piedmont Healthcare in Atlanta. Follow her on Twitter: @elisabeth_wang.


Meg W. Burton, APR says:

Very solid advice here, Elisabeth. Great perspectives! My communications team recently worked with our IT team to support the launch of an ongoing phishing education campaign. The IT team selected a vendor to offer phishing training and conduct phishing simulations, and we supported that effort by crafting communications to roll out the training, introduce the simulations, and report on the results on an ongoing basis. The effort has been tremendously successful in educating employees, as measured by the decline in employees who fall for phishing simulations over the course of the campaign. I would highly recommend that sort of effort to others!

March 6, 2019

Post a Comment

Editor’s Note: Please limit your comments to the specific post. We reserve the right to omit any response that is not related to the article or that may be considered objectionable.


To help us ensure that you are a real human, please type the total number of circles that appear in the following images in the box below.

(image of six circles) + (image of six circles) =



Digital Edition