In a recent post entitled "Marketers with Power", Seth discusses situations when we have no choice in an action, such as when:
I have to fill out this form before the doctor will see meAnd:
This last sentence contains important advice.I know that I have to go to that meeting or pay that tax or listen to this lecture, but, right here, in this moment when you have power, you are going to to establish the way I feel about your entire organization.If a marketer works hard to provide a positive experience when the customer has no choice, the benefit of the doubt that's earned is worth far more than it costs.
While the advice is directed to marketers, Information Security professionals must also learn this lesson. In many cases, when someone engages the security group, it's because they have to... perhaps there is an incident or investigation, some kind of policy violation, or it's time for mandatory security training.
We all want our business and IT areas to let security know when they have a new project... and let us know early in the project. (we've all dealt with hearing about a deployment at the 11th hour) In some cases, your organization may even have a policy or process that mandates this.
This is your opportunity to provide excellent customer service!
How difficult is it to contact your security team? If your customer needs to fill out a form, make sure the form is straightforward. Don't require someone to give you the same information more than once. If you have an email or voicemail queue, make sure you return contacts promptly. Is your security awareness training fun and engaging?
It is critical that you make every interaction with security a positive one for the customer or partner. Even if the answer or outcome will not be their favor, the process should be easy and responsiveness swift.
If the process is cumbersome and the interaction unpleasant, then we're just perpetuating the myth that security is a roadblock and is the group that says "no".
How many hoops do you make people jump through to engage your security team? How have you provided excellent service today? How many new evangelists have you created? How many detractors?