Marketing is not something we ordinarily associate with our jobs, but I think internal marketing is absolutely critical for technology and security teams.
I’ve found that if you want people enrolled in what your group does for the business, then having the savvy to create internal solutions or branded products is far more effective than issuing policy and procedural edicts. By elevating the discussion from policies and procedures to products and services, you’re enhancing the perception of your group’s value to the organization, as well as encouraging compliance.
Let me give you a couple of examples. At Customers Bank, we’ve created a product that allows customers to verify that an email they received from us actually came from us. It’s always there for the customers, and it takes away the anxiety people have when it comes to email communications with banks.
It’s something we created to enhance our communications with our customers. It’s our security team adding value to the business. Instead of us just being the group that secures things and says, you can’t do this and you can’t do that, it shows that we are conscious about providing the best possible consumer experience, and therefore have embedded ourselves in creating products for customers.
We also provide services internally. We allow employees to use their own personal devices — and also provide a service that tries to track them if they’ve been lost or stolen, and wipes them if they can’t be located. It saves employees from having to do that themselves, and provides a free, enhanced layer of protection that they’d ordinarily have to pay for. And so we advertise that as a service enhancing the user experience.
That mindset change is the reason why the adoption of BYOD, or bring your own device, is so high. I’m using my device, and getting the weight of my company’s security team in protecting it.
Now I’ve gotten some pushback to this concept of internal marketing. It creates a lot of extra work, people say. Or, marketing is not my thing. It’s not a skill I have.
As I see it, internal marketing helps to show the rest of the organization what value your group brings to the business. By presenting branded products and services, you help the business strengthen its own brand with customers. Internal solutions and services, meanwhile, drive the adoption of policies and procedures more effectively than emails warning of a cutoff from the network.
That’s especially important in the security space, where everything you do is seen as a constraint on how people do their jobs.
And if it seems too time-consuming, consider this: Making the time for these initiatives frees time down the road because you won’t have to chase people down for adoption. This partnership approach changes how people see your group, inherently making them more compliant because they feel you’re providing services to them and are part of their individual value chain.
I think that if a concerted effort were put on internal marketing, then there would probably be stronger business cultures around technology and security than we have today, where tech teams are still seen as computers guys and gals, and security organizations are seen as a necessary evil rather than as a partner to the business.