Meetings dedicated to security team concerns are a necessity for modern businesses. If your team isn’t regularly talking about security, checking up on implementation progress, identifying roadblocks, monitoring suspicious incidents, and discussing changes, then any security program you have will quickly deteriorate under neglect.
For an information security team, which already oversees the important task of data privacy and security in the company, unproductive meetings are more than an annoyance. They’re an obstacle that prevents the team from doing its job. If your security team wears multiple hats in your business, these meetings are an important time to ensure critical security responsibilities aren’t being ignored.
When planned and run correctly, security team meetings are a useful tool for furthering the strategic goals of a security team and those of the overall company. Here’s how to make sure your information security team meetings deliver value, stay high-impact, and help your employees efficiently get things done.
If you’re figuring out how to form a security team to satisfy a security framework or compliance requirements – watch my video on that before you read more. Designating your Security Officer and other roles are important first steps, so you know who is responsible for oversight of data security, policies, and responding to security incidents.
An effective meeting creates a space to share ideas, plan projects, and coordinate employee tasks or actions to move an initiative forward. Research shows that face-to-face communication is 34 times more effective than email communication when it comes to employee engagement with a project. Virtual meetings can be nearly as effective if your team is working remotely.
However, to harness this productivity, they need to be well-planned. To get the most out of an information security team meeting:
A focused meeting starts with a clear vision for the reason why you called the meeting in the first place. As a CEO, I spend time in tons of meetings and don’t want to waste time in a meeting that doesn’t have a clear objective. Determine the purpose of the meeting, then use that purpose to plan the details. Consider things like:
While working out these details, review any notes taken from the previous meeting and follow up on tasks that were pending or expected to be finished before the next meeting. (That’s easy to do if you are using the Securicy platform, where you can run a security report to quickly review completed or pending tasks.) That will also give you a sense of what topics need to be addressed at the next meeting. You may want to send the agenda to the meeting participants a few days in advance to allow everyone to prepare.
Start your meeting on time, establish the focus on the agenda, and clearly explain why everyone is there for the meeting. If there were any outstanding action items from the previous meeting, review those and how they will influence your tasks moving forward. Then, stay on course by:
Maintain employee engagement by wrapping up a meeting on a positive note and establishing clear action items for the team. If you took meeting minutes or notes, it’s helpful to email them out to the team for review. Likewise, make sure to follow up on any action items or responsibilities that were assigned to specific individuals. (With a Securicy Implementation Plan, you can assign the automatically created tasks to members of your security team.)
Meetings are most effective when they’re focused, and they support the team’s productivity. Follow these six tips to ensure that your meetings stay efficient and effective:
Use meetings to accomplish tasks that are difficult to pull off in other formats. You might designate the time to review policies using a roundtable-style discussion group. Face-to-face communication can make it easier to brainstorm or bounce ideas off other people, but 2020 is the year we all learned how to securely work from home and hold any kind of meeting online. Remember to make use of chat features to drop in questions while someone is speaking, share your screen, or collaborate on documents together.
It’s not necessary (or effective) to call a meeting every time there’s a new piece of information that the team needs to know about, such as new cybersecurity trends or the occurrence of an event. A meeting’s purpose should never be to simply inform the team of something. Put it in an email if you can.
Inviting only relevant team members ensures that input and discussion remain focused and valuable. Everyone should have something to add to the discussion, brainstorming session, or planning phase. Anyone else can be informed about the meeting’s outcome via an email or the meeting minutes.
Blanket invitations may crowd the space, choke discussion, and – depending on the topic – invite the wrong ears to the meeting. While it may be tempting to invite interested managers or people with different perspectives on an issue, make sure that they’re people who have a solid reason to be there in the first place and something to contribute to the collaboration.
If you do need to include a larger group, make sure you set expectations. Especially if it’s a group that doesn’t hold meetings together often. Do you want everyone to hit “mute” unless they’re speaking? Or do you want people to chime in with questions? You want to make sure people attending know why they’re there and how they should participate.
Keep the team action-oriented by focusing on resolving challenges and meeting objectives. Everyone should walk away with a clear understanding of what they need to do or work on next. This keeps team members engaged and feeling like their time in the meeting was well spent.
If you’ve covered all the discussion points and wrapped up planning… end the meeting. Don’t drag it on to fill up time – your team has better things to do. Likewise, don’t drag the meeting past the scheduled time. Wrap up, establish action items, then follow up with notes or meeting minutes. Schedule another meeting at a later date if you need further discussion.
Your information security team is an essential part of the company with a very important job to do. Make sure they have the tools that they need to use their time productively. The free version of our Securicy platform is a great starting point for early-stage companies looking to scale. Mid-sized or enterprise companies will need to use professional-grade information security management software.
A thoughtfully planned, focused meeting can be a powerful tool to advance projects and keep the entire team on the same page. Make the most of your security meetings, to help your team deliver the most value to the company.