The Importance of Communications Skills in Security

You’re a technical expert—you live and breathe the IT field. Whether you’re a technician spending your days solving IT problems or a business owner spending your time on development, odds are you’re more well-versed in technical jargon and know-how than your customers will ever be. But because of that—to get customers on board and behaving the way you want them to—you need more than your technical chops; you need to develop your soft skills.

Today, we’ll talk about the importance of communication in security—and ultimately, in IT in general—and some tips for improving your skills.

Why communications matter in security

Of course, technical skills matter. These skills often get the focus in job postings, likely because they’re easier to quantify—it’s easier to prove someone’s capabilities when they’re certified in CompTIA Security+ than to know how someone will communicate with an executive. Yet, communication skills often make the difference between a decent employee and a great one. Strong communication skills can help you:

SOLVE PROBLEMS

Not receiving the outcome you wanted after giving instructions to a team member can be frustrating. It’s tempting to assume the other person simply didn’t listen, but that’s not always the case. If you’re teaching a team member how to perform a given task but the outcome doesn’t match your expectations, ask them to walk you through their thinking. You may believe you’ve explained something clearly—but if your team member misinterprets your instructions, it’s a sign your instructions weren’t as clear as you thought. When the team member explains their thought process, you can often spot the error in communication, which will help you communicate better with them and others in the future.

CHANGE BEHAVIOR

The human element can be the weakest part of security. Putting technical controls and processes in place helps to reduce risk. But ultimately, you need to get your end users to buy into the process. How you communicate with them in training sessions and follow ups plays one of the biggest roles in whether they follow the process.

PERSUADE STAKEHOLDERS

Strong communications skills can help you persuade stakeholders and customers to take security seriously. If you’re dealing with uncooperative customers, gentle persuasion techniques can help you get them to sign on for stronger security programs.

Key points to emphasize

Of course, you probably want to know the “how” of better communications skills. This is a discipline unto itself, but there are a few rules of thumb.

HAVE AN OUTCOME IN MIND

First, before speaking with anyone, have a goal in mind. Do you want to persuade them to your point of view? Get them to comply with a security practice? Help them learn something new and retain it? Your goal should dictate how you communicate. For example, if a client is upset because they’ve been locked out of their machine due to ransomware, you need to calm them down while you fix the problem. Remain professional and reassure them you’re working diligently to fix the issue. If they’re on the phone with you, try to speak calmly and slowly—speaking slowly and calmly can lead to a relaxation response. If your goal is to explain a technical issue, focus on conveying information in the clearest way possible. Try to use non-technical terms with end users. While other technicians will want you to use technical terms to make things faster, they will only confuse and frustrate end users more in a crisis event. Ultimately, knowing your outcome should dictate your strategy.

SIMPLIFY AND EXPLAIN

Piggybacking off the previous point, security can quickly get complex. When speaking with end users, it’s important to keep things simple, clear, and concise.  They don’t need to know everything—nor do they want to. If you have to use technical jargon, make sure to spell out any terms you need to use. In some cases, you may end up speaking to someone who knows their stuff. Still, try to cut things down into the most concise message possible.

REASSURE

Security can seem like magic to some people. Partly, it seems too complicated for people to think about. But fear plays a role, too. Few people want to think about how others can misuse or steal their data. It’s easy to think “out of sight, out of mind.” Fear may get their attention, but it doesn’t always change behavior—if it did, doctors would have a much easier time reducing heart disease with diet. Instead, one of the best ways to get users to change behavior is to give them simple tips and remind them security isn’t mysterious. For example, if they feel something is off about an email, they should check the sender before clicking any links.

CONSIDER FORMATS

Often, the format you use to communicate dictates how it’s received. When it comes to understanding information, some people will learn better via videos, some prefer to read, and others need hands-on practical information (so it’s good to mix all three when giving security training). In other cases, you may want to consider how displaying information matters to the audience. For example, many business executives and stakeholders are used to visualizing information in charts and graphs; telling them you’ve improved their security posture may not be as effective as showing data-driven graphs and visualizations. Often, a good RMM solution or security product will offer brandable reports to help you show your value to your customers.

Communicating with your customers and users

At the end of the day, technical skill obviously matters a great deal in security. However, when you get past a certain level of skill, your communication abilities can play a greater role in getting users to practice better security, team members to accomplish tasks more effectively, and customers to understand your value.

 

Of course, the tools you use should be designed to communicate information easily and clearly to your team. SolarWinds^® Endpoint Detection and Response can help your team better protect endpoints from attacks and can give you clear visibility into threats via forensics, attack timelines, executive summaries, and other reports. Learn more today. 

 

Kim Cecchini is Senior Director of Corporate Communications, MSP at SolarWinds