Meetings dedicated to information security team concerns are a necessity for modern businesses. If your team isn’t regularly talking about security, checking up on implementation progress, identifying roadblocks, monitoring suspicious incidents, and discussing changes, then any security program you have will quickly deteriorate under neglect.
For an information security team, which already oversees the important task of data privacy and security in the company, unproductive meetings are more than an annoyance. They’re an obstacle that prevents the team from doing its job. If your security team wears multiple hats in your business, these meetings are an important time to ensure critical security responsibilities aren’t being ignored.
When planned and run correctly, security team meetings are a useful tool for furthering the strategic goals of a security team and those of the overall company. Here’s how to make sure your information security team meetings deliver value, stay high-impact, and help your employees efficiently get things done.
If you’re figuring out how to form a security team to satisfy a security framework or compliance requirements – watch my video on that before you read more. Designating your Security Officer and other roles are important first steps, so you know who is responsible for oversight of data security, policies, and responding to security incidents.
Getting the Most out of an Information Security Team Meeting
An effective meeting creates a space to share ideas, plan projects, and coordinate employee tasks or actions to move an initiative forward. Research shows that face-to-face communication is 34 times more effective than email communication when it comes to employee engagement with a project. Virtual meetings can be nearly as effective if your team is working remotely.
However, to harness this productivity, they need to be well-planned. To get the most out of an information security team meeting:
Prepare Before a Security Meeting
A focused meeting starts with a clear vision for the reason why you called the meeting in the first place. As a CEO, I spend time in tons of meetings and don’t want to waste time in a meeting that doesn’t have a clear objective. Determine the purpose of the meeting, then use that purpose to plan the details. Consider things like:
- Whose presence is required, and whose attendance is optional.
- What topics need to be covered and what materials are needed to cover them. (Are you talking about recent security incidents, preparing for a SOC 2 audit, or a vendor security questionnaire?)
- When the meeting needs to happen.
- Where the meeting needs to happen and how long it needs to be. If meetings will take place over video conferencing, make sure you send everyone a link to join ahead of time.
While working out these details, review any notes taken from the previous meeting and follow up on tasks that were pending or expected to be finished before the next meeting. (That’s easy to do if you are using the Carbide Platform, where you can run a security report to quickly review completed or pending tasks.) That will also give you a sense of what topics need to be addressed at the next meeting. You may want to send the agenda to the meeting participants a few days in advance to allow everyone to prepare.
Stay on Course During the Meeting
Start your meeting on time, establish the focus on the agenda, and clearly explain why everyone is there for the meeting. If there were any outstanding action items from the previous meeting, review those and how they will influence your tasks moving forward. Then, stay on course by:
- Inviting input that is relevant to the agenda. A meeting shouldn’t feel like a lecture.
- Encouraging a balanced focus on agenda items. Don’t spend too long on a single topic.
- Emphasizing resolutions and the next steps. Meetings should move projects forward.
Review After the Meeting
Maintain employee engagement by wrapping up a meeting on a positive note and establishing clear action items for the team. If you took meeting minutes or notes, it’s helpful to email them out to the team for review. Likewise, make sure to follow up on any action items or responsibilities that were assigned to specific individuals. (With a Carbide Implementation Plan, you can assign the automatically created tasks to members of your security team.)
6 Dos and Don’ts for an Effective Meeting
Meetings are most effective when they’re focused, and they support the team’s productivity. Follow these six tips to ensure that your meetings stay efficient and effective:
1. Do: Schedule Information Security Team Meetings to Complete Security Tasks or Advance a Project
Use meetings to accomplish tasks that are difficult to pull off in other formats. You might designate the time to review policies using a roundtable-style discussion group. Face-to-face communication can make it easier to brainstorm or bounce ideas off other people, but 2020 is the year we all learned how to securely work from home and hold any kind of meeting online. Remember to make use of chat features to drop in questions while someone is speaking, share your screen, or collaborate on documents together.
2. Don’t: Schedule Information Security Team Meetings That Can be Covered in an Email
It’s not necessary (or effective) to call a meeting every time there’s a new piece of information that the team needs to know about, such as new cybersecurity trends or the occurrence of an event. A meeting’s purpose should never be to simply inform the team of something. Put it in an email if you can.
3. Do: Invite Personnel Who are Relevant to the Set Agenda
Inviting only relevant team members ensures that input and discussion remain focused and valuable. Everyone should have something to add to the discussion, brainstorming session, or planning phase. Anyone else can be informed about the meeting’s outcome via an email or the meeting minutes.
4. Don’t: Make Blanket Invitations to Everyone in the Department or Organization
Blanket invitations may crowd the space, choke discussion, and – depending on the topic – invite the wrong ears to the meeting. While it may be tempting to invite interested managers or people with different perspectives on an issue, make sure that they’re people who have a solid reason to be there in the first place and something to contribute to the collaboration.
If you do need to include a larger group, make sure you set expectations. Especially if it’s a group that doesn’t hold meetings together often. Do you want everyone to hit “mute” unless they’re speaking? Or do you want people to chime in with questions? You want to make sure people attending know why they’re there and how they should participate.
5. Do: Ensure That Everyone Walks Away with a Clear Next Course of Action
Keep the team action-oriented by focusing on resolving challenges and meeting objectives. Everyone should walk away with a clear understanding of what they need to do or work on next. This keeps team members engaged and feeling like their time in the meeting was well spent.
6. Don’t: Drag on a Meeting Just Because You Have 15 Minutes Left
If you’ve covered all the discussion points and wrapped up planning… end the meeting. Don’t drag it on to fill up time – your team has better things to do. Likewise, don’t drag the meeting past the scheduled time. Wrap up, establish action items, then follow up with notes or meeting minutes. Schedule another meeting at a later date if you need further discussion.
Effective Meetings Make Effective Teams
Your information security team is an essential part of the company with a very important job to do. Make sure they have the tools that they need to use their time productively. The Carbide Platform helps bring enterprise-class security to any organization.
A thoughtfully planned, focused meeting can be a powerful tool to advance projects and keep the entire team on the same page. Make the most of your security meetings, to help your team deliver the most value to the company.