Queensland Law Society

How to successfully deploy security software and policies

You will usually be given implementation notes with your download link for the software. This covers the technical aspects.  

However, successful implementation of security processes in a firm requires several steps, and only one of them is making the software available. 

Change management 101  

People get into bad habits for good reasons. In the case of poor security, such as using the same password for everything, because it is quicker and easier. This behaviour then becomes ingrained and it takes effort to change. Generating change is straight forward but takes persistence: 

1. Select, deploy and test the new system. Ensure it works reasonably well before going live. 

2. Adopt a policy mandating use of the process. 

3. Train all staff:  

• Why the change is required; 

• Some case studies (if available); 

• What the policy is, and how to ask any questions or adapt it to their own work group; 

• How to use the solution, and how to get help if they get stuck. 

4. Get feedback, audit and verify compliance. The initial reminders should be fairly gentle, but make it plain that future noncompliance will have consequences. 

Training can be short and to the point, but sending an email is usually insufficient.

Ideally, the training session should be backed with reminders, such as emails, posters in common areas and laminated “how to” cards to be attached to computer monitors.