Skip to main content

Cultural mugs

One of the main challenges that drew me to Information Security (and management in general) was that of helping to build a working culture that is genuine, sustainable and is aligned to support 'the vision'.

I've had the benefit to have learned directly, and from the experiences of past bosses, leaders and mentors how not to approach cultural change initiatives: Knowing what bad change-approaches looks like, usually without any real clarity around what perfect (or even good!) may be is a useful head-space to occupy.

At least in the absence of knowing what to do, knowing what not to do provides a useful reference point.

I find that this simple psychological tool helps me to sanity check if I'm falling into those past gotchas and traps as shared with me by the wise few who've been there, seen it, burnt that bridge, picked themselves up and started all over. Haven't we all?

The challenge of raising Information Security awareness through driving a working culture change speaks to both the manager, marketeer and technical sides of me. Something we're working to hone at Photobox is to increase our Security awareness through an InfoSec communications practice that ties our Group's photo and personalised products (greetings cards, cushions, t-shirts, gifts and more - you really should check them out, they're awesome) to our cultural Security messaging.

Recognition and reward are important facets of human nature that I believe must always be kept in mind when seeking to drive cultural change within organisations. Whilst I'm sure many of us would love to be paid megabucks and to appear on the front page of Time magazine to celebrate our no-doubt outstanding contributions to industry, this tend to mainly serve the person on the front page; more an ego stroke of one person, rather than mass cultural shift...

Instead I believe that subtle recognition and reward can play an important role in 'infectious' cultural change from within an organisation. For those of you who haven't yet had the chance to see the InfoSec-presenting 'Jedi' that is Thom Langford, he has a killer presentation around awareness that touches upon 'Language, Experience and Choice Architecture' that I encourage you all to see if given the chance at future Security conferences he's presenting at (ask him about the "Janitor and Lipstick on the Mirror" story...)

In terms of reward and recognition, my good friend and inspiring CISO (Patrick Wheeler) famously chose a simple flashlight (and hand-made certificate) to thank and reward a member of his team who had 'saved the day' during a Security incident - presenting it to the member of staff alongside the Exec at an All-Hands sitting. The group-effect of publicly calling-out supportive InfoSec behaviours, and openly recognising and rewarding them had a tremendous effect on how Patrick was able to build out his 'virtual' Security Army. We all know in Security how budgets are tight, our CFO's are under pressure, and how building virtual teams for InfoSec support is essential.

And it is here we arrive at how we're approaching this challenge the 'Photobox way': Our growing Security team (supported by Moonpig's excellent creative designers) have come up with this simple reward mug:

Our first few are rolling out to diligent members of staff who have been going above and beyond the call of duty to report issues, risks and even just the latest fishy phishing attempts.

Now a mug may not be the sexiest of gifts, but it does offer recognition and reward (plus it comes filled with sweets too) increases our Security team's exposure to the wider business - as the mug slowly gets circulated around the offices by our cleaning staff at the end of each day - and promotes our own Group's products in one, simple gesture.

So, it seems that Photobox Group don't only make mugs - they may also produce trophies that affect cultural shifts...


Popular posts from this blog

The 'Big Five' behaviours - Building and maintaining a values-led business culture

Business culture is a topic that I frequently see popping up on my LinkedIn feed, and something I'm deeply passionate about.

Many of us have read the famous Netflix slide deck that describes their own business culture, and even last night whilst digesting the day's technology news I read an analysis of Bezos' meeting culture in a digital broadsheet.

For my business - Conosco - the culture I joined and the culture I knew that I would be proud to lead and be associated with, have maintained a high position in my everyday thoughts whether on my morning drive to work, walking through the streets of London at lunchtime or sitting with my young children as they fall asleep at night after their bedtime story.

Having just spent a week with our teams based in South Africa, it's become ever more apparent to me that a relatively small number of leadership values and habits can help to drive what I feel are the most valuable team member behaviours to support our business culture.

Designing a GDPR-compliant consent workflow for eCommerce

It's been quite a journey for me, to date, as I find my way along the twisty path that is understanding GDPR.

Through attempting to better understand what 'compliance' for the Photobox Group looks like, and in a renewed attempt to better understand its likely impact upon us, something I've found hard to find are good examples of 'GDPR compliant' user interfaces for eCommerce around the provision of user consent.

Ultimately we need to ensure that for each and every GDPR-relevant interaction our brands have with our customer's data, we have their appropriate consent.

The question is, how granular the explicit Opt-In requirements need to be?

The ICO does a good job of publishing high-level 'consent guidelines' as below:
Explicit consent requires a very clear and specific statement of consent. Keep your consent requests separate from other terms and conditions.Be specific and granular. Vague or blanket consent is not enough.Name any third parties who wi…

My first month as a numbers

It's been a busy few months as I moved from a wonderful few years spent with the Photobox Group to becoming Chief Executive for Conosco.

Playing to my 'purple' nature, here are some simple numbers to tell the tale of my first month as a CEO:
1 - organisational restructure0 - resulting redundancies4 - new members appointed to a newly-created Leadership Team spanning the UK and South Africa1 - tailored leadership skills course completed by the new Leadership Team20 - minutes that each leadership team member was asked by me to spend completing a self-analysis questionnaire~0 - the number of cynics asked to engage with the exercise1 professional lifetime - the time that the positive impact the individual questionnaire results that were presented to them will last on each of them (ask them, they agree.)62 minutes - the time it took us to escape from 'Escape Rooms' in London32 - the floor we ate lunch at in the Shard where we celebrated our offsite as a new Leadership te…