By Tom Nohelty, Applied Tech
We’re only just into 2020, and I am already falling behind on my promise of increased gym time. Each year it seems good intentions are met by reality and it is easy to revert to my comfort zone. Do you feel that way with some of your best intentions at work?
A recent McKinsey study found that 70% of digital transformation projects fail to achieve their goals with a lack of management support and employee resistance the two top reasons for failure. The reality of both personal and business failures to keep improvement promises is that failure is driven by a lack of a change management plan. There are four practical steps to creating a change management plan that will allow you to successfully meet your personal and business aspirations.
You cannot achieve something unless you have a vision of success.
To illustrate these steps, I will use a sample change project to illustrate the change management process. Assume that we want to implement Multi-Factor Authentication and security training throughout the organization. There is nothing like a security project to make all users embrace change immediately – right! Feels like I just made a promise to lose 10 pounds….
With the right approach, change can be successful.
Know Your Current Situation
An unrealistic vision is the prime way to tank any change initiative. No different than having an annual physical, it is important for businesses to do ongoing assessments of their technology and security. Without that frame of reference, you have no way of knowing what steps should be taken first or what is the most important.
In our security example, our assessments tell us that we use Office 365 and it supports Multi-Factor authentication. We also know phishing attacks generally are on the rise and we have suffered one known loss of credentials that put our bank accounts, customer relationships and corporate data at risk. It also cost 20 hours of IT time to recover from that breach. As a company that relies heavily on our reputation to drive sales, the possibility of jeopardizing our customers’ trust would be devastating.
Vision of Change
You cannot achieve something unless you have a vision of success. One of the keys to attain approval and project success for any transformational change is to define success in terms that all constituents can understand. In broad terms, there are usually three distinct constituent groups: staff, mid management and executives. Let’s look at how we could frame success for our project for these three groups:
- Reduce SPAM and phishing emails that users are exposed to by 95%
- Educate 100% of staff to recognize potential phishing emails and how to handle them – both professionally and personally
- Reduce IT breach expenses by 95%
- Increase staff productivity by 3% by eliminating SPAM emails and breach downtime
- Leverage this project to achieve an organizational goal of reducing expenses by 10%
- Reduce risk of reputational damage
Build a plan that supports change
Once you have your vision and goals defined, you need to create a plan that will allow you to meet expectations. Your plan must contain the obvious issues of planning the technology implementation and training of users. The less obvious, but much more critical, item to plan for is defining how to measure success during and after the project is complete. You can’t claim success without having some facts to back it up. In our project, we consider measuring the following:
- Number of SPAM/phishing emails blocked by Advanced Threat Protection software
- Money spent on IT breach recovery expenses
- Staff downtime due to breach downtime multiplied by average staff salary
- Number of emails staff identify/report as possible phishing campaigns
- Number of staff that pass phishing test email campaigns
These measures will help us promote the change as it is happening and allows us to show executive management that we did, in fact, reduce expenses.
Drive Change with Data and Communication
Any change must be perceived as achievable and something that will drive a positive outcome for the end user. People can deal with change when they see value in it for them. From a personal perspective, losing 10 pounds sounds tough, but losing 1 pound every 2 weeks for 20 weeks seems much more likely to happen. If you can make it fun, the fear and pain of change can be replaced. So, consider the following for your security project:
- Give the project a name and promote it around the company
- Have key staff/managers within the company be cheerleaders for the project
- Make sure the training for the new security procedures is relevant and timely to staff
- Create a contest for staff on recognizing/reporting phishing emails.
- Recognize staff publicly for passing the test phishing campaigns
The project that we are talking about is not long in nature, but some can be. When taking on projects that span several weeks or months, it is great to communicate weekly on the progress. This can be in the form of a newsletter, manager meetings or other forms of communication that fit the organization. Generally, the more you communicate pertinent information and progress the better. Each of these communications should reflect the progress of attaining the goals, a success story of some kind, and where you are within the project timeline. Remember, everyone needs to feel part of the victory of completing the goal.
Tom Nohelty is director of strategic services at Applied Tech, an information technology managed service provider and member of ABC, supporting AEC companies throughout Madison, Milwaukee and Central Wisconsin. Contact them to talk more about technology aspirations.