You’ve been promoted—congratulations! All of your hard work as an IT professional has resulted in a management or even executive-level position, and along with it, a boatload of new opportunities and responsibilities.

In your new role, cybersecurity should be a priority—and if it’s not, it’s time for you to make it one. Introducing new security policies to your organization has its challenges, but is a necessary step towards better protecting your organization as a unit. Feeling a little apprehensive taking on the role of change manager? Don’t fret—here are some tips to make your cybersecurity project run smoothly, no matter what size your business might be.

Learn from the wisdom of those before you in your path to developing leadership-level security best practices. As you’ll likely need to be the authority on cybersecurity in your organization, it’s helpful to study resources from reputable institutions to inform your strategy. Sources like the Department of Homeland Security’s National Cybersecurity Workforce Framework offer industry-proven best practices specifically for government organizations, common definitions and further learning resources on cybersecurity. Research and advisory firms like Gartner and Forrester provide regular analyst research on evolving trends in cybersecurity as well. While all of this studying is certainly a must, remember your professional network is another great place to seek advice and inspiration.

It goes without saying that IT will be hands-on in getting your cybersecurity initiative off the ground. Your IT team should be up-to-date on the latest security best practices (if they’re not, there are some excellent educational resources online) and should help provide insight on how to best convert your goals into a functional plan suitable for your organization’s internal systems.

While IT will be primarily responsible for developing logistics once the plan is developed, it’s equally important to recognize the challenges of the employees the initiative may impact. As a cybersecurity initiative will impact everyone, it’s vital to create a system they will understand and stick to. The more informed you can be on the needs of each department, the more you can tailor your approach to developing a plan that employees will find easy to remember.

Keep track of the answers you receive with these team members to be sure their insight factors into your final plan.

Now that you’ve done your research and consulted with your company’s team leaders, it’s time to set more explicit goals for your organization. These goals should be specific to the needs and potential hazards your organization could face.  Establishing new goals is also an opportunity to correct any unsuitable practices that exist in your current system.

To keep the plan communicable and actionable, format your goals in a way that will be simple to enact. As you draft your plan-of-action, there are a few cybersecurity components that should make your list of priorities:

Want to build your defensive specifications out a little further? You can learn more about different types of cybersecurity threats with CSO Online’s recent round-up.

Work with your internal communications team to decide on the best method of communicating your company’s new cybersecurity plan (HR and Marketing can be a great help in this). Is it a quick email to all employees, or does it deserve more in-depth discussion in a company-wide meeting? Hosting all employees in an overview meeting ensures everyone has the time and space needed to bring up additional questions and for you to clarify how and when the plan will go into effect. This step will further unify your team towards the common goal of protecting your information from outside threats.

Before you begin executing your company’s new strategy, be sure you have a way to measure its success. Revisit your goals for creating your cybersecurity plan and assign a tool to measure its strengths and weaknesses over a defined period. For example, Tenable offers “Assurance Report Cards” to help define and measure established security metrics, and Laserfiche enables organizations to create and track automated business processes to eliminate bottlenecks and improve security. Having the right administrative systems and reporting tools in place will ensure that when it’s time to reflect on and present the success of your cybersecurity initiative, you have accurate, measurable data.

Once you’ve assessed the victories of your cybersecurity program, it’s time to share your successes with your peers to benefit your larger IT community. This is where both you and your organization have an opportunity to shine and to grow. Take advantage of opportunities to discuss your successes and lessons you’ve learned– create a blog post, a LinkedIn article, or even a Twitter thread sharing your experience and offering insightful tips on developing a cybersecurity plan. Be sure to use #cybersecurity to take the conversation to a broader audience!

One final tip: Remember to stay active in the conversation– cybersecurity best practices evolve constantly as technology advances and new threats crop up. The more we talk about cybersecurity, the more we can help one another in the goals to protect ourselves, our employees and our organizations as a whole. One easy way to begin: share this article with your network. Every step you take in discussing cybersecurity best practices is another chance for you to grow your network and know-how!