How would our decisions change if they were made available for public scrutiny?
I was prompted into this question by this article -> What if all your security practices where put on public display?
The article was written by Troy Hunt – a chap I’ve written about a few times. Troy is largely known for his work on web security and has provided his professional opinion to many media agencies (including the BBC). Cut a long story short, he knows his stuff.
In the article he ponders the question; if all your security practices where to be put on display for public scrutiny, would it change your decision process?
Personally I think the question goes deeper than just your computer security. I think it applies to the whole manner in which you operate your organisation.
Are you truly running it in an ethical way in which an outside observer (Joe Public) would understand and approve of?
Take a moment and think about all those things in which you make decisions on. Are there places where, if held up to public scrutiny, you feel that you and your organisation wouldn’t be shown off in the best light?
And I do say you in this. Make a poor decision, and it becomes public – it can have a considerably negative affect on your future career prospects.
Ok, so focusing back on security – I do think this is an area where decisions are generally made based on cost saving rather than an educated well thought out policy.
I remember a CFO telling me once that he didn’t believe that security was a problem and it was hyped up by the security industry to make money.
While I can see how he would arrive at that decision, he is fundamentally wrong.
“There are two types of companies: those that have been hacked, and those who don’t know they have been hacked” (Various sources on the internet)
I’m not going to spend a whole bunch of time here providing evident of security problems in the internet … I’ve covered that in a previous article and there is just too much evidence out there for any rational person to dismiss.
Simply put – you and your customers are at risk of security breaches – period.
And even if you don’t believe it … your customers do.
Regardless of if you are B2B or B2C, the customer is king.
Very few organisations are in a position where they can take their customers for granted.
So what would your customer think about you current security stance?
Not sure? Then ask them. Show them the decisions you have made and invite feedback.
Not something you want to do? Then I think we’ve answered the question.
In previous articles, I’ve talked about poor decision making based on short term mind-set – more often than not focused on purely the immediate bottom line. On the cost.
In this day and age, you simply cannot focus on just the cost. You cannot go with the cheapest option to tick a box – or for that matter ignore the box in its entirety.
With Social Media, regardless if you are B2B or B2C, one bad experience can be amplified until you are in crisis mode.
Take for example the video of United Airlines passenger being forcibly removed from an overbooked flight. A 30 second video is then seen by the world media has a consider impact on the organisations reputation … and of course ultimately hitting its bottom line.
While I doubt your organisations would treat their customer with such flagrant disregard – would the customer feel any less aggrieved if they have been a victim of cybercrime due to pennies having been saved on security defences?
As always, how would you feel if it was you?
The good news is that if you are doing the best you possibly can be, then you have something to really shout about.
It is marketable; it can provide considerable value for your customer.
So if you are doing the right thing, shout it from the rooftops. Hopefully it will shame the less progressive to also step forward.
As I said above, I believe the principal can be applied to much more than computer security or software development. Be it customer services, staff benefits, or simply how we treat our office space – always consider how the customer would perceive it.
“Character is doing the right thing when nobody's looking. There are too many people who think that the only thing that's right is to get by, and the only thing that's wrong is to get caught.” J. C. Watts