ROI of Public Scrutiny

This article is part of my Better Return On Investment from Software Development series.
These articles are aimed at senior management funding Software Developer or IT Professionals attempting to show the ROI benefits of what can sometimes seem counterintuitive.
This ever growing library is provided free of charge and can be found here.

How would our decisions change if they were made available for public scrutiny?

I was prompted into this question by this article -> What if all your security practices where put on public display?

The article was written by Troy Hunt – a chap I’ve written about a few times. Troy is largely known for his work on web security and has provided his professional opinion to many media agencies (including the BBC). Cut a long story short, he knows his stuff.

In the article he ponders the question; if all your security practices where to be put on display for public scrutiny, would it change your decision process?

The wider question

Personally I think the question goes deeper than just your computer security. I think it applies to the whole manner in which you operate your organisation.

Are you truly running it in an ethical way in which an outside observer (Joe Public) would understand and approve of?

Take a moment and think about all those things in which you make decisions on. Are there places where, if held up to public scrutiny, you feel that you and your organisation wouldn’t be shown off in the best light?

And I do say you in this. Make a poor decision, and it becomes public – it can have a considerably negative affect on your future career prospects.

Back to security

Ok, so focusing back on security – I do think this is an area where decisions are generally made based on cost saving rather than an educated well thought out policy.

I remember a CFO telling me once that he didn’t believe that security was a problem and it was hyped up by the security industry to make money.

While I can see how he would arrive at that decision, he is fundamentally wrong.

“There are two types of companies: those that have been hacked, and those who don’t know they have been hacked” (Various sources on the internet)

I’m not going to spend a whole bunch of time here providing evident of security problems in the internet … I’ve covered that in a previous article and there is just too much evidence out there for any rational person to dismiss.

Simply put – you and your customers are at risk of security breaches – period.

And even if you don’t believe it … your customers do.

Age of the customer

Regardless of if you are B2B or B2C, the customer is king.

Very few organisations are in a position where they can take their customers for granted.

So what would your customer think about you current security stance?

Not sure? Then ask them. Show them the decisions you have made and invite feedback.

Not something you want to do? Then I think we’ve answered the question.

Over focus on the bottom line

In previous articles, I’ve talked about poor decision making based on short term mind-set – more often than not focused on purely the immediate bottom line. On the cost.

In this day and age, you simply cannot focus on just the cost. You cannot go with the cheapest option to tick a box – or for that matter ignore the box in its entirety.

With Social Media, regardless if you are B2B or B2C, one bad experience can be amplified until you are in crisis mode.

Take for example the video of United Airlines passenger being forcibly removed from an overbooked flight. A 30 second video is then seen by the world media has a consider impact on the organisations reputation … and of course ultimately hitting its bottom line.

While I doubt your organisations would treat their customer with such flagrant disregard – would the customer feel any less aggrieved if they have been a victim of cybercrime due to pennies having been saved on security defences?

As always, how would you feel if it was you?

The upside

The good news is that if you are doing the best you possibly can be, then you have something to really shout about.

It is marketable; it can provide considerable value for your customer.

So if you are doing the right thing, shout it from the rooftops. Hopefully it will shame the less progressive to also step forward.

In all things

As I said above, I believe the principal can be applied to much more than computer security or software development. Be it customer services, staff benefits, or simply how we treat our office space – always consider how the customer would perceive it.

“Character is doing the right thing when nobody's looking. There are too many people who think that the only thing that's right is to get by, and the only thing that's wrong is to get caught.” J. C. Watts

About the author:

Mark Taylor is an experience IT Consultant passionate about helping his clients get better ROI from their Software Development.

He has over 20 years Software Development experience - over 15 of those leading teams. He has experience in a wide variety of technologies and holds certification in Microsoft Development and Scrum.

He operates through Red Folder Consultancy Ltd.