Ethics 101 : Keeping Cyber on the Straight and Narrow

In cybersecurity, the good guys need to know the same malicious tricks the bad guys use in order to keep them at bay, so having a strong ethical foundation is core to keeping our people on the straight and narrow.

As CISOs, we have to provide that kind of leadership to our teams.

Obviously, we have to hold ourselves to the highest standards to set an example. We’re the ones who set the tone. But equally important, we have to clearly lay out what kind of behavior we expect from our employees so they know what type of conduct crosses the line. We don’t want skills misplaced in a way that compromises a company’s sensitive data.

To begin with, we all need to think about the common challenges cybersecurity professionals face because we have access to data ordinary individuals don’t. And then we have to figure out what good behavior looks like for our teams. That’s something that almost has to be defined by role because different rules would apply to different jobs.

We want to do our best to make sure the people we recruit share our ethical standards and can be trusted with the privileged information we’re assigned to protect. Having an ethical yardstick is especially important in a sector where there is a severe talent shortage and where people may not have honed their skills in settings that emphasized ethical conduct.

And because many cybersecurity professionals work from home, that risks deepening the temptation to conduct bad behavior since there’s no one around to see you taking that screenshot. During COVID-19, I am sure we all onboarded people that we never had a chance to meet in person probably until only recently. Being a culture carrier and instilling expected norms and ethics can be a challenge when done strictly remotely.

Read more in the full-length blog, which can be found on the Security Current page.

*Disclaimer: The views are solely those of David Cass