Why Should You Care about Information Security [Two]

People cheat.  Dan Ariely and fellow researchers at Harvard Business School, MIT, Princeton, UCLA, and Yale tempted a few thousand people to cheat in a set of controlled experiements involving timed math problems and pay for correct answers.  They found that, if given the chance, about 50% of the people cheated.  For those accountable for corporate resources — value — this should be an alarming percentage.

They also found that varying the risk of getting caught did not change the level of dishonesty, and that rationalizing and justifying dishonesty becomes substantially easier when cheating is one step removed from the final cash.  I work in the financial services industry, where individuals have access to relatively vast economic resources and the means to perform wire transfers, securities purchases and sales, and access to electronic markets worldwide.  Other individuals have access to data representing the personal information associated with millions of customers, along with technology to make that valuable data both “small” and “mobile.”  How can this happen?

We are currently living through a bitter economic trough that could  possibly become a dark, heaving, transforming, ocean of depression.  Some material measure of this was caused by layer after layer of rationalize and justified cheating.  Fancy new mortgages, bundled asset backed securities, collateralised debt obligations, rating and hedge fund manipulations, and more.  Trillions of dollars and scores of valuable brands gone as the result of real human’s conscious actions.  More than most civilians can imagine.  Engaging in immoral conduct, violating core values that maintain peace and support the healthy functioning of societies, even in the absence of immediately-applicable laws, regulations, or policies that would explicitly forbid that behavior, is still inappropriate.

Only when researchers could get participants to complate their own standards of honesty, by recalling the Ten Commandments or signing an honor code, could they eliminate this willingness to cheat.  In fact, it eliminated it.  One lesson appears to be that our investments in security awareness, policy awareness, and formal periodic acknowledgement of employee understanding of these, may need more focus.  We should all ensure that participation is manditory across our corporations, top to bottom, and that it is totally unambiguous that participants need to understand what is going on and then testify to that fact.

— References —

“Conversation Starter — How Honest People Cheat.”
Dan Ariely, January 29, 2008,
http://conversationstarter.hbsp.com/2008/01/how_honest_people_cheat.html and in the Harvard Business Review, February 2008, page 24.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: