Back on July 30, the Wall Street Journal published an article entitled, “Ten Things Your IT Department Won't Tell You.” From getting around web filters to downloading unauthorized software, tips were provided. Thousands of blogs immediately lit up across the country both to support and denounce the article. Some called it nothing new and just a repeat of the lists already available via hacker newsletters and Google searches. Others responded with their defense of the 10 reasons why IT staff don't tell you these things, or with their own lists of dangers involved in disclosing this information.
My major concern is their disregard for “the other integrity.” Coming from one of America's most respected publications, this list legitimizes inappropriate conduct. The WSJ represented corporate best-practice security policies as “10 problems” that require end-users to apply “tricks” to get around. Despite the fact that employees sign acceptable use policies that forbid these actions, the WSJ suggests these tips can be used with minimal risk.
I believe this article has the net effect of encouraging behaviors which could get employees fired, cause a security breach or result in lost reputations and/or dollars. Their “security experts” provide details that could, if followed, compromise the integrity of an individual, a corporation or a government organization. IT professionals already struggle to combat cultural bias against safe computing and good security practices. Are they suggesting that the end justifies the means?
The sad part is that well-intentioned readers are deceived. I have seen these suggested actions lead to numerous personal disasters. Like buying a radar detector to speed on highways, this article demonstrates the opposite of open and transparent surfing while at work. If this advice is followed, corporate protections for sensitive information, legal compliance and ethical training would all be undermined.
This piece should instill fear regarding our future security effectiveness, especially if we lose the hearts and minds of the masses. Is this a one-off or the harbinger of things to come? Will the good guys turn away from us?
My main message in response to readers of this article is simple: your integrity is at risk — the other integrity.
My major concern is their disregard for “the other integrity.” Coming from one of America's most respected publications, this list legitimizes inappropriate conduct. The WSJ represented corporate best-practice security policies as “10 problems” that require end-users to apply “tricks” to get around. Despite the fact that employees sign acceptable use policies that forbid these actions, the WSJ suggests these tips can be used with minimal risk.
I believe this article has the net effect of encouraging behaviors which could get employees fired, cause a security breach or result in lost reputations and/or dollars. Their “security experts” provide details that could, if followed, compromise the integrity of an individual, a corporation or a government organization. IT professionals already struggle to combat cultural bias against safe computing and good security practices. Are they suggesting that the end justifies the means?
The sad part is that well-intentioned readers are deceived. I have seen these suggested actions lead to numerous personal disasters. Like buying a radar detector to speed on highways, this article demonstrates the opposite of open and transparent surfing while at work. If this advice is followed, corporate protections for sensitive information, legal compliance and ethical training would all be undermined.
This piece should instill fear regarding our future security effectiveness, especially if we lose the hearts and minds of the masses. Is this a one-off or the harbinger of things to come? Will the good guys turn away from us?
My main message in response to readers of this article is simple: your integrity is at risk — the other integrity.
