It seems that every day there is yet another case of unethical behaviour related to the technology sector. Whether it is the alleged involvement of the Chinese government with Huawei or a case of an ‘insider threat’ (typically a trusted individual doing something that is ethically and/or legally questionable), bad behaviour appears to be rampant throughout our industry.
Intuitively, as IT professionals, we turn to technological solutions to try to solve problems. Configuring (higher levels of) encryption, ensuring logical centralised management and updates are all part of the solution. In a perfect world, this would result in all devices being secure and very little ability for ‘bad actors’ to gain unauthorised access to things that they shouldn’t.
In reality, there are other factors we need to consider. Often we have less time (and money) than we would like to implement complex technology solutions. In addition, this is not a problem that can be completely solved with the use of technology alone. We need to consider that not everyone is an IT professional — and even those who are, are of differing education and skill levels. What one individual may consider ‘secure’ may in actual fact be vulnerable for a wide variety of reasons.
What specifically can we do to improve this situation?
As individuals and IT professionals, we should feel obligated to ensure that we conduct ourselves in a legal and ethical manner at all times. Having a properly tuned moral compass is critical. We should be continuously asking ourselves ‘Should I do this?’ as opposed to ‘Can I do this?’
In addition, we should be holding our colleagues and co-workers to the same high ethical standards — whether they are working directly in the technology space or not. The ‘Don’t walk by’ motto that has proliferated in WHS circles should also apply when it comes to the technology arena — it is everyone’s responsibility.
If you come across something that you know is not being done right, try to do something about it. The next time you come across a wireless network that only has WEP encryption, a Windows server that has RDP open to the internet or a Post-it Note containing someone’s password, attempt to address it!
As a group, it is important that we have a voice regarding technology-related issues that concern our community. This might be in the form of writing to your local MP about issues that concern you and/or joining an association such as ITPA to advocate on your behalf for change regarding these issues.