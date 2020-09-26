There are times when this column strays not so subtly from its general aim to educate, engage, and entertain about the world of cybersecurity. I research and write about phishing and ransomware, or the federal government’s initiatives to maintain information security and privacy, or the horrors of living an online life, vulnerable as that is. Other times, like this week, I leverage the omnipresence of security in the digital age and discuss what may seem to be tangential to the primary topic. I guess it seems that way because it is. Nonetheless, understanding information security requires a lofty view sometimes. It must be addressed holistically. The breadth of subject matter that influences your privacy—i.e., control over your personal, financial, and medical information—requires an equally broad investigation into all its components, many of which don’t immediately come to mind, but should.
It’s the same theory that makes collaboration in the field so critical. The Lone Ranger-esque cybersecurity expert ain’t one, other than to her- or himself. In the same manner that it requires a diverse, collaborative, group of smarties sitting around the table to solve a security incident, it takes this bigger picture view of cybersecurity to best understand it.
Still in the throes of centuries-old exclusion practices as to opportunities afforded to all Americans, and with heightened occasions in 2020 that interrupted our dealings with a global pandemic, meaning Breonna Taylor’s and George Floyd’s tragedies (not counting many more in recent years), diversity must advance to inclusion. We need to for moral, spiritual, and ethical reasons. We also need to make immediate, marked improvements for the sake of information security and privacy.
Regrettably, it takes an event, a horrific event, to inspire action. After George Floyd’s murder, tech firms like IBM, Apple, Facebook, and PayPal, and non-tech companies like NASCAR, Adidas, and Trek committed to ramp up their inclusion efforts. It’s no coincidence that the one event sparked so much activity. Business leaders are charged with recognizing opportunity and enriching stakeholders. In this case, and despite my standing cynicism, I believe corporate America made moves for more complex reasons than simply capitalizing on an uprising in the making.
Any one of you who’s worked in corporate America during the past 10 or more years knows that “diversity” is a vocal theme. In the law, for every year and decade that’s clicked past us since the mid-twentieth century or so, it’s presented more obvious, overt mandates toward diversity. We know that at least every 10 years the U.S. government compels acknowledgement of our diversity via the U.S. Census. The Commerce Department that runs the census show predicts that within the next couple censuses over half of Americans will be in a minority group. Hold tight, there, lottery-winning while male, before you start down the “so I’ll be in the minority” road of illogic. That’s a hollow position that I have no time for.
By now, you may wonder when I’ll get back to cybersecurity. Here goes. My point is that without valuing, actively valuing, promoting, and advancing inclusion in America’s workplaces, where such a critical amount of hacking and internet shenanigans are rooted, we’re doomed to fail with keeping cyber defenses up. It’s so much more than merely plastering the office with Diversity Initiative X posters, or holding an annual training exercise about micro-aggressions against people of color. It’s knowing that the benefits of inclusion are so weighty that, in fact, the easiest decision should be to be hyper-inclusive. That means that leaders must realize the value of inclusion, and then must assure the entire staff that their merits, no matter their background, are critically important and valued. People who comprise our minority populations must experience and perceive fairness, two separate and complementary concepts. Experiencing fairness while feeling unfairly treated doesn’t help, much. This sounds like “justice,” eh?
Don’t confuse justice with equality. Sometimes a just end requires an unequal act. Fairness, likewise, doesn’t amount to equality. Is it fair that a CEO makes 35 times more than a line worker when they both work to uphold the same mission? Is it just? It’s certainly not equal, but it may be successfully argued as just and fair. In fact, treating all staff equally would stymy any advances in inclusion. It’s that sentiment that legitimizes Black Lives Matter as having zero to do with a sense that only black lives matter. Black lives, after not being treated equally forever and a day deserve to be treated fairly and justly, and equality left the barn too long ago to aspire to it now as a repair. Admittedly, that digressed from my meaning today.
We cannot, as a society, as a cadre of businesses in the U.S., or as neighbors, continue exclusion practices. If for no other reason than respecting the complexity and challenges of maintaining information security and privacy, we must activate the intent of inclusion. Don’t believe me. Studies over and over point to inclusion as a proponent of engagement in the workplace; of job satisfaction; a healthy work environment; facilitating creative solutions; high levels of performance. If you’ve ever been a supervisor or talked with one seriously, then you know that these are real goals in a job setting. Once they are in place, the more acute goals—selling 20% more widgets this year or nabbing that federal government contract—come to follow.
Two goals that every company has are to maintain its information security and not to compromise the privacy of its employees and customers. Failing in those areas are critical errors. It’s severely expensive to be legally mandated to respond to a cybersecurity incident, and the reputation hit alone can devastate a firm. One proven, socially necessary, and now obvious way to set the foundation for cybersecurity protection is inclusion. An inclusive team works at a secure, profitable company.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
