CISOs Are Constantly Confronted With Conflicts of Interest

Corporations, government agencies or individuals may be quick to throw ethics out the window when there’s an extra buck to be made. Some of these conflicts of interest are overt, while others are difficult to recognize. CISOs are constantly challenged to identify patterns that might put them in a morally compromising position.

The most common conflict of interest arises when an employee working for one company freelances for a competitor. Another type of conflict results from nepotism, when one or more employees is related to a company manager or executive. These are the most obvious examples, but other instances, such as C-suite friction and negative publicity, are subtler and usually intrinsic.

Even innocent interactions between two people at a conference or on social media can lead to termination of employment or legal action if both parties are not careful. It’s difficult to keep track of every potential problem, but IT leaders can save themselves a lot of headaches by simply knowing what kinds of issues commonly lead to contention.

Stifling Whistleblowers With Gag Rules

Chief information security officers (CISOs) must manage conflicts of interest among their board of directors and other departments throughout the organization. Most employees blindly trust their CISO’s decision-making skills and don’t even think to challenge them. But consider the problems that might arise if a board member favors a particular vendor because he or she holds a stake in that company or stands to redeem an undisclosed incentive in the future. This is also why employees are often pressed to sign noncompete agreements.

Some companies go so far as to establish gag rules that prevent employees from publishing articles or books without explicit approval. A Google employee even filed a lawsuit claiming that the company breached California labor laws by using confidentiality agreements to run what essentially amounts to an internal “spying program.” The tech giant, according to the lawsuit, even forbid employees from writing novels about “someone working at a tech company in Silicon Valley.”

If Google is found guilty on all violations specified in the lawsuit, it could face fines up to $3.8 billion. The allegations illustrate how a company might use its confidentiality rules to prevent whistleblowers from disclosing illegal activities to regulators and law enforcement.

Corporate and Government Conflicts

CEOs are often motivated to engage in conflicts of interest with government agencies, and vice versa. For an example of this, look no further than the lobbies influencing federal, state and international lawmakers to bend legislation in their favor. Big Tobacco, for example, sits on the governing committee for tobacco control in the Philippines. Now, imagine how this conflict might negatively impact things like health care or product distribution.

Ironically, these global corporations typically have ethics and governance programs, yet turn a blind eye when these principles conflict with opportunities to establish dominance in the marketplace. For the CISO, naturally, this presents a moral quandary.

Managing Conflicts of Interest

A CISO should always consider the job from the outside looking in. Corporations don’t take conflicts of interest lightly, and it’s important for security leaders to make sure their actions align with the company’s business goals and code of ethics.

Restrictions relating to conflicts of interest vary from industry to industry. Independent contractors, for example, can use skills obtained elsewhere for personal gain because they are self-employed. In a corporate setting, however, employees are bound by the company’s stipulations related to conflicts of interest.

Before you engage with another organization or participate on social media, ask yourself:

  1. Are you treating specific co-workers, relatives or friends differently because of the nature of those relationships?
  2. Are you using skills you developed at work for personal gain outside the company?

If the answer to either of the above questions is yes, you may be in conflict with the interests of your company. Recognizing these situations will help you avoid them.

Share this Article:
George Moraetes

VP, Chief Security Officer and Architect, Securityminders Corporation

George Moraetes is one of the leading information security practitioners with over 20 years of industry experience. He currently serves as the VP, Chief Security Officer and Architect of Securityminders Corporation. In this role, he provides consulting services for Fortune 500 clients, federal and state governments in multiple management role engagements. He is responsible for strategy development, designing and implementing security architectures and overseeing security infrastructure implementations.