Corporations, government agencies or individuals may be quick to throw ethics out the window when there’s an extra buck to be made. Some of these conflicts of interest are overt, while others are difficult to recognize. CISOs are constantly challenged to identify patterns that might put them in a morally compromising position.

The most common conflict of interest arises when an employee working for one company freelances for a competitor. Another type of conflict results from nepotism, when one or more employees is related to a company manager or executive. These are the most obvious examples, but other instances, such as C-suite friction and negative publicity, are subtler and usually intrinsic.

Even innocent interactions between two people at a conference or on social media can lead to termination of employment or legal action if both parties are not careful. It’s difficult to keep track of every potential problem, but IT leaders can save themselves a lot of headaches by simply knowing what kinds of issues commonly lead to contention.

Stifling Whistleblowers With Gag Rules

Chief information security officers (CISOs) must manage conflicts of interest among their board of directors and other departments throughout the organization. Most employees blindly trust their CISO’s decision-making skills and don’t even think to challenge them. But consider the problems that might arise if a board member favors a particular vendor because he or she holds a stake in that company or stands to redeem an undisclosed incentive in the future. This is also why employees are often pressed to sign noncompete agreements.

Some companies go so far as to establish gag rules that prevent employees from publishing articles or books without explicit approval. A Google employee even filed a lawsuit claiming that the company breached California labor laws by using confidentiality agreements to run what essentially amounts to an internal “spying program.” The tech giant, according to the lawsuit, even forbid employees from writing novels about “someone working at a tech company in Silicon Valley.”

If Google is found guilty on all violations specified in the lawsuit, it could face fines up to $3.8 billion. The allegations illustrate how a company might use its confidentiality rules to prevent whistleblowers from disclosing illegal activities to regulators and law enforcement.

Corporate and Government Conflicts

CEOs are often motivated to engage in conflicts of interest with government agencies, and vice versa. For an example of this, look no further than the lobbies influencing federal, state and international lawmakers to bend legislation in their favor. Big Tobacco, for example, sits on the governing committee for tobacco control in the Philippines. Now, imagine how this conflict might negatively impact things like health care or product distribution.

Ironically, these global corporations typically have ethics and governance programs, yet turn a blind eye when these principles conflict with opportunities to establish dominance in the marketplace. For the CISO, naturally, this presents a moral quandary.

Managing Conflicts of Interest

A CISO should always consider the job from the outside looking in. Corporations don’t take conflicts of interest lightly, and it’s important for security leaders to make sure their actions align with the company’s business goals and code of ethics.

Restrictions relating to conflicts of interest vary from industry to industry. Independent contractors, for example, can use skills obtained elsewhere for personal gain because they are self-employed. In a corporate setting, however, employees are bound by the company’s stipulations related to conflicts of interest.

Before you engage with another organization or participate on social media, ask yourself:

  1. Are you treating specific co-workers, relatives or friends differently because of the nature of those relationships?
  2. Are you using skills you developed at work for personal gain outside the company?

If the answer to either of the above questions is yes, you may be in conflict with the interests of your company. Recognizing these situations will help you avoid them.

More from CISO

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…

Laid Off by Big Tech? Cybersecurity is a Smart Career Move

Big technology companies are laying off staff as market conditions change. The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years. As noted by Stanford…