Friday, October 29, 2010

Curse of the Indelicate Obvious

There is a modern curse more deadly to the secure enterprise than a squadron of scoundrels. What is it? The curse of the indelicate obvious, or the intentional denial of blatant indicators that something is amiss, for fear of running afoul of some perceived standard or arbiter of unfairness. Common sense is a great boon to protection, and it is a mistake to dismiss it out of fear of defamation suits or grievances. Consider: Should a financial institution hire into a position of trust someone whose personal credit is in disarray or who was previously convicted of fraud? Common sense says no. But moral outrage expressed by the applicant’s champions could easily browbeat the faint of heart into negating this reasonable protective decision.

Similarly, a wise employer realizes that it is generally a good idea to avoid hiring people whose behavior indicates that they treat the workplace as a platform for self-expression at employer expense. What are the clues? Blogs and social media postings highlighting indiscretions or even boasting about converting employer assets to personal gain or about threatening bosses with intimidation tactics or even physical harm.

While the front-line supervisor knows that ignoring such signs means paying for them later in lost productivity or work team disruptions, support staff often present a different perspective. Theirs is the world of hierarchical harmony and avoidance of legal, public relations, and reputational risk – all worthy objectives. However, one may as well fall flat on his face as bend over too far backwards. In their eagerness to avoid bad press or unpopular contests, these staff advisers tend to counsel too much caution, advising that no line manager ever act on any clues other than what exists in a given box of the job application. This is what John Steinbeck would have called the kind of smartness that cuts its own throat.

The solution? Don’t over rely on imperfect indicators like gut feel and questionable signs of irresponsibility, but don’t ignore them altogether either. Instead, use them to trigger a supplemental probe. Even if your staff advisers tell you that you cannot base a hiring decision on overabundance of body piercings or blatant indicators of irresponsibility, you can at least schedule a follow-up interview to ask questions and draw a person out. At the very least, ask. Offer the candidate some scenarios that compel choosing a course of action consistent with future job responsibilities. You might be surprised how often people admit to misdeeds or give themselves away through behavioral leakage – if you just give them a chance.

For more along these lines, see “Defending Against the Threat of Insider Financial Crime,” on page 17 of a recent issue of Frontline Security (at http://www.frontline-security.org/publications/10_SEC2_Money.php).

-- Nick Catrantzos