DO ANY of these scenarios sound familiar?
- A client wants you to work on a network full of unlicensed, pirated software, and you don’t know whether or not you’re responsible for taking corrective action.
- Another client wants you to install spyware on some of its employees’ desktops for unspecified reasons, and you have to decide whether you’re comfortable being a party to corporate snooping.
- You find evidence of potentially criminal wrongdoing on a client’s network, and are unsure what your legal and/or moral obligations might be.
Welcome to the world of IT ethics, where channel pros find themselves dealing with thorny dilemmas like these on a regular basis. Thanks to the unique nature of a job that includes access to reams of intimate information about customers, channel pros must often make value judgments about what is good or bad and where moral duties and obligations start and stop, according to Michael Klein, president of Computer Directions Inc., an IT and management consultancy based in Albertson, N.Y.
“What makes things particularly difficult is that MSPs have to deal with these issues on a case-by-case basis by themselves,” he says. “There are situations where you could use a panel—including a business attorney, someone from the clergy, a psychologist, and other specialists—to provide real guidance on your responsibilities.”
There are publicly available resources for IT consultants seeking general ethics advice. The Association for Computing Machinery’s code of ethics, for example, includes “General Moral Imperatives” requiring its members to contribute to society and human well-being; avoid harm to others; be fair and take action not to discriminate; honor property rights, including copyrights and patents; respect the privacy of others; and honor confidentiality.
The Global Information Assurance Certification, a security skills validation body, has its own code of ethics with provisions emphasizing the importance of minimizing threats “to the confidentiality, integrity, or availability of an information technology solution, consistent with risk management practices.”
Along the same lines, the International Information System Security Certification Consortium, an organization for cybersecurity and IT security professionals, requires its members to “act honorably, honestly, justly, responsibly, and legally.” They must also “provide diligent and competent service to principles, and advance and protect the profession.”
Similarly, elements of the code of the Information Systems Security Association Inc., a Spring, Texas-based membership group for cybersecurity professionals, include promoting “generally accepted information security current best practices and standards” and maintaining the “appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities.”
Accepted Business Practices
As useful as those standards are, however, determining the right thing to do in specific situations isn’t always as black and white.
That’s when MSPs need to do more thinking. Is their proposed course of action in line with commonly accepted good business practices? Does it fit the ideal of good faith and fair dealing? “That’s the underlying principle of every contract and agreement,” according to Nerino J. Petro Jr., a Rockford, Ill.-based attorney and long-time technology consultant for the legal community.
Speaking with a qualified lawyer makes sense in some instances, notes Petro. One of his recommendations for MSPs coping with an ethical conundrum is to consider if their standing in the community, or that of their customer, would suffer should the incident in question become public. If the answer is yes, “then perhaps you need to take a closer look at what you or your client are doing,” he says.
Indeed, commonsense approaches like that often provide the best way out of an ethical bind. “[Customers] are trusting you as a professional business adviser, relying on your advice and guidance,” observes Paul Nebb, president of Marlboro, N.J.-based network services and IT consulting provider Titan Technologies LLC. “Always make being honest and up-front a core principle of your business.”
Opening Image: Thinkstock Photos