An information security industry campaign geared towards stamping out workplace harassment and social media cyber bullying has received pledges from a number of businesses to implement a code of conduct.
Respect in Security, which was launched in July this year, has secured commitments from 98 UK-based businesses who have promised to make their offices a safe place to work that are free of harassment.
So far, BT, Trend Micro, Crest and several law firms including Pinsent Masons are among the companies that have signed up to the pledge
As previously reported by The Daily Swig, the idea for Respect in Security was sparked during Cyber House Party, a regular online meeting set up during the pandemic that featured discussions about topics in the industry alongside DJ sets and socializing opportunities.
A panel session on online harassment exposed gaps in industry-specific support for victims of harassment and shone the spotlight on bad behaviors the prompted a group of industry professionals to establish the group.
Nikki Webb, global channel manager for managed service provider Custodian360 and a co-founder of Respect in Security, told The Daily Swig that harassment can come in many forms, from “violating the dignity” of a specific person to allowing a toxic workplace culture to flourish.
“The problem is larger than we thought,” Webb told The Daily Swig.
A survey of 302 people in the industry, commissioned by Respect in Security, found that almost a third (32%) had experienced online harassment. Of these incidents of harassment, 44% occurred on Twitter and 37% via email.
“We’re not being as respectful as we should be,” according to Webb, who added that exclusion of disabled people remains an issue despite legislation in this area.
Toxic workplaces
The UK, where the majority of the group founders are based, recently announced it was hoping to become a ‘global cyber power’ in 2022, with a particular focus on improving the number of diverse candidates across the industry.
But while there is often talk about the skills gap and the number of people needed to fulfil open vacancies, unless more is done to improve the culture of businesses, we risk putting potential workers, especially young people, off or worse bringing them into a “toxic industry”, according to Webb.
The industry can be pressured enough – particularly at times when organizations are defending against high-profile attacks such as Log4j – without adding online bullying or trolling into the mix.
Forward thinking
Looking ahead, Respect in Security is hoping to organize Town Hall events and conduct more research.
Some thought has also been put into franchising the organization and taking it into different countries – however different laws can act as a barrier.
Although corporate HR department have compliance programs in place, these schemes are also inadequate, says Webb who concluded: “Tick box exercises are not enough.”
Source: https://portswigger.net/daily-swig/respect-in-security-anti-harassment-infosec-industry-group-gains-momentum-with-code-of-conduct-campaign