I feel there is a very strong corollary to my own chosen field of Information Security, itself an offshoot of criminology focusing on cybercrime and policy-based security models to prevent crime and loss. I think that the Broken Window Theory is valuable because it shows that small cues, psychologically, create an environment which can tell people that crime is tolerated, or not tolerated. While I'm not sure that you can expressly attribute the drop in crime in New York under Rudy Giuliani's program cracking down on quality-of-life offenses, it seems to be a very strong contributing factor. (However, crime overall dropped nationwide during the same time period, though not as precipitously as in New York City). I'm a fan of the broken window theory because I've seen it work in my own company, as a private security cybercrime initiative.
Because of this, I feel that there is definitely a strong case for the Broken Window Theory to apply to corporate crime. I have experienced that showing popup alerts warning of potential policy violations, detection and response to minor offenses, including swift notification (e.g. warned web sites, password policy, warnings from desktop monitoring components detecting inserted USB drives, etc) shows a marked and pronounced reduction in criminal behavior within corporations, such as information disclosure and unauthorized access. When adding warnings of policy to web pages, this was far more effective than a passive logging and blocking, and we noticed a dramatic drop in illicit and evasive web behavior (e.g. pr0n, DropBox or proxy avoidance sites). PhishMe is a company that works in organizations to create Phishing programs to trick employees into falling for e-mail phishing scams, then trains them in that moment when the employee realizes they've messed up. This is a great reinforcer that the little things matter, and we've seen a marked improvement in security awareness, policy compliance and in reporting of security issues - in essence, this is like our COP within our company. :-)
I recall reading in trade literature roughly 5 years ago that there is a definite tie between how the security guard looks, and embezzlement…although I was unable to find that article due to the very generic words that search contained. The study showed that, if the corporate security guard at the front desk "looks like a police officer", then employees will commit less embezzlement and fraud, but where the security guard was in business attire, fraud increased. They further showed that progressive steps towards making the security officers "look like cops" showed a significant correlation to criminal behavior by the employees.
This research goes against the grain of the "kinder, gentler" office environments that have become popular over the last 30 years, where corporations seek to create a friendly face to security in the building - in my own organization, the primary face of the front security desk are frequently women that resemble grandmothers rather than the "look" of cops. From the research, a white shirt with epaulettes, gold shield badge, gun, shirt patches and stripes, police-style duty belt, black tie, spit-shined shoes and radio handset clipped to the lapel were all psychological clues that the security force was alert and tied to law enforcement. I think this is a logical extension of the same kind of social cues as The Broken Window theory, although really environmental.
Perhaps these provide us a lesson in changing corporate crime by merely "looking alert". I'm not a fan of security through obscurity, but cognition is a real force in human behavior, and effecting associate cognition through a little disinformation and camouflage seems a smart use of social science.
No comments:
Post a Comment