Silverstone said he encourages employees to report any perceived flaws in security, in the same way they should report safety or harassment. He said he even makes it part of an employee policy handbook. “I encourage them to be adamant about it,” he said, adding that in his experience, virtually all those who brought concerns to him were well intentioned.
“There are very few who abuse the system,” he said. “I only remember one person who wasn’t telling the truth.”
Still, for those who don't work for the government or who have union protections, going outside management to blow the whistle on a security problem is risky, even if a complaint is upheld.
Stronger laws might help, said the anonymous expert who resigned rather than falsely certify compliance, and didn’t blow the whistle. “Our economy is built in such a way that the employer has the upper hand. Nothing good will come of it,” he said.
Sign up for CIO Asia eNewsletters.