Symantec released its 2012 Corporate Social Responsibility (CSR) report at the end of October. It’s not for any company to make the final judgement on how well it rates in terms of CSR, but you can read independent reviews from environmental analysis firm TriplePundit and Ethical Corporation.
From the top, the report divides into three sections. Our People, which covers how Symantec develops as an inclusive, diverse organisation; The World, tackling how the company minimises its footprint and maximises its positive social impact; and Your Information, which specifically highlighted the ways in which Symantec is looking to tackle information security. With a mission to provide our customers with confidence in their connected experiences, the company has a special responsibility for helping consumers and businesses protect their data and themselves. It’s an area we take very seriously - how could we otherwise – not only do we seek to protect our customers but we apply similar principles to our own organisation.
Beyond such efforts, our customers will be familiar with reports such as the Norton Cybercrime report, in which we keep our customers informed about the ongoing threats and their costs – some $388 billion globally in Fiscal Year 2011 (FY11). This year we launched the Norton Cybercrime Institute, which offers training and expertise to law enforcement agencies, legal trainees and indeed victims of cybercrime worldwide.
We’re also working hard to ensure the online safety of technology users, protecting both the devices they use and the services they access. As technology spreads onto mobile devices and across cloud computing platforms, so we are broadening our products and services and the advice we offer. It’s not just a case of products: we also see education as a fundamental piece of the jigsaw. In the face of trends such as Bring Your Own Device (BYOD), we recognise that simply locking things down is neither desirable nor feasible for most organisations, and we are evolving to suit.
Looking forward, privacy is an increasingly high priority for many organisations, not least Symantec. This is a complex area because all businesses require some level of information about their customers, which must be protected and maintained in a way that complies with complex laws at the same time as serving the best interests of the customers. This, coupled with the increasing use of the cloud for data storage, makes it an area on which we shall be focusing considerable effort in the next year.
We do not make a pretence of perfection – the report itself highlights an incident in FY12 in which source code from two of our products was leaked and released publicly by the group ‘Anonymous’. As states the report, however, “From the very beginning of the situation, we promptly provided full, candid disclosure and ensured that our public statements included all of the all of the information our stakeholders needed to know.” Incidents such as this make us no different from many of the organisations we serve, and we are responding accordingly.
Corporate responsibility is a journey of continuous improvement, and we shall continue to assess our CSR progress and evolve our strategy, not least in IT security. To quote Cecily Joseph, senior director of corporate responsibility and compliance: “We recognize that we have much work ahead of us, and we look forward to making progress on our published goals. In particular, our emphasis is on creating opportunities for women in senior management, controlling our energy and greenhouse gas footprint as the business grows, and deepening our commitment to privacy practices and supporting cybercrime victims worldwide.”
If you have any feedback, please contact the Corporate Responsibility team at firstname.lastname@example.org.
Neal Watkins is Vice President, Technology, for the Technology Sales organization at Symantec.