Well-meaning amateurs

Bear with me, this one’s a digression. A consequence of the digital revolution has been the opportunity for everyone to turn their hand to anything. In general, we think this is a good thing – who knows what talents went undiscovered in the past? But there are always unintended, and undesirable, consequences to change.
I’m prompted in this case by a survey I was sent following the UCI Amateur World Championships (a cycle race in which I participated, somewhat forlornly). Back in the distant past I spent some time as Research Director for a market research business, so I’ve been involved with more than my fair share of surveys. This one had all the hallmarks of SurveyMonkeyitis, as I shall call it. Badly-phrased questions; inept demographics; mandatory answer multiple-choice with no other/don’t know/does not apply; leading questions; confirmation bias; a futile attempt to balance too many agendas against acceptable length of questionnaire; failure to assure anonymity. Doubtless you too have been exposed to these things, usually as the product of someone’s well-meaning marketing department.
After all, why pay a proper market research firm, now that anyone with a sheaf of email addresses can construct a survey? After all, it’s hardly rocket science, is it? Who cares if the answers will be at best useless, at worst misleading or if the analysis risks breaching the confidentiality of respondents? We’ve done a survey, got the answers we were expecting, it’s pub-o-clock, right?
We can see the same symptoms elsewhere – consumers arriving at the doctor pre-diagnosed with two or three rare fatal diseases; terms and conditions rendered inapplicable by benighted editing and still including the name of the firm from whom they were ‘borrowed’ buried in an overlooked sub-clause; everybody’s logos and PowerPoints showing the unmistakeable spoor of default styles and clip-art.
OK, we’re four paragraphs in, you’ve indulged me…what the hell has this got to do with IT security? Well, you tell me. Did you hire a proper security firm to configure your firewall, write your security policies, review your physical security, train your staff or even train your management? Or did you do some Googling, decide it wasn’t rocket science, and deal with it yourselves?
The internet was once lauded for ‘disintermediation’. Perhaps we should now be talking about ‘deprofessionalisation’. You could see this as a good thing – taking knowledge out of the protective clutches of experts and putting it into common ownership. But I fear that inept market research, hypochondriacal self-diagnosis, barrack-room lawyering and cackhanded graphic design are just the tip of the iceberg. If you want something done properly, don’t do it yourself.