What you’ll learn to do: Identify security, privacy and ethical issues affected by information technology
Now that we have acknowledged the amount of data that business collects about people, what are the risks and challenges associated with keeping that information secure? Businesses stand to lose consumer confidence and respect if they allow unauthorized access to customer data. For this reason, businesses take information security and cyber-security seriously. Despite the importance of protecting customer data, breaches and hacks seem to be more and more common. Is this a result of inadequate security measures on the part of the businesses, or are hackers getting better at accessing so-called “secure networks”? The answer is probably both. In this section you’ll learn about some of the ongoing security issues businesses face in trying to safeguard their (and their customers’) electronic communications and data.
Learning Objectives
Identify privacy issues associated with information technology
Identify ethical issues associated with information technology
Security Issues in Information Technology
Now that we have acknowledged the amount of data that business collects about people, what are the risks and challenges associated with keeping that information secure? Businesses stand to lose consumer confidence and respect if they allow unauthorized access to customer data. For this reason, businesses take information security and cyber-security seriously. Despite the importance of protecting customer data, breaches and hacks seem to be more and more common. Is this a result of inadequate security measures on the part of the businesses, or are hackers getting better at accessing so-called “secure networks”? The answer is probably both. In this section you’ll learn about some of the ongoing security issues businesses face in trying to safeguard their (and their customers’) electronic communications and data.
Information technology has presented businesses with opportunities undreamt of only a couple of decades ago. But it also has introduced some unprecedented challenges.
It has been estimated that businesses expend more than 5% of their annual IT budgets protecting themselves against disrupted operations and theft due to information theft . A February 2018 report by McAfee estimates that cyber-crime costs the world over $800 billion or 0.08% of global GDP. Among the reasons given for the growing cost of cyber-crime are:
Quick adoption of new technologies by cyber-criminals
The increased number of new users online (these tend to be from low-income countries with weak cyber-security)
The increased ease of committing cyber-crime, with the growth of Cyber-crime-as-a-Service
An expanding number of cyber-crime “centers” that now include Brazil, India, North Korea, and Vietnam
A growing financial sophistication among top-tier cyber criminals that, among other things, makes monetization easier
According to the McAfee report, “Monetization of stolen data, which has always been a problem for cyber-criminals, seems to have become
less difficult because of improvements in cyber-crime black markets and the use of digital currencies[1].”
Cyber-crime can take on many faces from data breaches to malicious program that attack a company’s network and disrupt service or corrupt sensitive corporate data. We will examine just a few of the ways that criminals are using technology to wreak havoc on business operations.
Viruses and Malicious Programs
With the increased use of the Internet comes an increased risk of a business’s computer network being effected by malicious programs such as viruses. A computer virus is a piece of computer code that is inserted into another program and lies dormant until triggered by an unsuspecting user. This trigger can be as simple as opening a file attachment or downloading a file from the Internet. Viruses range from the playful, simply displaying an image on the users’ screen meant to be funny to extreme cases where data files are permanently erased. Most companies deploy anti-virus software across their network, but even the most sophisticated anti-virus software cannot keep up with the ever growing number of viruses and malicious programs out there. Motives for creating viruses can include seeking profit (e.g., with ransomware), desire to send a political message, personal amusement, to demonstrate that a vulnerability exists in software, for sabotage and denial of service, or simply because hackers wish to explore cyber-security issues. The consequences of such viruses and malicious programs can be catastrophic, effectively destroying a company’s entire network and electronic records.
Phishing
One of the most prevalent cyber-attacks is the phishing scam. Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money or your identity or both. Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.
Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies. Or they pretend to be a friend or family member. Phishing scammers make it seem like they need your information or someone else’s, quickly – or something bad will happen. They might say your account will be frozen, you’ll fail to get a tax refund, your boss will get mad, even that a family member will be hurt or you could be arrested. They tell lies to get to you to give them information.
To protect yourself and your company’s information, the U.S. Federal Trade Commission recommends the following precautions:
Be cautious about opening attachments or clicking on links in emails. Even your friend or family members’ accounts could be hacked. Files and links can contain malware that can weaken your computer’s security.
Do your own typing. If a company or organization you know sends you a link or phone number, don’t click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
Make the call if you’re not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If you think a company, friend or family member really does need personal information from you, pick up the phone and call them yourself using the number on their website or in your address book, not the one in the email.
Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised.
Back up your files to an external hard drive or cloud storage. Back up your files regularly to protect yourself against viruses or a ransomware attack.
Keep your security up to date. Use security software you trust, and make sure you set it to update automatically.
Even with these precautions in place, highly sophisticated phishing scams are successful in achieving their goal. The following 2018 statistics from Dashlane (SOURCE: https://blog.dashlane.com/phishing-statistics/) illustrate just how prolific phishing attacks are:
According to Wombat Security State of the Phish, 76% of businesses reported being a victim of a phishing attack in the last year.
According to the Verizon Data Breach Investigations Report, 30% of phishing messages get opened by targeted users and 12% of those users click on the malicious attachment or link.
According to the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing.
According to Symantec, phishing rates have increased across most industries and organization sizes — no company or vertical is immune.
According to the Webroot Threat Report, nearly 1.5 million new phishing sites are created each month.
Another way that cyber-criminals interrupt business operations is through DoS (Denial of Service attacks).
Denial of Service
A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network. A denial-of-service is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible. In 2012, not one, not two, but a whopping six U.S. banks were targeted by a string of DoS attacks. The victims were no small-town banks either: They included Bank of America, JP Morgan Chase, U.S. Bancorp, Citigroup and PNC Bank.
These are just a few of the security issues associated with information technology. Such risks illustrate the need for increased cybersecurity to protect computer systems from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide. The field is of growing importance due to increasing reliance on computer systems, the Internet and wireless networks such as Bluetooth and Wi–Fi, and due to the growth of “smart” devices, including smartphones, televisions and the various devices that constitute the Internet of Things. Due to its complexity, both in terms of politics and technology, it is one of the major challenges of the contemporary world.
practice question \(\PageIndex{1}\)
The following are information security issues EXCEPT:
Phishing
Cyber currency
Viruses and malicious programs
Denial of Service
Answer
b. Although there are issues associated with cyber currency, it is not itself an information security issue.
Ethical and Social Issues in Information Technology
As you’ll recall, the industrial revolution of the nineteenth century gave rise to a number of unforeseen ethical and social issues—for instance, concerns about workplace safety, wages, discrimination, and child labor—which led to real changes in worker protections, labor practices, and law. Similarly, the technology revolution of the twentieth century—starting with the widespread use of the Internet and home computers—has spawned a new set of ethical and social concerns that people a hundred years ago couldn’t have imagined: for example, how should personal information and online privacy be protected? Who gets to own the information about our habits and “likes”? Before the advent of the Internet, people thought about and controlled their personal information in very different ways. Today, many of us lead complex online lives, and we may not even realize how our personal information is being collected and used. Companies like Caesars can collect data on the purchasing patterns, personal preferences, and professional/social affiliations of their customers without their even knowing about it. In this section we’ll explore some of the ethical and social issues related to network security, privacy, and data collection that businesses must address.
Technoethics
Ethical and social issues arising from the use of technology in all areas of our lives—and in business, in particular—have lead to the creation of a new branch of ethics: technoethics.
Technoethics (TE) is an interdisciplinary research area concerned with all moral and ethical aspects of technology in society. It draws on theories and methods from multiple knowledge domains (such as communications, social sciences information studies, technology studies, applied ethics, and philosophy) to provide insights on ethical dimensions of technological systems and practices for advancing a technological society.[2]
Technoethics views technology and ethics as socially embedded enterprises and focuses on discovering the ethical use of technology, protecting against the misuse of technology, and devising common principles to guide new advances in technological development and application to benefit society. Typically, scholars in technoethics have a tendency to conceptualize technology and ethics as interconnected and embedded in life and society. Technoethics denotes a broad range of ethical issues revolving around technology- from specific areas of focus affecting professionals working with technology to broader social, ethical, and legal issues concerning the role of technology in society and everyday life.[3]
Recent advances in technology and their ability to transmit vast amounts of information in a short amount of time has changed the way information is being shared amongst co-workers and managers throughout organizations across the globe. Starting in the 1980s with information and communications technologies (ICTs), organizations have seen an increase in the amount of technology that they rely on to communicate within and outside of the workplace. However, these implementations of technology in the workplace create various ethical concerns and in turn a need for further analysis of technology in organizations. As a result of this growing trend, a subsection of technoethics known as organizational technoethics has emerged to address these issues.
Technoethical perspectives are constantly changing as technology advances into areas unseen by creators and users engage with technology in new ways.
Technology, Business, and Your Data
Technology makes businesses more efficient, makes tasks faster and easier to complete, and ultimately creates value from raw data. However, as much as technology impacts the way that companies do business, it also raises important new issues about the employer-employee relationship. If you send personal emails from your office computer, do you have the right to expect that they’re private? Does your employer have a legal and ethical right to “cyber-peek” at what you are doing with company assets? Twenty years ago this was not an issue; today it’s a case before the Supreme Court.
Social Media
Employers want to use technology to help them screen applicants and verify information about their workforce, which is understandable. In the module on Human Resource Management you learned about the cost of recruiting, hiring, and training employees. However, what if the company believes that one of the quickest ways to gather information about an employee is to access their social media accounts? A company would never ask for your login credentials for Facebook, Twitter, InstaGram, LinkdIn . . . or would they? And if they did, is it legally and ethically justified? What would you do if you found yourself in the situation presented in the following video?
Information As a Business
The fact is that technology has put our information at the fingertips of businesses—there for the taking and, in some cases, the selling. Is it ethical for a business to collect data about a person and then sell that information to another business? Many organizations collect data for their own purposes, but they also realize that your data has value to others. As a result, selling data has become an income stream for many organizations. If you didn’t realize that your data was collected by Company A, it’s even less likely you knew that it was sold to Company B.
We have discussed just a few of the emerging ethical issues surrounding business, technology, and personal data. We have yet to touch on security issues and the responsibility business has to protect your data once it has been collected.
practice question \(\PageIndex{2}\)
Name the area where information technology in the workplace can affect personal privacy:
Food items left in the break room refrigerators
Photos or personal effects left in company cubicles
Emails or messages sent on company-owned devices
Mileage accrued on company vehicles
Answer
c. Emails or text messages using company owned devices are not the private property of the employee.
practice question \(\PageIndex{3}\)
Citing company’s “cyber-peeking” at employee communications, businesses accessing social media accounts to get information on an individual, or businesses buying and selling consumer personal data to each other, what conclusions can be drawn about the benefits and challenges in information technology today?
Advances in IT have made companies more efficient but have raised consumer prices.
Advances in IT have helped companies better satisfy consumer needs but at the cost of individual privacy
Advances in IT have helped companies become more competitive and better able to meet regulatory constraints.
Advances in IT have helped organizations become more productive but less attuned to the needs of their customers.
Answer
b. We only need to look at how we live today to see the benefits of IT, but if we look a little deeper we see that there is a price to pay.