A-Energy Company has stipulated very detailed policies that help to protect its data and information. These policies have outlined the company’s expectations regarding the caution that the employees should take. In addition, they have shown the punishments that can befall the employees when they break the abiding regulations.
However, a company’s laptop was stolen from one of the employees when taking a business flight. This laptop contains critical information that can be used against the company to cause problems. Additionally, this incidence has shown that threats have become more volatile. New ways of obtaining and misusing a company’s data are arising every day. As a result, this paper seeks to use the evaluation that has been conducted to identify possible and future threats.
After the identification, it will discuss how these threats can be countered when they happen. Importantly, it is important to note that the paper will not be limited to incidences that have happened to A-Energy only. Instead, it will describe cases that have happened elsewhere to identify the possible threats that can affect them. Otherwise, limiting the discussion to the cases that have been identified in the company is unsatisfactory because there are threats that have not affected it although they exist.
Unethical Issues from Internal Users
Transfer of Company’s Data to Personal Storage
Employees can copy the company’s data from their working centers to their laptops. This can be done using pen drives, hard drives, and DVDs among other gadgets that are capable of carrying data from their office. After the transfer of such data from official devices, the employees can store them in servers where people access them without restrictions. In essence, it is unethical to store the official data using personal gadgets that can be used to compromise the integrity of the company.
Another possibility related to the storage of official data in personal gadgets is the disappearance of information. In this case, the employees can cut and paste data rather than copy it. This undertaking leads to the disappearance of data from the official computer in an attempt to store it elsewhere. Understandably, losing data due to such an undertaking is unethical because it has been done against the convenience of the company’s operations.
A-Energy can be affected by the fact that employees tend to take shortcuts. These shortcuts seek to provide an easier way of accomplishing the roles given by the employers. As a result, there is a critical ethical issue that might confront the A-Energy Company. The incumbent issue is famously known as professional negligence and it should be considered when making the policies of this company. Some critical losses have happened in various professions, including nursing, IT, and aviation among others (MacKinnon, 2012).
In the context of A-Energy Company, professional negligence can cause inconsistencies in the technological data due to a lack of due diligence. When such data is inconsistent, its reliability and credibility become questionable and raise critical ethical concerns. In essence, taking shortcuts to analyze data is an unethical behavior because it simplifies the personnel’s work without maintaining the quality of the results. Additionally, professional negligence can lead to the occurrence of errors due to inaccuracy. If the resultant analysis is used to make decisions for the company, there is a high possibility of losing financially.
Unethical Issues from External Users
Destructive Hacking from Outside
A-Energy is one of those companies that cannot afford to ignore hacking in the modern world. Essentially, hacking has become a prevalent practice in the IT profession where people seek to steal information and data from organizations and individuals illegally. Of course, some ethical hackers obtain data to use it positively. However, many hackers obtain data from other entities to destroy and obstruct other entities. This is an issue that the company must address to secure information and prevent leakages.
They can hack into the company’s system and crush it to create havoc. This is a crucial issue that faces A-Energy Company since the profitable institutions are targeted by all types of people, including teens, cybercriminals, and foreigners among others (Sion, 2010). When hackers obtain the company’s information, they might share it with potential competitors and hence reduce the company’s competitiveness against their rivals.
Stakeholders and Distributors Leaking Information
A-Energy does business with the help of suppliers and distributors since the company needs inputs as well as people to sell their services. This personnel is capable of engaging in unethical behaviors by sharing information with other parties outside the company’s jurisdiction. The act of providing a company’s data to other players is unethical since the suppliers and distributors do not dare to accomplish that undertaking.
As a result, they can only share the information on unethical grounds and against the will of the company. If the data fall into the hands of the competitors, the company can lose its competitive edge against the rivals. In turn, the company is vulnerable to collapse due to a lack of financial solvency.
Security Issues From Internal Users
Storage of Company Information in Personal Accounts
Whereas the policies of A-Energy Company have focused on the use of company information for individual interests, there is one aspect that has been ignored. In this regard, the policies have not addressed the storage of the company’s information in personal accounts. In essence, a company’s accounts and databases are more secure than the ones used by individuals. This implies that storing information in personal accounts exposes it to outsiders.
For example, if an employer of A-Energy Company is fond of sending official messages to his emails, intimate friends and relatives can access that information. This is based on the premise that the mentioned personnel are capable of obtaining a password and accessing the accounts. On the other hand, somebody can only access the company’s account when they are subscribed to the system using the computers with the installation (Warner, 2010). This implies that, as far as the storage of information is concerned, there should be a distinct differentiation between personal and company accounts. Using them interchangeably poses a great security threat to the clients.
Deletion of Data
After analyzing the policies stipulated by A-Energy Company, it was evident that the management has emphasized on sharing of information to other parties and the misuse of the data. However, they do not address the aspect of losing data satisfactorily. In this regard, employees might be involved in the deletion of data either intentionally or accidentally (Alfaro, 2011).
Regarding intentional deletion, it can be done when attempting to hide misdeeds. Although the company has backup systems, it should be noted that the process of recovering the files is tedious and uncertain. As a result, it is better to focus on prevention rather than actual restoration.
Security Issues from External Users
Malware Cyber Attacks
The company can be attacked by rivals using malicious software that reduce the capability of the company to run smoothly. This case might not be perfectly similar to hacking since it aims at destroying data rather than obtaining it for use. When the software infiltrates into the A-Energy’s system, it can delete or corrupt all the stored data without the possibility of recovery. This implies that the company cannot work since critical information is missing. This thus poses a critical challenge to the security of the company’s data storage.
Theft of Hardware
The incident that happened at the airport where one of a laptop belonging to an A-Energy employee was stolen by an outsider has shown the sensitivity of physical theft to data security. In this regard, stealing the hardware can lead to loss of data due to the disappearance of the carrier. In addition, it can be used to obtain the data that is stored in the software. Although the company has encrypted it, some of the specialists are capable of changing it into a usable form. This implies that the company must address the issue of theft with diligence since it is a critical issue.
- The company should ban the storage of information in personal devices such as DVDs, flash disks, and memory cards among others. Some of these gadgets should be banned completely so that the employees do not come with them to work.
- Besides using personal gadgets, the company’s information and data should be shared through official accounts rather than individual ones. This will ensure that people close to the employees cannot get access to the company’s information.
- Negligence should be treated as a crime rather than a justification for any act of incompetence. As a result, the company should update its policy to ensure that employees are accountable for any liabilities occasioned by their operations.
- The company should provide a real-time scanning system to ensure that the company is secured from any possibilities of malware or hacking. The scanners should be capable of reporting any undesirable activities that pose threats to the company’s data to locate the offenders and charge them if possible.
- The company should have a strong backup system to ensure that any data that can be lost through the theft of laptops and desktops is retrieved to prevent interruption.
- The company should implement a reliable locking system that requires authentication and decryption to ensure that an offender cannot use information stored in stolen hardware.
- Suppliers and distributors should sign a letter of commitment to the effect that they should not share any information without the consent of the company. This will ensure that the offenders are charged and held into account.
Professional negligence, use of personal storage, and incompetence are some of the critical problems caused by the internal members of the company. In addition, it has been established that physical theft poses a great danger to the security of clients’ information. This undertaking can be minimized by enforcing a policy that requires employees to have caution when carrying portable devices. In addition, some of the sensitive devices should not be carried by an individual during a business flight. Instead, they should be escorted by a colleague to ensure safety. Lastly, this discussion has found that the management should include these issues within its policies for the sake of securing the clients’ information.
Alfaro, J. (2011). Data privacy management and autonomous spontaneous security. Berlin: Springer.
MacKinnon, L. (2012). Data security and security data 27th British National Conference on Databases, BNCOD 27, Dundee, UK, June 29-July 1, 2010. Revised selected papers. Berlin: Springer.
Sion, R. (2010). Financial cryptography and data security. Berlin: Springer-Verlag.
Warner, M. (2010). Improved data integrity needed for the Integrated Contracts Management System. Washington, D.C.: U.S. Environmental Protection Agency, Office of Inspector General.