Analysis of Case Study on Privacy for the Company: The company that has hired yo

Question

Analysis of Case Study on Privacy for the Company: The company that has hired you as a consultant is concerned because it is no longer simple to ensure their employee and clients’ privacy due to the Internet of Things. As the CEO looks forward to rapidly developing technology he sees a day when employees will have high tech cars that connects to their alarm at home, their coffee maker at work, and their online calendar and tools manager that provides data about their location, name, friends, workmates, schedule, and gives them continuous data updates on traffic and weather conditions. This can be a great plus in helping employees get organized and to work on time, but it also provides a tremendous amount of data that is easily accessible. One of the employees is being followed for a chronic illness that uses wearable technology to transmit data to his doctor, making it vulnerable for interception. Right now the CEO is the only one who is aware of the condition. However, if this information were to become public it could have far-reaching effects. To add to the concerns of the company, several of their clients want to maintain a very low profile. The CEO knows who these clients are but uses aliases within the company for correspondence and filling of orders. Banking and routing information must be protected. These customers are important to the success of the company and therefore maintaining this privacy is essential. Because of the nature of the devices manufactured by this company there is always the risk of information getting out of the facility. There is concern that as employees engage in idle talk at the local pub after work, text friends about what they are doing, or post on facebook pictures from work, that the company is left vulnerable.

Analyze the episodes in this case including: A brief discussion of what the issue or threat is and how it could affect the company What cyber security laws or compliance standards are affected What actions the company should take to mitigate the issue or decrease the potential threat

Explanation / Answer

Issue or Threat
Reputation of the company
CEO knows the importance of their companies’ reputations. Firms with strong positive reputations attract better people. They are perceived as providing more value, which often allows them to charge a premium. Their customers are more loyal and buy broader ranges of products and services. Because the market believes that such companies will deliver sustained earnings and future growth, they have higher price-earnings multiples and market values and lower costs of capital.
Data Hack
A hack or security breach can have a huge PR ripple effect, undermining relations with customers and tarnishing a brand image for years. The notorious 2013 hack of Target cardholders ultimately cost the company $242 million. Believe it nor not, that figure is relatively low as a percentage of total sales, but the loss of customer trust and public confidence is a great deal harder to measure. Even the hijacking of a brand’s social media account can be damaging.

The Viral Customer Complaint
Remember when musician Dave Carroll made a music video complaining that United Airlines had broken his guitar? Or the FedEx worker caught on camera tossing a fragile package over a residential fence, ruining its contents? Those viral customer complaints are almost quaint in light of today’s environment. For truly sophisticated companies, customer relations managers are authorized to resolve ordinary complaints by waiving a minor charge, for example, and even equipped with talking points that help build a relationship and strengthen the brand reputation rather than letting a bad situation grow worse.

Various Cyber Laws
Civil liabilities under the act
Sections 43(a) to (h) of Chapter IX of the act cover a wide range of cyber-contraventions related to unauthorised access to computers, computer systems, computer networks and resources. Section 43 of the act covers instances such as:
computer trespass and violation of privacy;
unauthorised digital copying, downloading and extraction of data, computer databases or information and theft of data held or stored in any media; and
unauthorised transmission of data or programmes residing within a computer, a computer system or a computer network (cookies, spyware, globally unique identifiers and digital profiling are not legally permissible).
Any person found guilty of contravention of any of these provisions shall be liable to pay the affected person damages of up to Rs10 million.
Criminal liabilities under the act
Sections 65 to 74 of Chapter XI of the act cover a wide range of cyber-offences, including offences related to unauthorised alteration, deletion, addition, modification, destruction, duplication or transmission of data and computer databases. The commissioning of any such offence is punishable by imprisonment, a fine or both.
Penalties for any act that constitutes a breach of confidentiality or privacy under the act are covered by Section 72, which states that any person conferred with powers under the act who discloses confidential information without authorisation shall be punished by up to two years' imprisonment, a fine of Rs100,000 or both. However, this section has limited application, as it confines itself to the acts and omissions of those persons who have been conferred with powers under the act.
Decrease potential Threat
1. Keep your systems patched and up to date.
Keeping systems fully up to date—including the operating system, web browsers, browser plugins, media players, PDF readers and other applications—can be a tedious, annoying and time-consuming ongoing task. Unfortunately, hackers are counting on most people to fall far short of what’s needed to keep their systems up to date.
2. Standardize your web software.
Keeping systems fully patched and up to date is an onerous task. What makes this worse is if you don’t know what software is running on your network or you have a variety of individuals using different browsers, plugins and media players.
3. Secure your browsers.
You must familiarize yourself with the plethora of security, privacy and content settings that all browsers have in order to understand the tradeoffs. Some security settings will merely increase the level of prompting—annoying users without adding any tangible security—while others can be important to limiting exploits and threats.
4. Enforce a strong password policy.
The purpose of a password policy should be obvious: If you don’t want everyone to have access to something, you set up passwords to permit access only to authorized users. The purpose of an effective password policy is to keep passwords from being easily guessed or cracked by hackers. Despite this enormous vulnerability in every system, many organizations fail to take this threat seriously.
5. Use an effective web security solution.
A proper web security solution is a vital component of an overall strategy for safeguarding your organization from modern web threats. It will reduce your threat exposure by limiting users’ surfing activity to website categories relevant to their work, or at least help them avoid the dirty dozen categories (adult, gambling, etc.) that are a breeding ground for malware. It will also protect you from trusted sites that you visit daily that may become hijacked at any time to silently spread malware to unsuspecting visitors. Finally, it will also help protect your internet resources from abuse as a result of the exchange of illegal content or bandwidth-sapping streaming media

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.