Introduction
The changes in information technology have its fair share of social, political, and ethical challenges. Information technology is continuously evolving, and the changes come with some challenges which need to be dealt with by business owners as well as managers. Information technology made a positive impact on businesses. Some of the major companies, such as Google, Facebook, and EBay, cannot exist in the absence of information technology. However, to enjoy the benefits, it should be used well to avoid the problems both for the organization as well as the employees. Some of the issues in information technology include ransoms and ransomware, as well as data protection and privacy.
Ethical Issues Related to Information Technology Systems
Data protection and privacy pertain to the protection of employee as well as client information (Aissi, & Nagasundaram, 2017). Organizations need to ensure that the information is protected from unauthorized access. Hacking is increasing, and when it occurs, it tarnishes the reputation of the organization. Customer and employee information can be protected through firewalls, virtual private networks, encryption as well as consulting specialists who can help in configuring the data systems. All these security measures require huge investments.
Ransoms and ransomware are have been accelerated by ransomware attacks. The hackers attack and take control of a computer network and demand to be paid to provide a code that will enable the owner to access the network (Aissi, & Nagasundaram, 2017). If you do not pay the amount requested, you risk losing all the data in the computer network. Retrieving backed up data might also be expensive than paying the ransom amount. Paying the ransom, however, encourages hackers to continue with the act.
Effects of Data Protection and Privacy and Ransoms
Organizations have different types of data of clients as well as employees. No matter what type of data, the organization has the responsibility of ensuring that they protect the information because if the hackers access it, then they can use it to exploit the clients. Lack of data protection and data privacy affects customer loyalty as they would not want to be part of an organization that does not protect their information (Secure Data Management, 2013).
A breach of information, for example, tarnishes the image of the organization (Secure Data Management, 2013). This affects its performance and subsequently affects the profits as well as customer attraction and retention. Also, in some instances, the proper functioning of the attacked information system is impaired, and as a result of the organization greatly incurs huge loses. This is the reason why organizations invest hugely in the prevention of attacks.
Illustration on Organization's Approach to Addressing an Ethical Issue
There are different approaches used in addressing the challenge of data protection and privacy; the approaches entail having a code of conduct that guides the employees and other stakeholders on how to handle data (Luiijf & te Paske, 2015). The other approach is data encryption, where the information is encrypted through passwords that are known by specific people. When data is encrypted, non-authorized people cannot access the information without the passwords. All employees working for the company need to know the potential risks that the company faces and how to address the risks. The eternal impact is increased trust among other stakeholders that the company trades with.
Information Security Breach
Information security breach refers to any incident of unauthorized access of data, services, applications as well as network. One of the companies which suffered an information security breach is Dunkin' Donuts (Rajagopal, 2019). Dunkin suffered a credential stuffing attack on November 2018, and the company also notified customers this year that there was a new attack that caused account breaches. The attack occurred in January, and hackers gained access to user credentials to facilitate access to DD perks reward accounts. DD perks account has information that facilitates the rewarding of repeat customers. Information contained in this account enables customers to earn free points, discounted prices as well as free merchandise. The customer details include first name, usernames, QR code as well as account number for the Perk account, which contains 18 figures. The hackers intended to sell to Dark Web forums.
The desire for positive social change plays a critical role in responding to various issues in information systems. When members are alerted about such incidences of the breach, they are likely to play a more active role in the prevention of the attacks (Rajagopal, 2019). They learn how they can prevent attacks such as by updating their password frequently as well as ensuring that they do not use one password on several accounts.
Dunkin effectively responded to the attack by resetting the passwords for the accounts as well as changing the account cards. Companies can, however, prevent such attacks by practicing measures such as password hygiene. Members should be encouraged never to use one password for several accounts as well as on the necessity of frequently changing their passwords (Rajagopal, 2019). They can also prevent attacks by adopting a two-step authentication process as well as monitoring the network traffic ad systems. Also, running security software is very beneficial in preventing credential stuffing as it helps in removing a malware infection.
Possible Threats to Information Security
There are different threats to information security, depending on the information systems being used by organizations and the security measures taken by organizations to prevent the threats. The threats to information security include loss/damage of information being used by an organization (Abomhara, 2015). Organizations rely on the information to run their operations on a day to day activities; hence when the information has damaged the operations of the organizations are affected. Loss of information is a key threat operation of organizations.
Software attacks are another threat affecting information systems security where there are different kinds of software attacks that can destroy data of an organization. The type of software attack that affects an organization depends on the vulnerability of the organization (Abomhara, 2015). Organizations need to put the necessary measures to prevent software attacks. The attacks are usually spread through the internet; therefore, the security measure is on the usage of the internet. There are different forms of damages, depending on the type of software attack.
Company Attacked
Among the companies that have been attacked by the software, attacks are the UPS Company, where the company lost financial and customer information. The attack led to a massive loss of information, and the operations of the company were affected (Schwartz, 2014). The information security attack was the Ransomware where the attackers got the information and locked the remaining information that the company used in its operations, affecting the day to day running of the company.
The UPS Company was attacked through a software attack known as Ransomware that spreads through the internet. The hackers relied on the vulnerability of the company where the company had loopholes on its security measures that gave room to the attackers to access the information system used by the company to facilitate operations (Schwartz, 2014). The scenario affected the operations of the company by stealing the customer information and using the information to contact the customers and sell the customer information to third party companies that compete with the UPS Company. The customers' loose trust with the UPS Company considering to work with other companies that can be trusted. The financial attacks led to the loss of finances of the company, which also influenced the operations of the company.
The UPS Company handled the situation by using information that it had backed up in the cloud, which was not affected by the attack (Schwartz, 2014). There was a challenge in convincing the customers on the security of their personal information that the company has where the customers complained of being contacted by people who claimed that their personal information was from the UPS Company. The attack led to a loss of trust among different stakeholders that does business with the UPS Company. The company borrowed money from financial institutions to compensate for the lost finances through cyber-attacks.
My view is that the company handled the situation to its best when dealing with the challenges that arose from the attack. The company did a forensic audit to determine the extent of the attack, which help to measure the extent of the attack (Abomhara, 2015). The company also hired experts to fix the vulnerable areas to prevent the attack from happening again. Also, the company used backed-up information to resume its operations.
Risk Management Strategies
The risk management strategies that the UPS Company can take include hiring ethical hackers to identify the vulnerable areas that can be used by other hackers to attack the company (Pandey & Misra, 2016). Once the vulnerable areas are identified, then necessary measures are taken to eliminate the threat. Identifying the possible threat areas keeps the company one step ahead of possible threats that might lead to an attack that would affect the operations of the company.
The company also needs to hire competent information security experts that guide the company on security measures that it needs to take to prevent attacks from happening. The employees should monitor the day to day operations of the company to ensure they are security compliant (Pandey & Misra, 2016). The experts should come up with internal controls that guide employees in their work and prevent vulnerability.
References
Abomhara, M. (2015). Cybersecurity and the internet of things: vulnerabilities, threats, intruders, and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88.
Aissi, S., & Nagasundaram, S. (2017). U.S. Patent No. 9,547,769. Washington, DC: U.S. Patent and Trademark Office.
Luiijf, H. A. M., & te Paske, B. J. (2015). Cybersecurity of industrial control systems. TNO.
Pandey, R. K., & Misra, M. (2016, December). Cybersecurity threats-Smart grid infrastructure. In 2016 National Power Systems Conference (NPSC) (pp. 1-6). IEEE.
Rajagopal, A. (2019). Incident Of The Week: Dunkin' Donuts Reports Credential Stuffing Attack. Retrieved 22 December 2019, from https://www.cshub.com/attacks/articles/incident-of-the-week-dunkin-donuts-reports-credential-stuffing-attack
Secure Data Management. (2013). What Is Data Protection | How Does It Affect Your Company?. Retrieved 22 December 2019, from https://www.securedatamgt.com/blog/data-protection-affect-your-company/
Cite this page
Essay Example on Exploring Social, Political & Ethical Challenges in IT: How to Leverage Benefits Wisely. (2023, Mar 16). Retrieved from https://proessays.net/essays/essay-example-on-exploring-social-political-ethical-challenges-in-it-how-to-leverage-benefits-wisely
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Identification and Evaluation of Normative Leadership Theory Paper Example
- Cybercrime: Local to Global Essay Example
- The Story Behind Each Cup of Coffee Essay Example
- Research Paper on Leadership Personal Issues and the Rule of Law
- Essay Example on Effective Management Control: Strategies for Sustainability
- Designing a Database: Pros & Cons - Essay Sample
- Project Planning: Time, Quality & Resources - Research Paper