Information Technology and Ethics/Privacy and Data Security
Misusing DATA with BYODEdit
DATA misuse is a common occurrence in any companies networks. It can range from the wrong E-Mail being sent to extremely important files being deleted. BYOD can be a hassle since the company can not access the personal BYOD device since the company does not own it. This can result in misuse with company data on BYOD devices. Some files can stay on personal BYOD devices for years until the device gets replaced, stolen, or damaged.
Misusing company data with BYOD devices can occur in any company. Any type of electronic document can be accessed and tampered with on the BYOD device. The BYOD must have a strong policy to combat the misuse of DATA. Even with sensitive documentation massive amounts of damage can occur and the costs can sky rocket depending on what data was misused and how it was misused.
Overall, there is a massive risk being undertaken with BYOD and the company data that will reside and be transmitted through them. Malformed content can be sent through the BYOD devices thus putting the company network under attack. The risk do overtake the positive outcomes of BYOD and companies must pay close attention to how the data is being handled on any BYOD device in the corporate network. According to Privacy Rights Clearinghouse, "There are many laws and regulations companies must consider when creating a BYOD policy. Which laws apply will depend on the nature of the employer's business and what kind of data it collects, stores, and uses." [1]Once again, following laws and knowing what type of data is being handled can overcome the risk but the risk will always be there with BYOD.
Best Practices for Handling Workplace DataEdit
- Up to Date on Security Threats
- Alert to Social Engineering Attacks
- Having Good Reliable and Working Backups
- Verifying the Data is Safe at all times
- Encrypting Sensitive Documentation
- Giving Special Access to certain employees
- Knowing the Confidentiality, Integrity, and Availability Triad (CIA)
Following Companies Cybersecurity PoliciesEdit
Each employee in an organization should be educated on the importance of cybersecurity, not just the IT professionals. A cybersecurity policy will explain each person’s responsibilities for protecting IT systems. This includes standards for email encryption and using social media in a workplace. When it comes to cybersecurity, employees are the weakest links. According to McAfee, 43% of data loss was caused by employees. A strong cybersecurity policy will help employees understand the importance of protecting data.[2] In sectors such as healthcare and finance, that often hold important customer information, this is especially important as they can be heavily fined for insufficient security procedures.
The cybersecurity policy will inform employees and other users how to access online resources responsibly. It will also include general security expectations from everyone in the organization. The policy should emphasize the important aspects such as security for sensitive data. The policy should be easy to read and understand.
The IT department is responsible for all information security policies. However, other key stakeholders are also a part of creating policies. For e.g., the legal department will contribute to the creation of the policy by ensuring it meets legal requirements. As technology is constantly changing, it’s important to update the cybersecurity policy to meet these changes.
Ethical Hacking When and When it is Not AllowedEdit
As technology becomes more complex, it also becomes more vulnerable. It seems like an article about some new malware, or new data breach, or new vulnerabilities on a popular system is published daily. It becomes more important than ever to ensure that our presence in the virtual world remains as secure as it can be. Ethical hackers are tasked with testing a system’s network defenses, as well as perform some social engineering to check for potential security risks in user behavior [3]. White hat hackers, also sometimes known as computer security specialists, are tasked with searching for vulnerabilities in the system. They are also required to provide proof of concept attacks to inform the organization that the vulnerabilities found are very real and exploitable. What separates a black hat hacker from a white hat pen tester is that one of them has permission to attack the asset. A written, documented, and signed contract from the organization or entity that owns the asset will protect both parties.[4]
NotesEdit
- ↑ "Bring Your Own Device (BYOD) . . . at Your Own Risk". Privacy Rights Clearinghouse. 01 September 2013. https://privacyrights.org/consumer-guides/bring-your-own-device-byod-your-own-risk. Retrieved 18 April 2021.
- ↑ "How Cybersecurity Policies and Procedures Protect Against Cyberattacks". McAfee. https://www.mcafee.com/enterprise/en-us/security-awareness/cybersecurity/cybersecurity-policies.html. Retrieved 18 April 2021.
- ↑ Tracey Caldwell (2011). "Ethical hackers: putting on the white hat". Network Security (Elsevier) 2011 (7): 10-13. doi:https://doi.org/10.1016/S1353-4858(11)70075-7. ISSN 1353-4858. http://jeffh.pbworks.com/w/file/fetch/93696356/Ethical%20Hackers-%20Putting%20on%20the%20white%20hate.pdf.|access-date=18 April 2021
- ↑ Grimes, Robert (2017-04-21). Hacking the Hacker: Learn From the Experts Who Take Down Hackers. Wiley; 1st edition (April 21, 2017). ISBN 9781119396215.