When most executives and managers think about cyber security, ethical dilemmas are not as top of mind. Instead, you worry about things like lost money, compromised security, and degraded consumer trust. However, the truth is that cybersecurity and ethics are inextricably linked and if you do not understand the connection, then your organisation could be doomed to make mistakes and missteps. What should you know?
What Is Cyber Security?
First, we’ll tackle the topic of cybersecurity itself. What is it? Is this topic relegated to things like firewalls and antivirus software? Actually, cybersecurity is a pretty broad blanket term that can be applied to just about any sort of security step, procedure, or precaution that might be taken in relation to any aspect of the digital world. All of the following are part of cybersecurity, even though you may not think of all of them as such:
- Physical and software firewalls
- Antivirus software
- Account usernames
- Account passwords
- Two-factor authentication
- Numerical passcodes and PINs
In short, anything that one can do to safeguard information stored within a digital environment, as well as personal credentials used to access that information, can be considered part of cyber security. So, where do ethics come into play?
How Are Ethics Involved with Cyber Security?
At first blush, ethics and cybersecurity likely do not seem all that tightly connected, unless it is in the
“stop hackers from gaining access to critical information by any means necessary”.
The truth is that the situation goes much deeper than this.
Confidentiality is one of the most critical elements here and maintaining it can be challenging. That is particularly true when it comes to “BYOD”, or bring your own device, policies that allow employees to bring personal devices into the workplace and connect them to the network.
Consumer-facing ethics also play a role. For instance, when should an organisation alert consumers to the potential of a breach? What is the organisation’s responsibility to consumers in this regard?
One of the most significant challenges here is that there is no global ethical standards authority. While nations and geographic regions have taken steps to address cybersecurity and related ethics (the 2018 rules change by the EU is a good example), those rules do not pertain outside of those areas.
What Are the Most Prominent Ethical Issues in Cyber Security?
So, what are the most common ethical issues in the world of cybersecurity? What problems make IT managers work overtime, and which ones keep CEOs up at night? Some of the more prominent issues are discussed below.
- Incident Response – How, when, and where do you inform consumers of breaches? To what extent should a breach be investigated, and what are the actions your business can take if and when you suffer an incident? How much information (and which information) should be shared with your stakeholders? How do you determine what steps to take to prevent such a breach in the future?
- Encryption Issues – When a government agency requests encrypted information from your business, what are your rights and obligations? What is your responsibility when it comes to encrypting information stored within your business?
- Roles and Responsibilities – What are the roles in your IT department and what are the responsibilities associated with each of those roles? To what degree do you hold IT staff, management, and execs responsible for data breaches? What is the level of personal responsibility of other staff members (not IT) for breaches that result from their actions, such as falling prey to a phishing attack, or unwittingly giving access to company information?
As you can see, there are numerous ethical issues in cybersecurity and few clear answers.
This is content from the Cyber Security Compliance Training Course