The Case Study

Discuss about the Corporate Ethical and Social Issues.

As of now, corporate ethics is a highlighted headline, more specifically, regarding the ethical issues confronting IT managers. Amongst others, the vibrant one is of data access and privacy. An information security professional has a vital role in a firm in protecting its privacy and security. In modern societies, to minimize liability threats, information security professionals have to know not only the current laws, regulations, but also how steps should be taken to educate the management and employees on their legal and ethical obligations to make proper use of information technology and security (Stylianou, Abrossimova and Savva, 2016). We would discuss a real life incident that reflects the ethical issue of Security: Have Systems Been Reviewed for The Most Likely Sources of Security Breach In ‘‘10 Ethical Issues Confronting IT Managers” article by Jeff Relkin.

In 2015, VTech, a Hong Kong based company, a toymaker that sells educational gadgets fell victim to a major hack that revealed personal data on 6.4 million children and 4.8 million adults. The company had been recording names, residential addresses, photos, videos, and chat logs on hack-prone servers that attracted hackers who went to hard press the firm.

In the case of VTech, Hackers retrieved adults’ profile information on names, email addresses and passwords. They also recovered secret questions and answers for password retrieval, I.P. addresses, email id’s and downloads histories.

The hacked database and servers boasted of the names, gender and birth dates of children that posed a bigger concern to security researchers. Stakeholders can be affected by the firm’s objectives, policies, or actions. Hacking is such a criminal offence that makes all the stakeholders responsible as it compromises the promise of the company to keep as private, the personal data of its customers, who in turn may hold responsible the whole company unit for this leakage. On the part of shareholders it’s a breach of their trustworthiness that has negative impacts on the company’s future and needs to be dealt effectively (Mullerat, 2013). On the part of the creditors, it’s a loss of creditworthiness of the company due to the fall in market reputation. The managers take it as a failure in their responsibility to manage, guide, or to make arrangements to train the staff adequately so as to avoid it (Suby, 2013). Also it  has a negative impact on the board of directors and the recruiting board that could not prove its process of hiring to be efficient due to the occurrence of this misdeed, as, if they employed the potential individuals, the massacre would not happen. 

Heading towards Ethics:

If resorted only to legal course of actions, just the present case could be solved. Nevertheless, this would just cure the symptom, but cannot kill the disease, i.e., chances of further hacking (Stylianou, Abrossimova and Savva, 2016). It has to take a whole lot of internal actions to control any further compromise. Without strengthening its internal structure first, a company can never go for further improvement and enhancing production, being deliberately under the risk of being unsecured (Mehrotra, 2012). So the management has to make necessary arrangements for proper training of employees and the company should hire internet experts to prevent such nuisances as far as possible, and try to develop hack-proof technologies.

Now, it’s an extremely subjective context regarding up to what extent the company should stay prepared for, but what can be said is that it has to stay updated with the latest cases that did come up and how various companies resolved the case. They should also seek to know that how the injured firms took steps to recover their previous position and identity.

Many things could cover the company’s domain of all possible decisions. In our present case, upon discovering the unauthorized access on 24 November 2015, it immediately performed a thorough investigation, and a check of the affected site and rapid implementation of swift measures to defend against any further attack, as reported by the company in a statement. To defend it further, the company unfolded that No credit card information was stored, and some of its websites were shut down for the time being as a necessary step to combat the after-effects (Mehrotra, 2012). It reached out to every account holder, via email, to alert them of this unexpected event and many email enquiry contacts have been set up by the company to show their cooperation to the vulnerable customers.

Apart from all the steps mentioned above, the company could also go for a sitting with the hacker who approached the news site Motherboard along with a request to stay anonymous and said that the data indicated that the company was guilty of using “shitty security.” Since the very beginning, the hacker made it clear to Motherboard that he had no intention of publishing the data, or selling it on an online market. Almost all of the evidences suggested that he wasn’t the only person outside of VTech who could have got access the data.

Conclusion

The employers of VTech need to undergo the various virtues regarding the development of a well-established and legalized tracking protocol, which included the involvement of web surfing, emailing and the impact of other employees towards a certain individual in terms of behavior concerns. The involvement of company computers or mobile devices is significantly observed to be the most affecting parameters concerning this issue. There are various ethical obligations, which can be analyzed for addressing the issue in a systematic and logical format. These are as follows:

Thus, the stakeholders should hold it as a mistake on the part of the company as a whole. To give the discussion a new dimension, one could also stress on the fact that the above strategy could be one of the best marketing strategy of the company that it never has thought of. This is due to the fact that it would draw the attention of such a lot of people that it might drastically reduce its selling cost and also the cost of regaining its reputation. Apart from all these, the Board of Directors could also feel relieved regarding its monitoring quality and cost (Mullerat, 2013). Moreover, for the above case, the ACS case of ethics could also guide the company on ethical issues. It reflects that by resorting to ethical issues, the firm will also serve its various responsibilities as a part of the society. It could cater to various public interests by taking up production in the right fashion and thus contribute to people’s quality of life by satisfying needs (Shivani, 2012). Other than this, not only it would develop honesty on its part, but also undergo a great deal of professional development, a step to forward the society.

Conclusion

In place of conclusions, we can posit the fact that the level of security that could be implemented to take care of the issue is very subjective and varies with the intensity of privacy leakage, company size, and skill and from one company to the other based on decisions of the managers.

It can be prescribed that other than resorting to legal steps to punish the hacker, in these types of cases, a firm should be liberal enough to talk with the hacker directly or indirectly to discover its faults. Not only would it reduce chances of further risks or cases of such misconduct, but also that it would co-incidentally get a large opportunity to rebuild its business career and, as a market player, it could cater to more human wants. Not only that, it could also go for tests under the guidance of the hacker to check the flaws of the firm’s security but also, in extreme case, it could recruit the hacker as a top security professional (Mehrotra, 2012). Needless to say that he is a mastermind of course and also, in the present case, the hacker hacked the company just as his hobby that in turn played with the company’s reputation of the privacy.

Amidst cultural differences that exist, some principles and standards should be maintained by all firms, like honouring basic human rights and, promoting peace and diversity. Moreover, integrity is the driver of ethical behaviour of people. This should be combined with research evaluation and together with that, particular or minimum ethical standards should be set by the Board of Directors to maintain an apparent level as an index of its performance in this particular field.

Thus, legal steps might take a backseat here and ethical issue of protecting the security can stand as the flag holder where the firm has a lot more to do with and do away with.

References

Mehrotra, M.C., (2012). Ethics:―Its Importance, Role and Code in Information Technology‖. International Journal, 2(7).

Mullerat, R., (2013). Professional ethics, what for…?. Ramon Llull Journal of Applied Ethics, pp.173-199.

Shivani, H.G., (2012). A Study of Ethical and Social Issues in E-Commerce.International Journal, 2(7).

Suby, M., (2013). The 2013 (ISC) 2 Global Information Security Workforce Study. Frost & Sullivan in partnership with Booz Allen Hamilton for ISC2.

Stylianou, V., Abrossimova, K. And Savva, A., (2016). In Search Of A Business Code Of Ethical Computer Practices.

Warren, E., Justice, C. And Supreme, U., (2005). Legal, Ethical, And Professional Issues In Information Security.