Running Head: Cyber Security Needs and Implications in the Workplace 1

Cyber Security Needs and Implications in the Workplace

Sydney Hickman
The University of Alabama
Cyber Security Needs and Implications in the Workplace 2

Cyber Security Needs and Implications in the Workplace

Introduction

Possibly the most important issue facing major corporations today is the issue of cyber

security. The implications cross every single organizational line, and the effects are felt by not

only the employees of the organization, but by the customers. To stay in business every

corporation needs to improve upon its security practices, and to avoid litigation from within,

management needs to address the impact of these security policies on the privacy of their

workforce. No organization wants its employees to feel that their rights are being violated, but

simultaneously no organization wants to worry that their assets are comprisable. This balancing

act is a hallmark of the new digital world where the need for cyber security is unquestionable, the

implementation of policies is critical, and the effect on the employees must be considered to

maintain a healthy working environment. It is a complicated matter.

The Need for Cyber Security in the Workplace

Why is cyber security so important? This is the critical question that must be answered to

fully understand the dramatic changes that have happened in the workplace in the last two

decades. First it is important to understand that nearly every major corporation keeps data on all

its transactions, employees, customers, relationships, and movements. This data is called an asset

and it can be used to locate purchasing trends, speed up customer experiences, and help

employees be more effective at their jobs. It is all data that hackers could use to make money.

The incident with Target when millions of credit card numbers were stolen and then illegally

sold on the dark web for profit is a great example. If a company has assets, which all do, then it

is at risk for a hacking attack. There is no quick fix or guaranteed way to stop all cyber threats on

an organizations assets, it is a permanent risk (Jones 2016).

Cyber Security Needs and Implications in the Workplace 3

The option of not securing assets will result in the loss of clientele and reliability or the

organization. In the Target example sales dropped following the announcement of the hack, they

have since risen again, but the damage was done. This process for securing systems is especially

important when the organization looks at its own employees. All employees fall into three

categories of security behavior: positive where they either use sophisticated security measures or

follow simple rules, negligent where they use tools that unintentionally open gateways or use

simple passwords, or downright negative where they purposefully corrupt the system (Blythe,

2015). In the case of the negative acting employees monitoring and processing must be done by

primarily by HR (Jones, 2016). HR performing most the interviewing processes and doing the

majority of employee monitoring they are the first line of cyber security defense for inside

attacks.

The Implementation of Security Policies in the Workplace

Cyber security threats are a constant for any organization, in order to combat this security

policies specifically targeting these issues have to be written and adhered to companywide. There

are six main forms of this implementation: account authentication, use of security software,

running the latest version of the operating system, anti-phishing prevention, privacy protection,

and browser protection (Blythe 2015). All address different types of cyber security threats, and

all have their weaknesses. One of the main consistencies is that people are always the weakest

link in cyber-attacks. Social engineering is the most efficient and cost-effective form of hacking

and can be done by anyone who does not mind deceiving the target. To combat the human threat

to assets companies, use software that aides in authentications. A double authentication system,

like DUO that the University of Alabama uses, is a relatively easy way to ensure that the person

accessing the company site is an employee. Trainings for all employees is another way to reduce
Cyber Security Needs and Implications in the Workplace 4

the risk of these attacks. Helping employees identify phishing schemes, social engineering, or

suspicious computer activity can turn them into front line reporters to the issues. A very common

mistake is falling for phishing scams (Jones, 2016). They are links sent directly to a user, usually

through their email that seem legitimate asking for identification or access information. Users

who fall for these sorts of scams can be incredibly detrimental to the organizations system. In

some cases, companies will hire outside firms to purposefully phish their employees in order to

identify who is especially vulnerable. These names are then reported back and depending on the

organization they are reprimanded and ordered to do more training, or in more serious cases they

are fired. While all these extra steps are important to insure the security of an organizations data

it is possible to take this too far.

How Security Polices Can Cross Employee Privacy Lines

There is no doubt that the security of a companys electronic data is important, or that

policies and software that ensure this are positive. It is important, however, for companies to

assess how the security of their data can affect the rights of their employees. Many of these

software systems that monitor for cyber security threats can also be used to monitor the

employees of the company, and this presents many different issues. The Electronic

Communications Privacy Act (ECPA) is the main reference for issues of privacy in the

workplace (Nord, 2006). It gives certain privacy rights to employees but writes in three

exceptions: providers of the device has access, if the action takes place in ordinary course of

business then it can be monitored, and if the employee gives their consent to be monitored (Nord,

2006). Under these three provisions most employers are able to defend most intrusion

accusations, this is also why employment contracts are so long. The best way that an employee

can protect their rights are to understand their working contract and if their position includes
Cyber Security Needs and Implications in the Workplace 5

extra security requirements that might infringe deeper than others. For many companies involved

in secret business transactions, like mergers and acquisitions, extra rules are applied to

employees social media to avoid accidental or purposeful insider trading. The best way an

employee can avoid a privacy infringement is to keep different devices for work and personal

use, make sure that they do not conduct business on personal devices, and adhere to all rules laid

out in their contract.

Conclusion

Entering in the digital age has opened new opportunities for commerce and the expansion

of data analytics. This also means that a new frontier for cyber criminals is alive and profitable.

Every company with digitalized assets must combat the never ending streams of cyber security

threats from the outside, while insuring they are protected in the case of an inside one. It is a

continuous process that involves training the employees who gather, read, and have access to this

data to protect themselves and their assets. Many times software assists in this process, but it is

important to balance the use of this software and security policies with the privacy of the

individuals working for the company. If this balance is not found either the data is at risk, or

management is or infringing on rights. The easiest way to avoid issues is to have clear and

understandable security policies coupled with a well-trained and intelligent team.

Cyber Security Needs and Implications in the Workplace 6

Sources Cited

Bythe, J. M. (2015). Information security in the workplace: A mixed-methods approach to

understanding and improving security behaviours. Northumbria Research Link, Doctoral

Thesis

Jones, D. K. (2016). The threat within: HR's responsibility in preventing cybersecurity issues.

Workforce Solutions Review, , 35-36.

Nord, D., McCubbins, T., & Nord, J. H. (2006). E-monitoring in the workplace: PRIVACY,

LEGISLATION, AND SURVEILLANCE SOFTWARE. Communications of the ACM,

49(8), 73.