Escolar Documentos
Profissional Documentos
Cultura Documentos
Introduction
Possibly the most important issue facing major corporations today is the issue of cyber
security. The implications cross every single organizational line, and the effects are felt by not
only the employees of the organization, but by the customers. To stay in business every
corporation needs to improve upon its security practices, and to avoid litigation from within,
management needs to address the impact of these security policies on the privacy of their
workforce. No organization wants its employees to feel that their rights are being violated, but
simultaneously no organization wants to worry that their assets are comprisable. This balancing
act is a hallmark of the new digital world where the need for cyber security is unquestionable, the
implementation of policies is critical, and the effect on the employees must be considered to
Why is cyber security so important? This is the critical question that must be answered to
fully understand the dramatic changes that have happened in the workplace in the last two
decades. First it is important to understand that nearly every major corporation keeps data on all
its transactions, employees, customers, relationships, and movements. This data is called an asset
and it can be used to locate purchasing trends, speed up customer experiences, and help
employees be more effective at their jobs. It is all data that hackers could use to make money.
The incident with Target when millions of credit card numbers were stolen and then illegally
sold on the dark web for profit is a great example. If a company has assets, which all do, then it
is at risk for a hacking attack. There is no quick fix or guaranteed way to stop all cyber threats on
The option of not securing assets will result in the loss of clientele and reliability or the
organization. In the Target example sales dropped following the announcement of the hack, they
have since risen again, but the damage was done. This process for securing systems is especially
important when the organization looks at its own employees. All employees fall into three
categories of security behavior: positive where they either use sophisticated security measures or
follow simple rules, negligent where they use tools that unintentionally open gateways or use
simple passwords, or downright negative where they purposefully corrupt the system (Blythe,
2015). In the case of the negative acting employees monitoring and processing must be done by
primarily by HR (Jones, 2016). HR performing most the interviewing processes and doing the
majority of employee monitoring they are the first line of cyber security defense for inside
attacks.
Cyber security threats are a constant for any organization, in order to combat this security
policies specifically targeting these issues have to be written and adhered to companywide. There
are six main forms of this implementation: account authentication, use of security software,
running the latest version of the operating system, anti-phishing prevention, privacy protection,
and browser protection (Blythe 2015). All address different types of cyber security threats, and
all have their weaknesses. One of the main consistencies is that people are always the weakest
link in cyber-attacks. Social engineering is the most efficient and cost-effective form of hacking
and can be done by anyone who does not mind deceiving the target. To combat the human threat
to assets companies, use software that aides in authentications. A double authentication system,
like DUO that the University of Alabama uses, is a relatively easy way to ensure that the person
accessing the company site is an employee. Trainings for all employees is another way to reduce
Cyber Security Needs and Implications in the Workplace 4
the risk of these attacks. Helping employees identify phishing schemes, social engineering, or
suspicious computer activity can turn them into front line reporters to the issues. A very common
mistake is falling for phishing scams (Jones, 2016). They are links sent directly to a user, usually
through their email that seem legitimate asking for identification or access information. Users
who fall for these sorts of scams can be incredibly detrimental to the organizations system. In
some cases, companies will hire outside firms to purposefully phish their employees in order to
identify who is especially vulnerable. These names are then reported back and depending on the
organization they are reprimanded and ordered to do more training, or in more serious cases they
are fired. While all these extra steps are important to insure the security of an organizations data
There is no doubt that the security of a companys electronic data is important, or that
policies and software that ensure this are positive. It is important, however, for companies to
assess how the security of their data can affect the rights of their employees. Many of these
software systems that monitor for cyber security threats can also be used to monitor the
employees of the company, and this presents many different issues. The Electronic
Communications Privacy Act (ECPA) is the main reference for issues of privacy in the
workplace (Nord, 2006). It gives certain privacy rights to employees but writes in three
exceptions: providers of the device has access, if the action takes place in ordinary course of
business then it can be monitored, and if the employee gives their consent to be monitored (Nord,
2006). Under these three provisions most employers are able to defend most intrusion
accusations, this is also why employment contracts are so long. The best way that an employee
can protect their rights are to understand their working contract and if their position includes
Cyber Security Needs and Implications in the Workplace 5
extra security requirements that might infringe deeper than others. For many companies involved
in secret business transactions, like mergers and acquisitions, extra rules are applied to
employees social media to avoid accidental or purposeful insider trading. The best way an
employee can avoid a privacy infringement is to keep different devices for work and personal
use, make sure that they do not conduct business on personal devices, and adhere to all rules laid
Conclusion
Entering in the digital age has opened new opportunities for commerce and the expansion
of data analytics. This also means that a new frontier for cyber criminals is alive and profitable.
Every company with digitalized assets must combat the never ending streams of cyber security
threats from the outside, while insuring they are protected in the case of an inside one. It is a
continuous process that involves training the employees who gather, read, and have access to this
data to protect themselves and their assets. Many times software assists in this process, but it is
important to balance the use of this software and security policies with the privacy of the
individuals working for the company. If this balance is not found either the data is at risk, or
management is or infringing on rights. The easiest way to avoid issues is to have clear and
Sources Cited
Thesis
Jones, D. K. (2016). The threat within: HR's responsibility in preventing cybersecurity issues.
Nord, D., McCubbins, T., & Nord, J. H. (2006). E-monitoring in the workplace: PRIVACY,
49(8), 73.