Cyber Ethics for Business - Essay Example

TABLE OF CONTENTS Cyber Ethics 1 Introduction 1 Cyber Ethics for Business 1 Cloud Computing 1 Software as a Service (SaaS) Solution 2 Virtual Reality 3 Codes of Ethics and Professional Organisations 4 Educating Personnel 4 Law Enforcement 5 Cyber Ethics for Individuals 6 Privacy 6 Smartphones 7 Facebook 8 Legislation Pertaining to Cybercrime 9 Conclusion 10 References 12 Cyber Ethics Introduction This research work deals with issues concerning cyber ethics pertaining to businesses, as well as individuals. In the present global era, cyber security is of great importance for businesses and individuals. Regarding businesses, cloud computing, software as service solutions, virtual reality and Code of Ethics will be examined. With regard to individuals, privacy, smart phones, Facebook, and cyber security issues will be analysed. In addition, cybercrime legislation and government responses to the cyber security problem will be scrutinised. Finally, conclusions will be arrived at and recommendations will be provided. Cyber Ethics for Business Australian organisations are provided with tremendous opportunities, due to cyberspace. As such, the Internet constitutes an indispensable device for businesses of any size. The Internet delivers products and services, and facilitates the development of novel commercial opportunities and innovative technologies. In Australia and its environs, disruptive models and mobile Internet, big data analytics, cloud computing and the Internet of Thigs has the potential to generate annual economic activity to the tune of US$625 billion or 12% of the projected GDP of the Asia-Pacific region[Com163]. Cloud Computing The cloud enables several companies to work conjointly and function as a single delivery system. This ensure efficiency, innovation and responsiveness in their operations. However, these novel organisational structures have to be managed in a manner that is markedly distinct from that of the traditional companies, because each participating company functions according to its exclusive clock, and adheres to its specific internal rules and procedures. Regarding the cloud, every leader conveys information, without issuing commands; relies upon the competencies of the team members; and ensures responsibility via transparency[Hug10]. As such, true leadership connotes cooperation and not control. Thus, transparency emerges as the invisible device for ensuring management control. Software as a Service (SaaS) Solution In the software as a service (SaaS) solution process, the customer derives considerable advantage from utilising software that is run and totally managed by the software provider. Due to this initiative, the customer does not have to devote time and other resources towards updating and managing the software, or incur expenditure upon installing the costly infrastructure required to run the software[Jam16]. As such, the SaaS provider benefits from economies of scale by running the solution for thousands of customers. In addition, the SaaS provider transfers such long term strategic benefits to the customer. Significantly, this is not possible from hosting providers or from premise solutions. SaaS solutions are characteristically accessible from the Internet, and their better solutions provide complete functionality on every device. Moreover, an industry based SaaS solution that has been explicitly designed for educational institutes, ensures a more competitive advantage. It achieves this by addressing the specific business processes and requirement of the sector[Jam16]. Some of the benefits to be derived from adopting an industry solution are: shorter implementation times and reduced risk. Virtual Reality Augmented and virtual reality have been incorporated into several industries, including, advertising, gaming, entertainment, automotive, health care, tourism, education and space[Dea16]. Virtual reality applications endeavour to simulate imaginary or real scenes, which enable users to interact with, as well as perceive the results of their actions in real time. The addition of haptic information, including vibration, tactile array and force feedback heightens the sense of presence in the virtual environments[Rao10]. Moreover, haptics interfaces create novel challenges in the situation, wherein it is vital for the operators to grasp, manipulate and touch the objects of the virtual world. Furthermore, prior to making major alterations in the field of product development in a business enterprise and incorporating novel features in the existing product, or changing the business process, the enterprise would prefer to engage in visualisation before implementation. Such activities can be visualised via simulation, which can be termed virtual reality. Thus, virtual reality facilitates the visualisation of novel ideas for business purposes. It consists of the elements of audio, graphics, images, motion sensing, sound and voice. Along with numerical and textual information, these elements promote the generation of real time simulation. Virtual reality allows businesses to assess their novel ideas[Rao101]. Furthermore, simulated results from virtual reality application programmes facilitate the visualisation of the proposed ideas. In addition, they make it possible to visualise conjectural cases in business and interact with the application developed on the basis of the notions of virtual reality. Codes of Ethics and Professional Organisations Several professional organisations have established codes of ethics or codes of conduct, which their members are required to follow. With regard to the judgment of individuals, vis-à-vis the use of computers, codes of ethics exert a positive influence. Nevertheless, many employers fail to encourage their employees to become members of such professional organisations. All the same, employees with some degree of certification or professional accreditation could be dissuaded from ethical lapses, due to the risk of forfeiture of accreditation or certification on account of breach of a code of conduct. Such forfeiture of certification or accreditation could reduce earning capacity and marketability drastically[Whi17]. Strictly speaking, it is the responsibility of security professionals to conduct their activities in an ethical manner and in accordance with the procedures and policies of their employer, laws of society and their professional organisation. Similarly, it is the responsibility of the organisation to formulate, convey and implement its policies. Educating Personnel In this regard, effective education has to be provided to personnel, as an essential component of the long-term strategy related to cybersecurity. This pertains to the personnel belonging to the concerned agencies, as well as the general public. Furthermore, social engineering entails cyber attackers targeting humans as vital centres of vulnerability in cybersecurity systems. It has been claimed in certain quarters that around 70% of the successful cybersecurity attacks entail social engineering. An instance, would be the deployment of infected USB sticks on the premises of an agency or institution with the object that the personnel would use these USB sticks and infect their computer networks[Eva141]. Suitable education of the staff and the general public can prevent such vulnerabilities to a major extent. Law Enforcement All the same, Australia has been greeted with partial success in addressing cybercrime. This can be attributed to the international character of the Internet, as well as the adaptability of networks and software tools. These have posed a persistent challenge to the effectiveness of the customary law enforcement procedures. As such, the Spam Act 2003, makes it an offence to transmit unsolicited commercial electronic messages or spam, with an Australian link. A message is deemed to possess an Australian link if it has originated or if it has been commissioned in Australia. This also holds good, if the message had originated abroad and had been transmitted to an address that had been accessed in Australia[Aus167]. Thus, several explicit Commonwealth computer offences have been stipulated, in the context of unauthorised access to and modification of data, and damage to electronic communications. Some of the commonly used offences are: first, unauthorised access to or modification of restricted data, which is the subject matter of Section 478.1(1) of the Criminal Code. Second, unauthorised impairment of electronic communication, which is dealt with by Section 477.3(1) of the Criminal Code. A maximum punishment of two years imprisonment has been stipulated for unauthorised access to or modification of restricted data[Com17]. With regard to unauthorised impairment of electronic communication, the maximum punishment is imprisonment for 10 years. A review of the extant cybersecurity regulations and laws makes it amply clear that there are some general cybersecurity laws in Australia. However, it becomes glaringly obvious that there is an absence of some of the industry specific regulations. Some of the lacunae, in this regard, are the absence of frameworks that are akin to the United States Health Insurance Portability and Accountability Act, and the North American Energy Reliability Corporation’s Critical Infrastructure Protection controls. With regard to the absent regulatory frameworks, it has been a recommended practice for the Australian organisations to adopt some of the European or US regulatory frameworks. This will ensure minimal change, whenever such regulatory frameworks are made mandatory in Australia. An instance is provided by the recommendation of the Australian Securities and Investment Corporation’s advice to adopt the National Institute of Standards and Technology (NIST) Cyber Security Framework for Critical Infrastructure by organisations that have been listed in the Australian Securities Exchange (ASX)[Sri15]. Cyber Ethics for Individuals Privacy It is generally presumed by individuals that communications and transactions between themselves and other online users will remain private. Perception of privacy by users is central to the online purchase or sale of goods and services. Around 94% of the Australian eBay users had declared that eBay’s privacy practices were very significant motivators for their decision to buy and sell online. It is indispensable for organisations to realise their obligations under privacy laws and regulations [Mac121]. Moreover, they should be thoroughly conversant with the information handling practices and privacy policy of their organisation. With regard to individuals, a growing tendency to use the Internet irresponsibly and unethically has been observed. This has resulted in serious developments, chiefly due to the negligent and offensive online behaviour. It is the duty of teachers and teacher librarians to inform students about the danger involved in engaging in inappropriate, malicious or insensitive conduct online[Oxl11]. In addition, teachers and teacher librarians should guide students and encourage them to select wise options, while interacting in the digital environment. In this context, the Australian Government had acknowledged the important contribution of educators. Thus, the Interim Report of the Joint Select Committee on Cyber-Safety had stressed upon 12 of the 32 recommendations that directly pertained to education, schools and teachers. This report had observed that the schools were the chief locations where the young people could be encouraged to improve their safety and online ethics. As such, the Australian Government had implemented a national cyber-safety education programme and cyber smart website for children, educators and parents[Oxl11]. In addition, it had provided online tutorials, free of cost, for teachers who desired to help students to cope up with the issues emerging from an online environment. Smartphones A survey conducted by Telco Optus discovered that Australians use the Internet connection provided by their employer for as much as five weeks a year. Furthermore, Australians resort to Wi-Fi whenever possible. Moreover, the respondents to this survey had disclosed that they were in the habit of using a friend’s phone and Internet connection, instead of limiting themselves to their own phone or Internet connection. After exceeding the data limits on their smartphones, most of the employees had resorted to unethical means, such as misusing the phone of a friend or using the Internet connection of their employer. The aforementioned survey had discerned that 60% of the Australians who used their own phones were quite conscious of their data privileges from their carrier. Moreover, another 33% had been apprehensive of the huge bill that they could receive[Che132]. Facebook Australians are very active on Facebook, and post a lot of information on it. This has been regarded as one of the primary causes for their use of huge bandwidth. Several reports have shown that Australians make substantial use of social networking during work hours, and that such activity has engendered an adverse impact upon productivity, realisation of targets and the fulfilment of responsibilities related to their employment. It had been noticed that personal files had been downloaded 37% of the time. Moreover, Australian employees had been observed to print maps for navigating, instead of using their smartphones. During this survey, more than 50% of the employees were of the opinion that their employer should pay for their bandwidth. Around 46% regarded the use of the Internet, provided by the employer, as not being as unethical as pilfering stationery from their organisation. Moreover, 45% of the respondents stated that they were in the habit of using a work phone for personal use[Che132]. The behaviour of several Australian employees in the work place is unethical. They should behave ethically while using the communication networks. Legislation Pertaining to Cybercrime Several novel provisions have emerged, which deal with the exceptional investigatory challenges generated by cybercrimes. Thus, the Crimes Act provides that the Australian Federal Police can force a person to provide a means of accessing encrypted data. It also makes it an offence to refuse to reasonably cooperate with such investigation. Furthermore, under the Crimes Act, the police could be authorised to commit offences during the investigation of crimes, such as online child pornography[Fin173]. The federal Privacy Act and its related Privacy Principles are applicable to every government agency and private sector entity with an annual turnover of three million Australian dollars or more. Such private entities include, individuals, body corporate, partnerships, trusts or an unincorporated association. Due to this Act, the powers of the Privacy Commissioner have been reinforced to a substantial extent. This is with regard to the imposition of fines, and the Privacy Commissioner can impose a fine of Australia $1.7 million upon organisations and Australian $340,000 upon individuals, for serious breach of the Privacy Act [Sri15]. Moreover, the Privacy Commissioner can undertake independent investigation of the breaching organisations or individuals. In addition, by 2020, 50 billion devices would be connected to the Internet. This will enhance innovation in services and manufacturing, and furnish novel jobs and business opportunities. Nonetheless, this will increase the targets for malicious entities[Com163]. The difficulty stems from the overlooking of online security during the design of several of the Internet connected devices. Conclusion Australia has adopted a cybersecurity strategy, like several other developed countries. This state of affairs makes it clear that there are regulatory and legislative obligations related to such security. As a consequence, the government and stakeholders are assured that organisations have to act with due diligence to protect sensitive data and personal information. Nevertheless, the increased Internet connectivity has altered the business-consumer relationship by disintegrating business models and supply chains. Thus, cyber security problems will increase in the future. Organisations should implement stringent policies, vis-à-vis cyber security. Despite, several legislative measures relating to cybercrimes, lacunae in the design of Internet connected devices facilitates malicious attacks by cyber criminals. These problems should be addressed by the Internet professionals, while designing the devices. In addition, work personnel should be educated about cybercrimes and how to counter them. Furthermore, the public should adopt ethical behaviour, while using networks and Internet gadgets. References Com163: , (Commonwealth of Australia, Department of the Prime Minister and Cabinet, 2016, p. 18), Hug10: , (Hugos & Hulitzky, 2010, p. 157), Jam16: , (James & Arnott, 2016), Dea16: , (Deakin University, 2016), Rao10: , (Rao, 2010, p. xiv), Rao101: , (Rao, 2010, p. 3), Whi17: , (Whitman & Mattord, 2017, p. 153), Eva141: , (Evans, et al., 2014), Aus167: , (Australian Communications and Media Authority, 2016), Com17: , (Commonwealth Director of Public Prosecutions, 2017), Sri15: , (Srinivas, 2015), Mac121: , (MacGibbon & Phair, 2012), Oxl11: , (Oxley, 2011, p. 5), Che132: , (Cherian, 2013), Fin173: , (Find Law, 2017), Read More