Is It Ethical for an Employer to Monitor Their Staffs Usage of the Internet at Work - Assignment Example

Name: Student Number: PART A: Digital Literacy Q1. Provide a brief explanation of each of the following security terms and provide an example of each. Something the user is … These are also known as the biometrics. This type of authentication realise on the innate physical characteristics of the user. This involves use of iris recognition, fingerprints, facial recognition and palm scans among others. The most used identification in this category is fingerprint and iris scan (Rainer & Cegielski, 2010). Something the user has … This is analogous to house key (Van Tilbor & Jajodia, 2011). It involves use of smart ID cards, tokens and regular ID cards. The regular ID cards have the user picture and signature. Smartcards are fitted with a chip which has all required user information. A token differs from the smartcard through a display. Token has a display that gives login number which is used for access. The number is not permanent and changes with each login (Rainer & Cegielski, 2010). Something the user knows … This is a mode of identification that involves passwords and phrases. A password is a phrase that the user keeps as a secret (Aycock, 2010). Passwords are a major security problem especially when a weak password is used. This is due to fact that weak passwords can be easily attacked through cyber-crimes (Rainer & Cegielski, 2010). Something the user does … This is a form of identification which involves use of signature and voice recognition. Voice recognition involves matching users spoken phrase recorded phrase (Aycock, 2010). The two voice signals must match. Signature recognition involves user signing their name which is matched with previously recorded signature. The system also monitors the pressure and speed of the signature and matches them with stored signature (Rainer & Cegielski, 2010). Q2. Briefly discuss the following, is it ethical for an employer to monitor their staff’s usage of the Internet at work? List three (3) acceptable and three (3) unacceptable activities you would include in an ‘acceptable internet usage’ policy? Monitoring of employee internet usage at work is legal and acceptable. Despite this, it must be carried out within ethical guidelines (Siau, Nah & Teng, 2002). The companies have to monitor workers while paying attention to ethical treatment. The employer has to communicate to employee through the acceptable internet use policy for the monitoring to be ethical (Urbaczewski & Jessup, 2002). Acceptable activities Use of social media sites is acceptable provided employees refrain from any activity that may bring organisation or their colleagues into disrepute. There is also a limit and time of use to avoid cyberloafing (Rustad & Paulsson, 2005). Personal use of internet is acceptable but staff should be aware that they cannot expect total privacy. Internet use for personal purposes must be minimal (Rustad & Paulsson, 2005). Organisation emails can only be used for business. Workers can only use the organisation email when sending business related mails. Personal use of company email must be prohibited (Urbaczewski & Jessup, 2002). Unacceptable Use of internet to harass or bully others is unacceptable at workplace. Harassment involves degrading, intimidating or creating an offensive environment for others. Bullying involves using ones power to humiliate or undermine others (Rustad & Paulsson, 2005). Employees must not access sites that can damage organisation reputation, contain harmful content or can slow organisation information systems. The staff must be restricted to access adult content sites, gambling, online games, phishing and hacking sites (Rustad & Paulsson, 2005). Cyberloafing is unacceptable since it affects organisation productivity. Cyberloafing should be punishable and highly discouraged (Siau, Nah & Teng, 2002). Q3. List and describe the three fundamental tenets of Ethics in a business environment. Explain why ‘unethical is not necessarily illegal’ and give an example that shows this? The three fundamental tenets in a business environment are; accountability, liability and responsibility. Accountability refers to the willingness to accounts for one's deeds. It refers to the capability to accept responsibility. A business should have mechanisms in place to determine who should be responsible for an action. Accountability further extends into law (De George, 2011). Liability- this involves laws that enable an individual to get compensation for any damage or harm inflicted on them by others. An organisation that violates their ethical guidelines must be held accountable and are liable to damage inflicted by their action (Velasquez & Velazquez, 2002). Responsibility- this is a significant element in ethical business behaviour. A responsible business should be able to accept obligations, costs and duties arising from their decisions (Stanwick & Stanwick, 2013). Unethical behaviours are not necessary illegal. Being illegal implies that one can be fined or imprisoned for engaging in a particular act. Ethical standards are based on what is right or wrong and in some cases looks at small actions. For example, while both computer hacking and gossiping are unethical, they are not both illegal. Hacking is illegal and unethical while gossiping is unethical but not illegal (De George, 2011). Q4. Informed consent is an important consideration for an organisation’s customers and their Privacy Policy. Identify and describe the two models of informed consent typically used in ecommerce and Social Networking sites privacy policies. Which is the preferred option? Justify your answer. Two models of informed consent are; opt-in and opt-out. In an opt-in model of informed consent; the user must give approval before their data is collected and utilised. The approval must be informed and explicit (Milne & Rohm, 2000). The consumer, in this case, has high control and their data cannot be used without their approval. In opt out model of informed consent; personal data is collected from the internet until the user makes a request to stop. An opt-out model; the consumer must be informed of their right to object (Hoffman, Novak & Peralta, 1999). Which is the preferred option? Justify your answer. The opt-in model is the most preferred model. The consumer determines which sites should collect their data, and no data collection activity can take place without consumer consent. This enables the consumer to eliminate illegal monitoring by online business. An opt-in model gives the consumer self-determination. This ensures that there is an honest relationship between the consumers and business (Romanosky et al., 2006). The consumer will only allow the honest business to monitor them. The opt-in model ensures consumer privacy as they can only allow the required cookies. Opt out model possess a major security challenge to consumers. Consumers in an opt-out model are not aware of who is tracking them and the type of information being obtained. This is due to illegal tracking that may lead to cyber-attack (Hoffman, Novak & Peralta, 1999). References Aycock, J. 2010, Spyware and Adware, Springer Science & Business Media. De George, R. T. 2011, Business ethics, Pearson Education India. Hoffman, D. L., Novak, T. P., & Peralta, M. 1999, “Building consumer trust online.” Communications of the ACM, Vol.42, no.4, p.80-85. Milne, G. R., & Rohm, A. J. 2000, Consumer privacy and name removal across direct marketing channels: Exploring opt-in and opt-out alternatives. Journal of Public Policy & Marketing, Vol.19, no.2, p.238-249. Rainer, R. K., & Cegielski, C. G. 2010, Introduction to information systems: enabling and transforming business, John Wiley & Sons. Rustad, M. L., & Paulsson, S. R. 2005, “Monitoring Employee E-mail and Internet Usage: Avoiding the Omniscient Electronic Sweatshop: Insights from Europe.” University of Pennsylvania Journal of Labor and Employment Law, Vol.7, no.4, p.829-922 Romanosky, S., Acquisti, A., Hong, J., Cranor, L. F., & Friedman, B. 2006, “Privacy patterns for online interactions,” In Proceedings of the 2006 conference on Pattern languages of programs (p. 12). ACM. Siau, K., Nah, F. F. H., & Teng, L. 2002, “Acceptable internet use policy.” Communications of the ACM, Vol.45, no.1, p.75-79. Stanwick, P., & Stanwick, S. D. 2013, Understanding business ethics, Sage. Urbaczewski, A., & Jessup, L. M. 2002, “Does electronic monitoring of employee internet usage work?.” Communications of the ACM, Vol.45, no.1, p.80-83. Van Tilborg, H. C., & Jajodia, S. (Eds.). 2011, Encyclopedia of cryptography and security. Springer Science & Business Media. Velasquez, M. G., & Velazquez, M. 2002, Business ethics: Concepts and cases (Vol.111). Upper Saddle River, NJ: Prentice Hall. Assignment – Part B Element Sentence/s Claim Australian business is an ‘easy target’ for cyber attacks Evidence CYBER espionage is used against Australia on a "massive scale" and foreign spies are using government networks to penetrate the digital defences of allies such as the US, according to the ASIO chief, David Irvine. Earlier this year it was revealed that foreign spies, hacked into Parliament House’s email system and stole thousands of messages from at least 10 government ministers including the Prime Minister and the Ministers for Foreign Affairs and Defence. Warrant Last week Graham Ingram, the General Manager of Australian Independent Cyber Emergency Unit (AusCERT), told a security conference Australia was as much as five years behind the latest cyber security. Ingram acknowledged this is due to the fast pace of online development meaning the advantage lies with those who seek to intrude upon, rather than those who try to protect, online systems. Backing "Electronic intelligence gathering is now a huge industry," he told the audience. The growth of the cyber threat has risen in parallel with internet usage, which has rapidly grown to more than 2 billion people last year leaving governments and business scrambling to deal with many security concerns. Rebuttal He revealed that "some foreign intelligence Organisations has already acquired the capacity to disrupt elements of information infrastructure" and likewise Australian governments and businesses were also well prepared to defend against cyber-attacks. Qualifier Mr Irvine hinted that Australia was targeted by foreign spies as an access point into the intelligence holdings of the US and Britain. Your Opinion Australian business is an “easy target” for cyber-attacks. The evidence is based on cyber espionage that is used against Australia on a massive scale as well as foreign spies. Another evidence to support the claim is the fact that Australian parliament house email system had been hacked where more than ten ministers’ data was stolen. This is a proof that Australia is an easy target for cyber-attacks. The warrant that acts as the bridge between claim and data is assertion by AusCERT General Manager that online development is at a fast pace implying that the advantage lies with those who seek to intrude upon, rather than those who try to protect online systems. This is backed by the fact that electronic intelligence gathering is a huge industry where cyber-crime is growing at the same rate with online usage. The high growth of internet usage has left government and business with a huge security problem to solve. The pace of growth of internet usage is ahead of security systems in place. Despite the claim that Australia is susceptible to cyber-attacks, there is a counter argument. The rebuttal is based on the claim that Australia has acquired the infrastructure to defend itself from disruptions in its information systems. The rebuttal asserts that Australia, as well as business, has the capability to defend themselves from cyber-attacks. To support the warrant that Australia intruders are ahead of those protecting online systems, Australia has been a target by foreign spies to access the information holdings of US and Britain. It proves that intruders have the intelligence that Australia is a holding point for US and UK information. Intruders have already gone ahead of those protecting the online systems and identified the existing flaws in Australia data protection. They have identified that hacking Australia is much easier that UK and US. Intruders have the knowledge that by hacking Australia, they will gain both UK and US information as opposed to hacking each country separately. This places the intruders at a better position than those protecting the data. Reference Toulmin, S. E. 2003, The uses of argument, Cambridge University Press. Read More