E-commerce and IT Industry - Essay Example

There is increased usage of computers by organisations and individuals across the world. Computers are of great economic benefit to most of their users. No wonder new generations are growing up with them forming an essential part of their lives. Most importantly, their applications are almost inevitable for the growth and success of organisations. There is also increased movement of monetary transactions through the internet. However, there is also an increase in the utilisation of computers by individual criminals and terrorist organisations, This has effectively led to a rise in crime cases where computers are either the target, the tool of crime, or incidental to particular crimes. All these constitute cyber crimes. Cyber crime make the understanding of e-security, related business risks, and how to be protected from such crimes a great necessity for all organisations and individual users to avoid being victims of such crimes. It is the duty of the management of an organisation to protect their company from cyber crimes through the control of the use of its networks and computer systems. One of the ways is through the formulation of policies that control how the company’s network is used by its employees to minimise or eliminate its exposure to outsiders. Due to the sensitivity of IT projects in terms of risks, managers should be careful in their approach to new IT projects to avoid a repeat of the problems experienced with their earlier IT projects. The selected approaches should present a solution to their earlier problems. E-commerce and IT/Maritime Industry Introduction In the current society, the application internet in the operations if an organisation is almost unavoidable. Internet use presents many advantages and new opportunities in the business activities of any organisation. However, it is important that each organisation becomes aware of possible problems that can affect their networks and subsequently their operations or their customers. A good example of this is cyber crime. An understanding of this will enable organisations strategise on how to overcome or mitigate them and policies to put in place to minimise their contribution to them. This paper outlines the various types of cyber crimes, their impacts on business and how to guard against cyber crime. It also explains the Acceptable use policy and how to avoid problems related to IT projects like e-commerce. Cyber crime The broad types of cyber crime activity One of the major threats to e-security is cyber crime. This refers any crime performed though the abuse of electronic media or activities aimed at illegally influencing the functioning of computers of their systems. There are two broad types of cyber crimes. The first category include those crimes in which computers are used as the tool of the crime and it is also the target. These crimes directly affect the usability of the affected computers. The second category are those crime in which computer networks are used to facilitate crimes but the chief target is independent of the computer device or network. Specific examples of crimes in which computers are the target of crimes include dissemination of computer viruses and other malicious software, denial-of-service attacks and hacking. The denial-of-service attacks refer to a situation in which someone floods the bandwidth of another’s network or an organisation’s network or fills their e-mail box with spam mail. These deny them a chance to access or provide the services they are entitled to (Wall 2007). Hacking refers to a situation in which someone illegally gains access into a computer system without the permission of its user/owner. This is related to spoofing where someone makes one computer in a network to behave as if it has the identity of an organisation’s computer that has special access privileges. This enables them to gain access to other computers in the organisation. Malicious software like viruses, worms, bacterium, time bomb and rabbit attach themselves to important organisation’s software rendering them useless or even paralysing the computer. Specific examples of crimes that in which computers are just used as the tool of targeting people or organisations include software piracy, credit card fraud, dissemination of offensive materials, cyber staking, net extortion, sale of narcotics, salami attack among others. McQuade (2006) explains that in credit card fraud, a criminal types in the number of a credit card into www page to conduct online transactions. If the online transactions are not secure, a hacker can steal the numbers of the credit card and impersonate its owner. Net extortion involves the copying of the confidential data of a company in order to extort huge amounts of money from it. This is almost similar to phishing where confidential information is pulled out from a financial institution or bank account holders through deceptive means. In salami attack, a criminal makes hard-to-notice changes in the program of a bank such that small amounts money get deducted from accounts of customers and is transferred to their accounts. They end up collecting huge amounts in their accounts (Carter 1995). Software piracy refers to the stealing of software through unauthorised copying of genuine programs. It also includes counterfeiting and distributing of products meant to pass for the genuine ones. Offensive materials include pornography and defamatory matters or contend meant to defame someone, also called cyber defamation. According to Carter (1995), criminals use chat rooms available through internet relay chat (IRC) for meeting co-conspirants, hackers use it to share techniques or share exploits while paedophiles use them to allure their victims. All these are communications that promote criminal conspiracies. The impacts that cyber crime can have on business Cyber crimes can have far-reaching implications for a business, its customers and stock-holders. It can cause a business to lose a lot of money through extortion. This could happen if criminals get hold of the organisation’s confidential information and want a ransom for it. It could also happen if they accessed its key computer system and conducted transactions on their behalf. In addition to these, cyber crime can also make a business to incur stock losses while their customers could also lose a lot of money for example through salami attacks. If malicious software is posted on the computer system of a business, they can render them unusable and this requires expensive clean up. They could also destroy the computers completely warranting the purchase of new ones. These could disrupt the operations of a business for a while because it cannot serve its customers or respond to their orders leading to losses (Wall 2007). Businesses have to continuously step-up their battles against cyber terrorism and this increases their costs of security. They can also cost a company its corporate image. This happens if malicious or jealous individuals post defamatory content about the business or its top management and this can make it to lose its special markets. A business can lose a lot of revenue through phishing. Here, an outsider can get sensitive financial information of a business and use it to withdraw money from its account. Yar (2006) states that cyber crime can reduce the production of as business because of time wasting. This occurs when its IT personnel have are forced to devote a lot of time handling incidences of cyber crime. Reduced productivity can also result from measures placed to counter cyber crime. These include entering many passwords and performing other time-consuming actions that waste employee time. Things the company can do to guard against cyber crime Some of the things than a company can do to guard itself against cyber crime include installing and constantly updating antivirus, anti-spam and trojan protection. Manolea (2008) advices that company computers should be strictly used within the workplace to avoid chances of opening their network to external users. In relation to this, online activities that are not related to the business operations of the company should not be performed using its computers. They should also formulate a policy that guides on how to use the computer at work place and make it part of their labour contract. Parker (1983) states that it is important that a company trains its employees on the usage of internet and computer software, and how to treat essential passwords and confidential information. Passwords should also be changed frequently especially if it is suspected that unauthorised individuals have known them. Passwords to key computers should also be known to very few individuals. A company should also ensure that its e-commerce network has the best protection to avoid loss of revenue that results from having a compromised e-commerce site. Acceptable use policy (AUP) Definition of the nature and purpose of AUP AUP is a set of guidelines established by an organisation to guide on the appropriate use of its computer network. It is formulated with the intention of minimising unacceptable employee activity in relation to organisation’s computer network. It is written down, and is read and signed by all the employees (Dubrawsky 2008). Its purpose is to ensure that employees understand the extend to which they can utilise computer owned by a company for their personal use and that the access to a company’s internet should be within its firm. These should comply with business and legal requirements. An AUP therefore eliminates the expectations of employees that their use of an organisation’s communication or computer systems at work is going to be confidential. This means it informs them that their employers can search, access and monitor company files, voice mails and emails of any employee that are stored, created, deleted or retrieved from the company’s computer systems. What AUP might contain An AUP outlines the rules, terms and conditions of the use of internet and internal network within a company. It contains permission for employers to track the e-mails, voice mails and internet use within the computer systems or network of their organisation. The policy also contains prohibitions for all types of communications that are not related to the business activities of a company. It also contains penalties for breaches of the AUP agreements (GFI 2011). Why AUP might be important from a business perspective AUP protects a business from lawsuits arising from employee actions that contravene its policies. It enables a business to safeguard its electronic communications because it should be kept away from competitors and other outsiders. It also provides a legally defensible ground for disciplinary action including termination. These regulations will ensure the company does not incur internet expenses arising from personal use of the internet. At the same time, it reduces time wasting that could arise from excessive internet browsing. According to McQuade (2006), an AUP ensures that a company’s internal information is protected because the internet is largely uncensored and unprotected. This is important in the company’s data protection efforts. AUP limits employees on materials they can introduce to the company’s computer systems and this helps to avoid the introduction of viruses and other malicious software. It also ensures they do not download materials that could contain such software. Problems with IT projects Before selecting an e-commerce option and commencing with any e-commerce activity, it is important that the company understand some of the potential problems associated with IT projects through past experiences from within and outside the company. This will help in formulating strategies for avoiding a repeat of such problems. One of the biggest problems the company has experienced out of its IT projects is scope creep. This has always arose because the target market or major customers change their minds about the project when the project has already started. It is a result of not getting good requirements for the project. In order to avoid suffering from scope creep, the company has to ensure that before picking out on any of the IT projects such as e-commerce, it should conduct a thorough needs analysis to be sure of what the customers really want. It should have in-depth conversations with them to just to be sure what they want and explain to them how the system will be used. In this case, customer claims that something missing in the project will not arise. McGrath (2008) states that a better approach should be used when developing the IT project for example iterate-mock up instead of waterfall. As noted in the waterfall method, the scope of the system is developed in terms of desired outcomes. Specifications are prepared by analysts or users and are handed to the programming teams to develop a code. The problem is that the specifications given to the coders may not lead to the desired result and lead to regrets. In the iterate-mock up approach, a basic process flow is obtained and build on little by little while greatly involving the future users. This ensures that when the IT project is finally delivered, it is what the end-users wanted. IT projects especially e-commerce are prone to risks which if they are not managed, they can cost the company and its customers a lot of money and even lead to their failure. Kiisel (2011) states that in order to avoid project failures arising from risks, the project team should not ignore any risk noted. Instead, it should acknowledge and address it as soon as possible to avoid expensive issues that could arise later on from the same. Another major problem we have experienced as a company in our earlier IT projects is automating before redesigning. Most of them were developed around processes as they are and instead of being designed around processes as they should be. The problem that arises out of automating before redesigning is that it leads to the fixation/automation of a dumb way of accomplishing things without resulting to any operational improvements in the company business. The best approach to counter this is to begin with the end result that the processes of the IT project are supposed to accomplish. From this, the project team should work backward to obtain the necessary minimal number of steps that are required to achieve the result. The main aim of any IT project including a shift to e-commerce is to obtain a greater business value. This means that the project should present more benefits than costs to the company. This requires that the company conducts an in-depth analysis if the benefits and costs of the selected IT project as well as its alternatives. This knowledge should lead to the selection and adoption of an IT that promises a greater business value. Additional IT projects could necessitate the acquisition of extra computers and support software. Before purchasing these things, it is important that the manager of any company involves the company workforce especially IT specialists of the company, the project team and its managers. One of the reasons for this is that a manager could end up purchasing software that is full of errors and performance problems or is outdated because of their limited knowledge on software. However if they were to involve IT specialists of the company, they could help in detecting this before the software can be paid for or written. They could also help to debug /remove these errors if it is possible. Involving other management or other people like project managers in the purchasing of computers is very important because they can advice on the required number of computers to be added. This will help to avoid the purchasing of fewer computers, missing out on bigger discount rates or purchasing of excess computers which eats up capital that could be invested somewhere else. They could also tell the exact type of computers and support technology that are best suited for the kind of work involved in the project. If other employees of the company are made aware of the purchase of new software, its purpose and mode of operation, they could help in pointing out the areas they need to be educated. These are areas that they need to improve in so that they can be able to use the new software once it is installed. This will help to ensure that there are no errors that rise out of the use of the new software. Conclusion Cyber crimes can bring devastating problems for a business, its stockholders and its customers. However, organisations can guard themselves against cyber crimes to a very good level. One of the best ways of doing this is to attain a good level of control in the use of the computer systems and network of an organisation and this can be achieved though the formulation of AUP. This will frustrate the efforts of outsiders from accessing its network and doing any harm thereof. Every organisation should therefore incorporate this policy into their employment contract. Since e-business is most prone to cyber crime than any other type of IT project or business model, managers should be cautious when developing them to limit risk and ensure they do not fail. Reference List Carter David. (1995). “Computer crime categories: How techno-criminals operate.” FBI Law Enforcement Bulletin. (7) pp 21. Dubrawsky Ido. (2008).ComptTIA Security + Certification Study Guide (3rd Ed). Syngress. London. GFI. (2011). “GFI white paper. The Importance of an Acceptable Use Policy.” Online: www.gfi.com/.../acceptable_use_policy.pdf -. Accessed on 12th October, 2011.  Kiisel Ty. (2011). “Six Common Mistakes that Plague IT Projects.” Online: http://www.projectsmart.co.uk/six-common-mistakes-that-plague-it-projects.html. Accessed on 12th October, 2011. Manolea Bogdan. (2008). “Cyber Crime Impact on Businesses.” Online: http://www.slideshare.net/sanjay_jhaa/cyber-crime-impact-on-business. Accessed on 12th October, 2011. McGrath Rita. (2008). “Six Problems Facing Large Government IT Projects (And Their Solutions).” http://blogs.hbr.org/hbr/mcgrath/2008/10/six-problems-facing-large-gove.html. Accessed on 12th October, 2011. McQuade Samuel. (2006). Understanding and Managing Cybercrime. Allyn and Bacon. Boston. Parker Donn .(1983). Fighting Computer Crime. Charles Scribner’s Sons. New York. Wall David. (2007). Cybercrimes: The transformation of crime in the information age. Polity. Cambridge. Yar Majid. (2006). Cybercrime and Society. Sage. London. Read More