Case 6.2 and Case 5.6

Case 5.6: Protecting Personal Privacy in Public Space

Introduction

Personal privacy involves personal information about an identifiable individual, whether the information is true or false, and whether it is recorded anywhere or not recorded. There are different types of information that are considered personal or private, including health information that can be sensitive if revealed to the public. Sensitive information like an individual's opinion on politics, religion, criminal records, or sexual orientation should never be disclosed to the public. Someone's credit information is considered private, and his employee record information (Tavani, 2016 ). All the mentioned information should be protected from the public to avoid stigmatization or theft of any kind. In recent times where technology has taken over files, it is easy for personal information to get leaked, and therefore, ethics should be put to work. People have risen against Google for keeping information about searches that could be personal. Business websites are practicing this by saving your item searches in their cookies. Protecting personal privacy is geared towards letting people do whatever they want without capturing their personal information.

Ethics of the Case

Violation of personal privacy threatens the security of a person. It even threatens his confidence if some health information is leaked. As studied, personal privacy can be violated through cyber-attacks whereby hackers can get it for their gains. There are other ways that personal privacy is being violated through technology and even physically (Sharma, Agrawal, & Khandelwal, 2019 ). Technology is one way or the other, leads to information or data access to unauthorized people, and therefore, we should look into data privacy or information privacy protection. Information privacy can either be violated through the inappropriate use of information or the collection of someone's complete and accurate information through technology by corporations. Personal privacy should be treated with many urgencies, although it is a complex process because the technological environment is data-intensive, and delays will lead to more damage to users. Businesses and corporations that are technology-driven have benefits like the marketplace being more transparent to many people (Davis, 2015 ). It enables consumers to be more informed about a product and its price range, making trade fair. The problem comes in when users become more prone to phishing scams, cyberattacks, and information warfare. It makes it easier for experienced criminals to attack and exploit users when they get their personal information. It could be better for businesses to run a website that does not require people to provide their personal information to get access.

Personal privacy protection can be a challenge due to socio-techno risk, which is a security concern. This risk arises from the theft of technology that is used to process or store data. For example, if someone steals a USB cable from another person and uses it for his gain, it becomes a threat if the USB has some private information in it. It leads to the loss of data and property. The personal data gets into unauthorized hands, breaching privacy. In this case, people should think that it is ethical to inquire about using a device from the owner rather than stealing it. It could even get better if storage and processing equipment were personalized (Brady, 2017 ). Personal privacy protection is essential, and people should push the organizations involved to develop and implement the required strategies to overcome information access by unauthorized people. The regulations are expected to be efficient, technically, and economically sound. They should be justified legally by the Government and follow ethics. The regulations should be made open to the public to be socially acceptable before implementation.

Businesses and corporations should be pushed toward implementing data privacy regulations, guidelines, and standards. Legal regulations can pose a challenge to personal privacy protection since the process is slow such that it is unable to cope with the rapid changes in technological advancements. The information technology regulations should be based on the previous legal solutions until the next solution is approved. It will work better to avoid disappointing customers all over social media by posting their photos or any other personal information. Following regulations proves to be more effective than following up on cases in court and paying fines when the damage occurs (Brady, 2017). Another challenge posed by data regulations is that some countries use the old human rights approach in information privacy such that they neglect the growing technological advances that people give away their data to websites on a mutual agreement like Google, Facebook, and Amazon. When using such apps, users agree to their terms and conditions, making it an agreement that they will use their site without paying and use their data. This scenario makes the consumer's personal information to be less protected. Ethics has it that users need to give people options. Accepting terms and conditions is not sufficient to own someone’s data.

Various models have been developed to ensure that personal privacy is protected in technological places. They include The International Privacy Principles (IDPs), The Data Protection Principles of Personal Data, and the Hexa-dimension operationalization framework. The IDPs ensure that data privacy policies and operating standards are established and maintained (Iacovino & Todd, 2007 ). While the DPPs ensure the reinforcement of data privacy policy standards and the required guidelines. The Hexa-dimension ensures the policies' standards are executed. A challenge arises when these models are supposed to govern all organizations whereby different organizations have different practices. The models focus on financial, technical, and legal matters, which are inadequate in considering ethics and social matters. Since different organizations have different practices, there should be guidelines on protecting personal privacy and not general rules. Personal privacy is not only protected in the technical space but also in the social space. In technical space, it involves keeping data away from unauthorized personnel and preventing its leakage or loss. The social space involves making the customer aware and determining whether they agree to the request or not. If the customer feels that their data will not be used well and declines the request, ethically, it should be honored. If they accept, that is the only circumstance data is used. Employees should avoid any activity that can compromise privacy.

Protecting Personal Privacy in Public

?There is a need to make laws that every organization should follow to protect personal privacy. These laws should try to be inclusive of all rules leading different organizations. The current laws are broad, including accuracy, security, transparency, and accountability, among others. Some of these laws are hard to follow as the technology world is rapidly growing, leading to many devices being connected through the network focusing on how people's private information can be protected. Another thing that should be done is that Governments should keep up with the pace of technology to make laws governing privacy as soon as technology goes up to the next level (Tavani, 2016 ). Sticking to outdated ethics drags technology in terms of development. People should use social media privacy settings to keep their information private or even share it with a few friends but not strangers. People should be further advised to use personal storage devices to avoid leakage of data.

Surfing the internet can allow unwanted people access to personal data, and this means that during surfing, it is advised to use private Browsing tools to avoid tracking. When messaging, it is good to use apps with end-end encryption like WhatsApp. End-end encryption means that only two individuals can access the message, excluding even the service provider. It ensures that personal information is safe. When using mobile phones, ensure that the user can review permissions for apps and browsers. If a user grants the wrong app permission, they will spy on and provide the details for marketing purposes (Davis, 2015). Personal gadgets like mobile phones, desktops, and laptops should be secured with strong passwords to ensure that they do not get accessed by an unauthorized person leading to breaching data. Notifications on a locked screen should be disabled to ensure that no one can see any pop-up message or notification that they may use to acquire private information. Finally, people should avoid using public Wi-Fi to ensure that hackers do not get personal information.

Lessons

Protecting personal privacy in public space teaches about different ways to protect personal information. It teaches us the dangers of losing our data to unauthorized people. Various challenges arise when trying to protect data, including the socio-techno, whereby most of the information is stored in devices that other people can access. Another challenge is the mutual agreement between some websites and users that offer free access but trade it with personal information. Legal matters are a challenge as governments impose complex laws on people and are slow to keep up with the pace of technology (Lester, 2017 ). Apart from data being guarded by the information personnel, there are alternative ways of securing data by using strong passwords and keeping social media accounts private in the information sector. Using private browsing apps can help one to avoid phishing scams. Protecting personal privacy is essential in various ways, including preventing misuse of personal data like health records, which could lead to stigmatization. Privacy is needed for a relationship to thrive. Much information can cause for harm than good, especially when job hunting. Governments have developed various models like the IDPPs to impose and ensure regulations concerning information are followed.

Conclusion

Protection of personal privacy in public spaces is a significant concern among the public, and information security personnel have seen the need to look for effective ways of developing privacy protection guidelines urgently. Two reasons for this kind of development include data loss to unauthorized people who spread privacy to the public through social media platforms breaching privacy. Another reason is that personal information is contained in devices that can be stolen in the technological environment, posing a socio-techno risk that leads to loss of data. Ethically, everyone needs privacy, and therefore, more should be done to ensure that personal information is protected by all means. Employees in different organizations should be taught and monitored to keep information safe, and if it leaks into their hands, a penalty should apply. Other forums and websites that trade free viewings with personal data should provide other users apart from agreeing to terms and conditions.

?

Case 6.2: Three Categories of Cybersecurity

Introduction

Cyber security is geared towards protecting computer systems, programs, and networks from digital attacks known as cyber-attacks. Cyber-attacks typically access sensitive computer information and then change and destroy it. Through cyber-attacks, business processes are interrupted, and even money is extorted from computer users (Tavani, 2016). Cyber-attacks can lead to the theft of sensitive and valuable data like payrolls and medical records hence breaching privacy. Cyber security is essential as it protects every category of data from theft and damage or change. Most Governments globally are trying to create awareness about cyber-attacks where GDPR is a good example. It has educated most of the organizations in the EU to communicate any data breaches to the authorities involved. It has ensured that the organizations have appointed a data protection officer to ensure that all computers within the organization are safe from attackers. Computers in organizations have been programmed to require user consent to process any information, and data is made anonymous for privacy purposes (Bishop et al., 2014). Cybercrime has been increasing recently due to the exposure of identity information to websites through cloud services, and due to its shortcomings, cyber security should be enhanced.

Ethical Analysis of the Case

Cyber-attacks are the security issues that arise from cyber technology. As discussed, cyber-attacks lead to unauthorized data access within or shared between computers, and they also attack system resources like computer hardware and software. Cyber-attacks also attack computer networks that include the infrastructure of private networks. All these attacks are classified under data security (Tavani, 2016). Data security aims at protecting digital information from hackers and thieves who can corrupt information. It encompasses every aspect of security involving information, and for data to be safe, security has to start from the physical security of the hardware and its storage devices to the administrative and access control. Software applications logistics should be secured. Data security is becoming more exposed to hackers due to advancements in computing, making it a complex process. Making it a routine to span the public cloud and the Enterprise data center, sensors, remote servers, and robots is hectic. It makes it hard for people to monitor and secure their data from hackers. Data security also faces a threat from cloud-computing services that allow one to rent an IT instead of purchasing one. It allows people to use cheaper alternatives instead of investing heavily in software, hardware, and databases (Tavani, 2016). Therefore, these cloud computing services enable companies to access every computer power through the internet or cloud. Through cloud computing, hackers can quickly get and manipulate personal data that is stored.

System security is another kind of computer security that hackers can invade. System security aims at securing hardware, operating system resources, and application software and programs. The system security faces several threats, including data loss which means that some data cannot be retrieved, leading to inconveniences. Data loss may be a result of physical damage to the computer or due to hardware failures. System security can be threatened by unauthorized access to personal information like bank information and physical addresses that may lead to theft. Another category that causes system security threats is the virus. A virus is more of a program that replicates itself in computer files. It can damage the hardware, data, and computer software. Computer worms also interfere with system security as they can make many copies of themselves and spread to other computers through a network connection. The worms exploit the operating system making it vulnerable. They consume bandwidth and overload web servers harming their host networks. They may contain payloads that destroy their host computers. What makes worms different from viruses is that the worms are less virulent than viruses (Tavani, 2016). Worms can be spread easily compared to viruses as they do not depend on human action like viruses. They only need a network to get transferred to a different computer (Bishop et al., 2014 ). Trojan horse is a computer malware that threatens system security. Once it enters your computer, it pretends to be harmless and hides within harmless files. Sometimes the Trojan horse can trick the computer owner into downloading. Once it is on a computer and executed, it makes a user a victim of phishing when it tricks you into clicking on a malicious website. A computer user can be tricked into downloading software that pretends to be helpful. When a user activates a Trojan horse, hackers get an opportunity to spy and steal personal and sensitive data from the system.

Network security is another category that is threatened in computer security. It encompasses the protection of computer networks, local area and wide area networks, and the internet. Hackers cause network attacks to gain unauthorized access to sensitive data in an organization, and they can perform malicious activities like changing the data for the organization (Jang-Jaccard & Nepal, 2014 ). Network attacks can involve threats like the distribution of Denial-of-Service attacks that make a false impression of traffic at the network or servers. It can occur at network levels whereby the hackers can send a considerable volume of ACC packets that overwhelm a server at the application level. Man-in-the-middle attacks are another threat posed by hackers whereby they intercept traffic between an internal network and external networks. Through the interception, they can obtain sensitive information like user credentials that they use to interrupt sessions. Other network security threats include insider threats and privilege escalation.

Various approaches have been put into place to deal with cyber security, including encryption, firewalls, biometrics, passwords, screening, and others. Firewalls ensure that they monitor the incoming and outgoing network traffic. If the network is good, the firearms will allow its passage, and if it is malicious, they will block it depending on the defined set of security rules. Encryption is mainly used for data that is shared through the internet where others can easily see it. Encryption works in a way that data is encoded so that it can only be viewed and understood by authorized people. The encryption key should make the data unreadable until a secret decryption key is used to open the data. Encryption is mainly used in Internet banking and e-commerce. Passwords are the most used to prevent unauthorized data access (Espinha Gasiba, Lechner, & Pinto-Albuquerque, 2020 ). A password which is a string of personal characters, allows the user to access the system. Passwords are to be kept secret. In order to make safe passwords, one has to make them longer so that it can be more challenging for an intruder to crack them. A strong password should be mixed up with letters of the upper case, numbers, and lower-case letters.

The use of biometrics yields fruit in cyber security. Biometrics involves practices like facial recognition, fingerprints, and retina scans because they are unique to every human being. Once an individual stores biometric data, the computer or device saves it for future reference for access attempts. Most people prefer biometric use since it is convenient because you cannot get lost or forget the access process. It is impossible to steal or impersonate biometric data (Bishop et al., 2014). These cyber security methods aim at cyber security ethics to prevent using someone's password and prevent people from infecting other people's computers. They hence enable users to adhere to copyrights when downloading materials like movies and software from the internet.

What to be Done About Cyber security

Cyber security is on the rise since technology is taking over businesses and other major sectors. To avoid cyber-attacks, people should update software now and keep hacker vulnerabilities at bay since hackers use outdated software to access devices. When updating software, people should ensure they turn on automatic system updates and ensure their computers or devices use automatic security updates. As a computer user, one needs to learn about phishing scams by not opening emails from unknown people. User should protect their personal information as hackers can use it to identify locations and details that may lead to theft. Protecting personal information should start with social media, where users should give very little personal information on their accounts (Dawson & Thomson, 2018 ). The user should securely use their mobile phone since it is a target to many hackers, and this can be achieved through creating long and mixed-up passwords, installing apps from the Play Store, and not referrals. An individual should avoid sending personal information through texts and emails, which can be hacked. The user should back up their data regularly to avoid being a victim of the malware. Individuals should stop using public Wi-Fi since their network security can be compromised by causing traffic between a device and the Wi-Fi.

Lessons

Cyber security has taught me how to protect computer operating systems and data from attacks. You can protect data through the use of passwords, firewalls, biometrics, and screening. Cyber security has also taught me the dangers of cyber-attacks including changing data that might lead to the collapsing of a business. Hackers can get your personal information which may lead to theft or locating you. Cyber security has taught me that Network attacks can lead to network traffic. Encryption is mainly used in Internet banking and e-commerce (Senol & Karacuha, 2020 ). I have learned that the use of biometrics is the safest way to protect my data. Cyber security has taught me how to create a strong password by mixing characters. I have learned how firearms operate by allowing and blocking data. Phishing can be done through unknown emails and suspicious links. A Trojan horse can be activated by downloading the wrong app or document that seems to be safe. My data can be hacked when using open public Wi-Fi.

Conclusion

Cyber security should be given more attention and capacity as cyber-attacks are on the rise. Companies and small organizations have suffered cyber-attacks. Therefore, more qualified and skilled personnel are needed to look for other better alternatives to cyber security as it leads to the theft of personal information and other authorized information like medical records leading to the stigmatization of victims. People working with computers in organizations should be taught about the importance of cyber security. The future of cyber security is not clear and its future will depend on how advances in computer technology will occur, and if individuals get secure software, we will not need more personnel. There is a need for cyber security to become the responsibility of Information Technicians and not organizations.

References

Bishop M., et al. (2014). Insider threat identification by process analysis, in SPW '14 Proceedings of the 2014 IEEE Security and Privacy Workshops (Washington, DC:), 251–264.

Brady, D. (2017). "Aspects of professional ethics in the real world," Journal of Information, Communication and Ethics in Society, Vol. 15 No. 4, pp. 362-365.

Dawson, J., & Thomson, R. (2018). The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance.?Frontiers in Psychology,?9, 744. https://doi.org/10.3389/fpsyg.2018.00744

Davis, M. (2015). “Profession and Professionalism.” Ethics, Science, Technology, and Engineering: A Global Resource. Farmington Hills, MI: Macmillan, pp. 489–93.

Espinha Gasiba, T., Lechner, U. & Pinto-Albuquerque, M.? (2020). Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach.?Cybersecurity 3,?24 (2020). https://doi.org/10.1186/s42400-020-00064-4

Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, Volume 80, Issue 5: 973-993, https://doi.org/10.1016/j.jcss.2014.02.005 .

Lester, S. (2017). "Reconciling activity-based descriptions of competence with professional

Senol, M., & Karacuha, E. (2020).? "Creating and Implementing an Effective and Deterrent National Cyber Security Strategy," Journal of Engineering,?vol.?2020,?Article ID?5267564,?19?pages,?2020.?https://doi.org/10.1155/2020/5267564

Sharma, A., Agrawal, R. & Khandelwal, U. (2019). "Developing ethical leadership for business organizations: A conceptual model of its antecedents and consequences," Leadership & Organization Development Journal, Vol. 40 No. 6, pp. 712-734. https://doi.org/10.1108/LODJ-10-2018-0367

Tavani, T. H. (2016). Ethics and technology: Controversies, questions, and strategies for ethical computing. Wiley.

Iacovino, L., & Todd, M. (2007).? The long-term preservation of identifiable personal data: A comparative archival perspective on regulatory privacy models in the European Union, Australia, Canada, and the United States. Arch Sci?7,?107–127 (2007). https://doi.org/10.1007/s10502-007-9055-5

Lester, S. (2017). "Reconciling activity-based descriptions of competence with professional work," Higher Education, Skills and Work-Based Learning, Vol. 7 No. 4, pp. 381-393. https://doi.org/10.1108/HESWBL-07-2017-0042