Network and Cyber Security Essay.
- Do you think the company reacted appropriately upon learning about the breach?
- What could Equifax have done differently to prevent the cyberattack?
- What type(s) of ethical climate existed at Equifax, and did this contribute to the hacking issues there?
- What changes should managers and the board of directors make now to reduce the likelihood of an incident like this from occurring in the future?
- What types of ethics training would you recommend for Equifax employees in the future to prevent such correct behavior?
- Do you believe the government (in the United States and other countries) should regulate Facebook to protect its users’ privacy? Why or why not?
- Do you believe that Facebook’s actions so far exemplify working in collaboration with, or in opposition to, government? Why?
- What elements of the public policy process are seen in this case: public policy inputs, goals, tools, and effects?
- Of the reasons described in this chapter to justify government regulation: market failure, negative externalities, natural monopolies, and ethical arguments, which reasons are relevant in this case?
- Since Facebook and other social media platforms are global in nature, is there a need for international regulation to protect consumers’ privacy worldwide? If so, what organization could provide this global regulatory protection?
- What level of responsibility do individuals who use Facebook and other social media sites have to protect their own personal information?
Did the company react appropriate upon learning about the breach?
No, the company did not react appropriately upon learning about the breach. The company’s leadership, led by Equifax top lawyer John Kelley who was investigating the case, learned about the breach before it went viral but did nothing to prevent it; instead, he tried to cover up for the breach. Kelley approved the sales of the stock company by executives after the breach was discovered but before it was publically revealed (Discussion case: Equifax data breach, n.d p. 134). The act of the company’s leadership offloading their shares and selling them before the news of the breach came into the market reveals the inappropriate response of the company. The top executives knew that when the breach was revealed to the market, the company’s share prices would fall, so to protect their shares, they had to sell them before the breach went viral.
What could Equifax have done differently to prevent the cyberattack?
The breach could have been prevented in that the company’s leadership would have applied patches for known vulnerabilities in a standard patch update process. The Equifax website software was more vulnerable; hence, the hackers took advantage and stole the customers’ personal information. Since the company leadership already knew about the breach before it was revealed to the market, they could have fixed the known bug in the system before releasing the application. The CEO and other executives aware of the security weaknesses would have heeded the security warning and implemented the security fixes before the breach went into the market (Discussion case: Equifax data breach, n.d p. 134). They would have also fixed their software system failure aimed a scanning the absence of patches. By so doing, they would have been able to protect the customers’ private information before the breach.
What type(s) of ethical climate existed at Equifax, and did this contribute to the hacking issues there?
The types of ethical climates that existed at Equifax included social responsibility, personal morality, and integrity. The data breach was brought about initially by a third-party software exploit which, according to Equifax, had been patched, but they failed to update it on their servers (Discussion case: Equifax data breach, n.d p. 134). Their irresponsibility of not fixing the security weaknesses led to the hackers using the exploit to gain access to internal servers on the corporate company network, hence stealing the customers’ personal information. All the data breaches came from the ignorance of the company’s leadership, neglecting the information technology ethics. At Equifax, the customer’s data is mainly stored in databases. The security of the data is essential to the company; thus, when the leadership failed to correct the security failures, it made it easy for the hacking to take place.
Changes managers and the board of directors would make
The managers and the board directors at Equifax need to make the day’s security their primary concern. They should ensure that they improve their system monitoring whereby they will notice security failures and be able to fix them before they cause a data breach. They should ensure that they make an audit of the application for them to identify the vulnerable patches that can lead to data breaches and fix them to protect the customers’ private information (Gaglione, 2019). The management should also change the corporate culture by getting employees to recognize the importance of cybersecurity, including protecting their data from theft and damage. By doing so, the employees will be more careful with the data stored in the organization’s database and ensure that the security of the data is at top-notch.
Types of ethics training I would recommend for Equifax employees
The Equifax data breach was brought about by a third-party software exploit, which the employees had already realized and patched it but failed to update the servers. The employee’s negligence and ignorance of not heeding the security warning the executives gave made it easier for the hackers to conduct the data breach since the employees did not implement fixing of the software that had failed. I would recommend ethical training of the employees where they should make a report of any vulnerable patches and ask the company for assistance in fixing it. The employees should also recognize the importance of cybersecurity to protect data against damage and theft. I would also recommend that the company executives go through ethical training to recognize the importance of communicating with the stakeholders about all the customer-related issues instead of trying to cover them up.
Should the government regulate Facebook to protect its users’ privacy? Why or why not?
I believe that the government in the united states and other countries should regulate Facebook to protect its users’ privacy. The government should develop a regulation of speech on Facebook whereby the general data owned by individuals have to be authorized by permission before it is released to the public. Most people on Facebook use language that discriminates against others in public by emotionally affecting them in lowering their self-esteem. Therefore, the government should come up with federal laws that remove hate speech and disinformation within a day to protect user’s privacy. The government should ensure that it is in conjunction with the founders of Facebook to ensure that the laws do not interfere with the private data of the individuals using Facebook. The federal laws should protect the users against hate speech and disinformation and protect them from accessing other people’s private information.
Do you believe that Facebook’s actions so far exemplify working in collaboration with, or in opposition to, government? Why?
What elements of the public policy process are seen in this case: public policy inputs, goals, tools, and effects?
In this case, the visible elements of the public policy process include policy input, goals, tools, and effects. Policy inputs are seen in the testimony given by Mack Zuckerberg argues that the government should let the companies regulate their users and protect their privacy by themselves using their policy. The goal of the company, in this case, is to ensure the protection of the user’s privacy whereby he company ensures that they protect he users’ personal information in that other parties cannot access it without the permission of the initial individual (Discussion case: Should Facebook be regulated, n.d.p. 159). The company provided the users with essential tools that enabled them to control their privacy and security settings. The effects of Facebook regulations include the company being more transparent with the data being shared among the users; hence Zuckerberg pledged to be more diligent in protecting the user’s individual information.
Which reasons are relevant in this case?
Among the reasons described in this case to justify government regulations, ethical arguments are more relevant. The government regulating Facebook would ensure that they set aside legislative and regulatory strategies to protect individuals’ data. The comprehensive consumer bills of rights aimed to ensure that the consumer knew what personal information was collected, stored, and even sold to other businesses (Discussion case: Should Facebook be regulated, n.d.p. 159). After the breach of the data, the public turned to the government for help since they felt like the government was at an excellent place to help them solve the issue. The new regulations that the government came up with would be targeting creating awareness of how the consumer’s information was to be used in online political advertising.
Since Facebook and other social media platforms are global in nature, is there a need for international regulation to protect consumers’ privacy worldwide? If so, what organization could provide this global regulatory protection?
Yes, there is a need for an international regulation to protect consumers’ privacy worldwide since Facebook and other social media platforms are global. There should be a centralized system available globally to allow the consumers to be in control of their privacy and security setting. This means that the consumers will be provided with a single location where they can change their settings without the interference of other users hacking into their data (Goldfarb, 2011). The organization that could provide global regulatory protection is the federal communication commission. The federal communication commissions will regulate what is being communicated; hence, consumers will be careful with what they share with others on different social media platforms. It will also allow for the consumers to be able to control their privacy and settings.
What level of responsibility do individuals who use Facebook and other social media sites have to protect their own personal information?
Individuals who use Facebook and other social media sites have a high responsibility in protecting their personal information. The individuals have to take it as their responsibility to control their privacy and settings in that they control what they display to be their personal information. First, the individuals should be selective with the audience they interact within that they use direct messaging whereby they only direct it to specific people and not the public. Second, they should stay off the grid to keep their current location private to prevent inappropriate notifications. Third, they should disable read receipts to protect their privacy on social media apps. Finally, they should also hide activity status whereby they disable the ability of their friends to see their active status.
Discussion Case: Equifax’s Data Breach, Pp 134-135
Discussion Case: Should Facebook Be Regulated? Pp 159-160
Gaglione Jr, G. S. (2019). The Equifax Data Breach: An Opportunity to Improve Consumer Protection and Cybersecurity Efforts in America. Buff. L. Rev., 67, 1133.
Goldfarb, A., & Tucker, C. E. (2011). Privacy regulation and online advertising. Management science, 57(1), 57-71.