Think Twice: Is your policy ethical and secure?

Have you ever thought of the question - “Is my policy ethical enough to satisfy different stakeholders of my firm?”. Unlike the security service providers who focus more on the technical sides of cyber security, firms should also put more time into considering the ethicality of policies being adopted.

In many situations, firms are aware of the obligation and responsibility to state the privacy policy on the sites. How the data is collected, who will be able to access the data, how the data would be used, and in what way the data will be stored and processed… This information should be provided to the users after their approval through opt-in or opt-out methods. Ethics is something considered “right” or “wrong”, but in some conditions, it is not a “must” to do so. The following is an example that you could take reference.

Remote working policy

The use of multi cloud strategy increases along with the remote working mode trend. It is a fact that some employees found themselves less motivated or less proactive working in their own homes. Some extreme policies were executed in some companies that the management requires employees to be in virtual meetings all the time as if there is completely no confidence in employees. Is it a good ethical strategy? It depends. Some might get offended as they have to turn on cameras and leave no privacy for them and other family members who are sharing the same space with the employees during office hours. It is not a trade-off between productivity and privacy. Some good practices could be made without sacrificing employees’ privacy. On the company side, it is important to build a safe, accessible virtual working environment for the employees. It could be achieved via using private network services on the technical aspect and also some careful considerations caring about the “human” side where the communication between colleagues remains in positive status.

When a virtual working network is adopted, many security problems become more obvious and severe if no online security plan is made for the increasing use and distribution of resources online. Is it ethical to keep track of everything employees have done? On some occasions, it is a necessary act as much inappropriate use of resources has caused vulnerabilities to companies. Besides the access authority of internal users, disaster recovery plans are another big topic that companies should be prepared for. Cold sites and Hot sites are pretty famous in the disaster recovery field. They have included the onsite and offsite backup for a company when a disaster is inevitable, such as storms.

Taking the balance between ethicality and efficiency might be challenging, but it is definitely no good if we neglect the importance of being ethical towards stakeholders. Not only the reputation as an employer would be affected, but also show people the absence of professionalism and consideration. To increase efficiency, making use of manpower is one of the choices. But there are also some alternatives. For example, automation in the security threat inspection could largely reduce workload for the IT department, while internal and external suspicious online activities could be spotted timely, alerting the management about that. AI and big data are applied in managed security service, utilizing the enormous database and historical security challenges record.