Cybersecurity and Fraud Protection
How Organizations Design For Privacy
As organizations adapt from traditional work environments and rely more on technology, designing for privacy is critical to help protect clients, employees and stakeholders.
This article was also published in Commercial Banking's magazine, Cybersecurity: Designing for Privacy.
The word “cybersecurity” evokes images of screens filled with binary code, fiber-optic cables spanning the globe and black-hat hackers of nefarious intent. Rarely, it seems, when we hear the word cybersecurity do we think about ethical standards.
But we live and work in an era of increased connectedness, changing business landscapes and expanded technology access at work and home. Almost everything we use on a daily basis has a “smart” version. We talk to a digital personal assistant to set the thermostat, turn on a faucet or change the channel on the TV. We drive cars that track their own maintenance and schedule their own oil changes. We use wearable tech to track our steps, sleep patterns and vital signs—and they are always on and monitoring our movements in the background. All this innovation comes with a risk: if it’s connected to the Internet, it may be hackable.
“This is a well-known reality for cybersecurity professionals, regardless of the particular industry they work in,” said Denise Hucke, the information security manager overseeing risk and controls for Commercial Banking. “The risks are real and can have financial consequences both personally and professionally.”
Broadly defined, cybersecurity ethics, or cyber ethics, are the complex moral dilemmas that organizations encounter in the practice and innovation of technology. They go beyond legal and regulatory requirements and ask: what is in the best interest of the public good? Cyber ethics inform decisions about how to design intentionally for privacy—weighing the benefits of technological advancements against the risks to security, privacy and safety.
So how does an organization make sure their technology infrastructure and organizational culture put privacy and security at the forefront of their operations and mindset?
Designing for Privacy: Questions to Ask
- What personal information (PI) do we collect and store about our clients and employees and how it is safeguarded?
- Do we have adequate controls to prevent breaches?
- How do we handle data-privacy issues and unauthorized disclosures by employees?
- Do we test our security protocols periodically and regularly train all employees?
- How do we advocate for the privacy rights of our stakeholders and balance competing ethical obligations?
These are just a few questions, and they only scratch the surface of relevant considerations that executives should consider when designing for privacy. Organizations need to design for privacy keeping multiple layers and strategies in mind, such as technology builds and operational processes, and know that employees are a major access point for cybersecurity.
The challenges are deep and the implications are complex. And while the underlying ethical questions are more or less the same as throughout history, whatever ethical framework is used, the scale of potential consequences with cyber technology is historically new—and massive. Our world shares a technological fabric; pulling one thread can have unintended consequences.
Designing for Intention
As organizations adapt from traditional work environments and rely on a greater use of technology, designing for privacy is critical to help protect clients, employees and stakeholders.
Take, for example, applying artificial intelligence (AI) to generate supply chain efficiencies. The AI gathers and collates data from customer orders, supplier capabilities, weather conditions, employee staffing, and local and global shipments tracking to better predict needs or offer a more personalized experience. The technology has the potential for great good; it also has the potential for great harm by normalizing data collection. If the data is accessed illegitimately, what are the implications? Further, what are the potential consequences should a state threat actor hack into the system and manipulate it to cause a service disruption or worse?
“Innovators and innovation consumers alike must delve deeply into the ethical quagmire to build a cyber ethics framework for their organizations, which accounts for these risks and stays true to their policies and culture,” Hucke said.