Challenges of Protecting Personal Information Research Paper
- Length: 9 pages
- Sources: 14
- Subject: Business
- Type: Research Paper
- Paper: #35927125
Excerpt from Research Paper :
Protecting Personal Information
When considering the ever-changing and highly competitive global landscape of business today, large firms must be able to effectively globalize their operations in order to reach a greater potential client base, stay at the cutting edge of their respective fields and sustain profitability in the long-term. With the current exponential growth of technology and computerization of business and learning, consumers have become much more connected to the businesses they patronize (Kurzweil, 2001). Accordingly, companies are faced with the continuous task of finding new ways to understand and subsequently accommodate the needs of those customers, while simultaneously securing lucrative business models and job environments. In accomplishing the aforementioned objectives, firms must also be able to supply a secure environment in which clients can feel safe in accessing the products and services of the business. Knowing that many organizations are utilizing the highly effective means of online systems construction as a way to access the global market, security issues have become increasingly important considerations. And noting the vast necessity for the involvement of personal information in computerized commerce, the scope of such information and its industrial effects are massive. Therefore, data protection mechanisms must be effectively instilled in order to secure the safety of all global citizens. In fact, the United Kingdom recently passed "The Data Protection Act " in 1998 in order to legally protect and control the processing of personal data . Though while many consider "personal information" to be strictly financial in nature, recent leakages have also included health records and even government documents. Thus even with legislation in place to protect personal privacy, its effectiveness could be called into question as a result of insecure government internet systems .
Even though crimes like identity theft are relatively archaic (beginning even before the advent of credit cards, with the robbery of passports and social security numbers), the ease with which one can now obtain such vital, and potentially very profitable, information is astonishing . Lax security standards on behalf of any business attempting to engage in online commerce can quickly result in informative breaches and subsequent losses. Also, considering the increasing proclivity of social media networks in the business world, many firms have chosen to utilize such sites as advertising and sales devices. This has been shown to present a very attractive environment for fraudulent activity. By simply posing as an employee in the social media platform, a dishonorable individual can easily discredit, damage and potentially destroy a company's reputation . As a result of this reality, companies must diligently monitor the activities and member lists of their social media operations . Firms should also only place limited amounts of information on such sites, as these arenas are available for public viewing. Moreover, with the increased publicity of identity theft and online security, many companies have allocated massive amounts of capital for security systems and the prevention of external invasions. Though most firms fail to consider the threat of insider identity theft . This can often be an even greater source of potential destruction because insiders possess large amounts of privileged corporate information . To protect themselves from this type of attack, firms should implement at least one of the many types of employee-monitoring software. Such tools can control and limit access to sensitive company information .
From the perspective of the customer, identity protection requires a great deal of individual initiation. The ease with which one can live vicariously through the internet is certainly convenient, though it also presents a slew of potential threats. For instance, when a thief acquires an individual's social security number and/or credit card information, he or she is free to utilize this information to make costly purchases and diminish credit lines, both of which are extremely difficult for the average citizen to bounce back from financially . This is because corrective action after the fact is often very costly and victims usually find themselves in dire financial straits almost immediately . Knowing that online commerce is an ever-growing industry, many online retail agencies allow for the customer to save his or her credit card information as a means of assuring future purchasing expediency . Membership to this kind of system forces the consumer to commit the horrific blunder of permanently storing credit card information via the internet. By saving one's vital credit card data in a retail company's database, he or she puts his or her financial security in the hands of strangers . Being that online retailers are usually high on the target lists of identity thieves, this is certainly not an intelligent risk to take . And with the immense global capacity of the internet, once a violation has been determined, it is often extremely difficult to pinpoint and apprehend the culprit . The mechanism of personal data-saving is becoming increasingly utilized in modern ecommerce, yet it presents just one example of the many threat structures consumers face in the online marketplace. And in knowing that countless other threats exist, customers must be knowledgeable and thoroughly able to utilize any and all protective mechanisms at their disposal before entering this threatening forum. Such defensive techniques are often as simply as not using the same password for all retail accounts, continuously updating anti-virus programs and even simply turning off the computer after continuous use . However, in order to provide oneself with truly sufficient levels of protection, it is often advantageous to become educated about more sophisticated protective devices. Such items can include encryption, anonymous browsing and virtualization software . The encrypting of one's sensitive data ultimately amounts to the encoding of such information . This means that if a hacker were to stumble upon an individual's personal info, he or she would likely have to spend a significant amount of time trying to break the code. As a result of this labor-intensive task, most identity thieves will simply pass over encrypted information in search of easier targets. The tool known as virtualization software can also be very useful in that such software allows customers to be alerted to viruses and potentially fraudulent activity in a virtual environment before it actually affects their computer or their actual personal information . Thus, in knowing that an individual is solely responsible for protecting himself or herself, and contemplating the devastating aftermath associated with the loss of one's financial identity, becoming educating about all the available protective measures seems like quite a profound necessity.
Regrettably, an individual's financial information is not the only vulnerable data in the world of computerization. Rather, health records are now at risk in the electrified age of patient documents . Assuming that one's health is their most vital asset, such misconduct can be ultimately life-threatening in some cases. While the advent of electronic health records certainly has its advantages in that it "enables the electronic exchange of patient data, which yields cost and quality of care benefits," many potential threats also arise from this systematic approach (Smith, et al., 2010, p. 1). In fact, according to a study done at North Carolina State University which involved an extensive exploratory security analysis of current structural components of the electronic health records system, there are many gaping holes that allow for extraordinarily destructive action (Smith, et al., 2010). Some examples of such unfortunate potential consequences include, "the exposing of all users' login information, the ability of any user to view or edit health records for any patient, and the ability to deny service for all users" (Smith, et al., 2010, p. 1). Therefore, with the essentiality of information-sharing in the healthcare field, the ease with which one can tamper with such critical data is striking and disheartening. The healthcare system itself relies on patient histories in order to ensure that patients receive the proper treatments and medications. Hence, the corruption of such materials can result in mistaken procedures, failures to accommodate a patient's allergies or predispositions and the exposition of embarrassing personal health data (Terry & Francis, 2007). With such horrifying potential consequences, one would naturally assume that the Certification Commission for Health Information Technology (the entity responsible for overseeing the integration of electronic health records) would implement a vast cornucopia of high-level security measures. However, this is not in fact the case. Instead, researchers have been able to infiltrate this system and its patient pool using elementary hacking techniques such as "phishing" (Smith, et al., 2010, p. 8). Phishing is often described as, "a form of social engineering in which an attacker attempts to fraudulently acquire sensitive information from a victim by impersonating a trustworthy third party" (Jagatic, Johnson, & Jakobsson, 2007). The conductors of the aforementioned exploratory analysis performed at North Carolina State University, were able to acquire patients' login information through the use of phishing and the creation of false login templates (Smith, et al., 2010). The simplicity with which these researchers were able to access sensitive information superbly illustrates the scope of the shortcomings of this system. Consequently, these experts recommend several revisions…