Monitoring to Prevent Data Breaches

¶ … Security The author of this report has been asked to answer a few questions as it relates to information security. Specifically, it will be answered to what metrics or proverbial yardsticks could or should be used to measure information security and information privacy. Indeed, there are a number of ways to measure precisely that. However, there are implications with doing do that have a bearing on both privacy and security of the people involved in divulging (or not divulging) the secrets of the firm.

On one hand, there is the need and desire to keep the private and confidential information of a firm safe. On the other, there is a line, at least for many, between keeping an eye out and being too invasive even if company phones and computer equipment is the communication tool in question. While companies can be rather aggressive in monitoring what is going on with their equipment and what information is being communicated, pushing too hard and observing too much can cause privacy-related and other blowback.

Analysis As far as monitoring business information privacy and so forth, there are a number of things that can be done. First, there can be a monitoring or even banning of information flowing to and from cloud services, approved or not, such as Microsoft OneDrive, Google Drive, DropBox and so forth.

A similar amount of monitoring can be done as it relates to media that is removed from a workstation or network server and placed on removable/portable media such as a tablet, smartphone, USB thumb drive, external hard drive or burnable disk like a DVD-ROM or BD-ROM. There are also software tools that can scan ingoing and outgoing emails and/or attachments to make sure that something is not being sent improperly.

For example, if a company has a high frequency of emails and such that contain sensitive information such as bank account numbers or Social Security numbers, each email leaving the company's servers can be scanned to ensure that a file is not being sent improperly or insecurely. An employee doing so in large fashion or in excess over time can lead to a huge nightmare for a firm and/or its customers.

As Baltzan explains, among other places, in the fourth chapter of the class text, there are ethical challenges in doing all of this (Baltzan, 2015). As far as the ethics involved of scanning emails, listening to phone calls and scanning emails may sound like a preordained right for employers to use and wield. However, there is an idea that employees have a right to privacy even if they are using equipment that is not theirs personally and/or it is not paid for by the same.

Even so, the general rule that is adhered to is that employers are supposed to move onto the next call or email if it is clear the communication is personal. However, it can be tempting not to listen in and the people involved could clearly grow some sense and not conduct their personal affairs on company equipment.

Even so, employers would be wise to notify their employees that all calls and emails monitored and they should also be made aware of the standards as it relates to disseminating sensitive information and how it is (or if it should be) sent out (FindLaw, 2016). Conclusion Nearly every day, there seems to be.