This is a separate problem from the system being hacked. Managers may also be far too unaware of the ease in which cellphone networks can be hacked (Hacker Cracks T-Mobile Network). Certainly being aware of the ways in which cellphone and other electronic systems can be hacked or infiltrated in other ways. Such technical attacks can be relatively more easily addressed. Hacking is nearly as old as computer technology itself -- and thus so are anti-hacking measures. Like the constant battle to evolve faster between antibiotics and bacteria, hackers and security specialists are in a similar battle to get ahead of each other. But such measures will not address in any way the problem outlines above of how to know who is in possession of the mobile devices at any given time.
Solutions to Ajax's organizational risks
The primary way in which to remedy the potential organizational problems outlined above is to consider the ways in which certain working conditions have habitually created the potential for workers to be disloyal to their employers as well as to the customers or clients of their employers. In short, the conditions that are inclined to push employees into acts of disloyalty include the following:
1. When workers are given to much work to accomplish within their established work hours. There are two standard types of work overload. The first is when "they have the impression that they are working under pressure and have too much work to do in too short a time. This form of overload has been much more common for the last few years as many organizations have slashed jobs" (Organizational risk factors). This risk factor may well be present for the Ajax couriers.
The second major form of overwork is "qualitative work overload." This arises "when they feel that they are unable to perform their tasks because they lack the knowledge or skills needed." This form of work overload seems less likely to occur in this case, but if it is present it can be remedied if workers "have a degree of control over the demands made on them" (Organizational risk factors).
2. Too little work. While this seems counterintuitive, workers can be as stressed by too little work (which is another way to describe boredom) as by too much.
Providing a work environment in which 1) Workers are reasonably compensated; 2) they are not stressed by over-work; 3) workers are not bored by being under-utilized; 4) workers are given an appropriate amount of freedom and authority; 5) workers are encouraged to feel that they have a real stake in the company through a profit-sharing or stock-option program will be one in which the organizational risks from employee actions will b e substantially minimized.
Reducing technical risk
The primary technical risk identified above is that there is no security check in the current system for who has the mobile devices. In the current system, the devices could well have been in the possession of the worker's roommate while the worker slept off a hangover -- or even in the possession of an employee of a rival company. The simplest way to reduce this technical risk is to have each mobile device incorporate a biometric security device such as a fingerprint recognition system or an iris scanning device. In this way, if each employee were required to check in at regular intervals with the biometric device, Ajax managers would be assured that the device was in the possession of the correct employee.
Of course, such a biometric system is likely to make employees feel distrusted and so might prompt them to try to bypass the system. This is a reminder of one of the most important axioms of security risk management: Organizational risks are generally the most potentially dangerous and must be addressed first and most pervasively.
Hacker Cracks T-Mobile Network. (2005, January 13). The Boston Globe. Retrieved from Http://www.boston.com/business/technology/articles/2005/01/13/hacker_cracks_t_mobile_network.
Kahneman, D. & Lovallo, D. Timid choices and bold forecasts: A cognitive perspective on risk taking. Management science 39(1): 17-31.
Organizational Risk Factors, retrieved 22 March 2010 from http://www.cgsst.com/eng/risk-factors/organizational-risk-factors.asp