Since the internet’s inception, hackers have labored to exploit it for everything from sophomoric mischief to theft and espionage.
Accordingly, cybersecurity methods and solutions have grown more advanced and wide-ranging over time. This metaphorical arms race shows no signs of stopping as interconnected technologies become further ingrained in the fabric of professional life.
Within the corporate sphere, some of the methods used to help ensure the safety of organizational data — everything from customer and employee information to financial records and product specifications — will provoke ethical questions.
As IBM points out in its SecurityIntelligence blog, IT and information security professionals must be every bit as ethical as “black-hat hackers” — hackers who commit malicious cyber attacks — are unscrupulous. This is true even when, on occasion, cybersecurity professionals use tactics similar to their opposition to create safeguards instead of exploits.
When you choose to pursue a career as a cybersecurity professional, you must consider ethics when utilizing security solutions that involve having administrative access to employees’ personal devices.
If you’re looking to join this profession, it’s important for you to have a comprehensive understanding of all IT-related cyber ethics issues, and that you make these practices a natural part of your working behavior. This is especially applicable if you’re a cybersecurity professional working in a field like healthcare, considering the sensitive nature of health data that may be vulnerable to hackers and other digital threats.
Why is it important to maintain confidentiality?
IT professionals, in their roles as protectors of a company’s data, see everything. This includes a great deal of sensitive information regarding employees’ personal lives, communications between clients and sales or account personnel, health insurance and medical records, payroll, and much more.
Beyond common courtesy, which would dictate that IT personnel keep what they see to themselves, there are also more concrete reasons to maintain confidentiality of data and information. These reasons range from basic trust to extremely important legal issues. Some security breaches can severely compromise a business’s ability to function, or even a client’s safety and well-being.
Cyber ethics issues also extend to interactions with consumers. SecurityIntelligence notes that there should never be any delays in letting customers know that a data breach has occurred and their information may have been stolen.
The infamous Target data breach serves as a lesson in this matter. According to International Business Times, the retailer discovered the breach Dec. 13, 2013, and while it immediately told the U.S. Justice Department, it kept its 70 million affected customers in the dark until Dec. 19 — one day after cybersecurity reporter Brian Krebs revealed the hack in a blog post.
Target lost significant customer trust, and its net earnings dropped 46 percent from the previous year in 2013’s fourth quarter, according to The New York Times.
What are the ethical standards relating to cybersecurity?
According to SecurityIntelligence, there are no mandatory standards for cyber ethics issues that cybersecurity professionals are obligated to follow. Some guidelines have been devised over the years, such as the Computer Ethics Institute’s “Ten Commandments of Computer Ethics” — but, as it was written decades ago, it’s quaint and vague by today’s standards.
More substantively, the Information Systems Security Association (ISSA) has worked to be a real governing body for information security professionals, and requires its members to uphold its code of ethics.
However, there’s no real mechanism for enforcement. ISSA isn’t recognized as a legal regulatory agency, and neither are similar organizations such as the International Information System Security Certification Consortium and the SANS Institute, although the latter two offer well-regarded security certifications — Certified Information Systems Security Professional and Global Information Assurance Certification, respectively.
Cybersecurity professionals must behave ethically and prove to their supervisors through their actions that they are worthy of overseeing valuable information. This isn’t so easy in practice, because of the aforementioned lack of regulation. Human resources staff interviewing applicants for cybersecurity jobs won’t have an obvious resume item to look for — like a universally accepted certification or accreditation.
Because of this, as an IT professional, you may be called upon to help your organization’s HR department vet potential employees. That means you must be ethical in cybersecurity from the ground up so that new hires immediately embrace ethical practices.
Prospective information security professionals may find that returning to school and seeking a master’s in cybersecurity can be a great boon to their chances of landing a job they’ll love. Such a program will typically involve studying the necessity of ethical practices in the digital space.
What cybersecurity issues affect the healthcare industry?
According to the U.S. National Library of Medicine, computers have played a role in the healthcare industry since the 1960s — the start of discussions about how to make fuller use of computers for decision-making, access to literature, and viewing patients’ test results.
Over the decades, the shift toward computerization in healthcare has sped up as doctors, nurses, and other professionals make full use of available tech resources.
This upswing in computer usage has brought with it a growing need for cybersecurity experts who can prevent data breaches and make sure healthcare information stays protected.
Healthcare is vulnerable to data breaches.
In 2014, there were 761 data breaches, and more than 300 of those took place in the healthcare industry, according to an Information Age report that comments on a study by the Identity Theft Resource Center.
The study found that more than 83 million records had been exposed. More than 8 million of those were in healthcare. For the sake of comparison, consider that barely more than 1 million records in the banking industry were exposed. That should give you an idea of how big a target the healthcare industry is to hackers and cyber attackers.
Why do hackers zero in on health records? According to Reuters, “Your medical information is worth 10 times more than your credit card number on the black market.” Reuters notes that criminals can use the stolen medical data to get access to billing information or to get their hands on drugs that they can later resell.
The cybersecurity shortage means opportunity for you.
While data breaches remain a significant concern for much of the healthcare industry, many healthcare teams do not have the expertise needed to protect their information.
Modern Healthcare cites the example of a medical center in California that had a talented cybersecurity team of five people, two of whom were recruited by other businesses. In other words, many organizations have trouble finding and recruiting top cybersecurity talent with the ability to stay on top of the most pressing concerns.
TechTarget comments on one of the reasons behind the scramble for cybersecurity experts: Many IT experts have a basic knowledge of the methods needed to protect data, but not the specialized skills to keep up with advanced security threats.
This lack of expertise may provide substantial opportunities for you if you’re seeking an advanced degree in the cybersecurity field. Across many industries, you’ll have the chance to prove your value to an organization as a cybersecurity expert with the skills to prevent and protect from the latest security threats.
You can fill the cybersecurity need.
The cybersecurity shortage is not unique to the healthcare realm. TechTarget quotes an expert who says a large number of H-1B visas issued in the United States are for cybersecurity experts from other countries.
Although workers from outside the United States can fill the need for cybersecurity professionals, another solution might come from within the country. Maryville University offers an online bachelor’s degree in cybersecurity and strives to provide the workforce with the individuals it needs to protect healthcare records from breaches.
At Maryville, our curriculum focuses on in-demand topics like general cybersecurity, offensive cybersecurity, and defensive cybersecurity — all of which might prove valuable to employers in the healthcare industry. Check it out, and see how your online bachelor’s can help you find your footing as a cybersecurity expert.
Computer Ethics Institute, “Ten Commandments of Computer Ethics”
Information Age, “Why the Healthcare Industry Badly Needs a Cybersecurity Health Check”
Information Systems Security Association International, “ISSA Code of Ethics”
International Business Times, “Timeline of Target’s Data Breach And Aftermath: How Cybertheft Snowballed for the Giant Retailer”
(ISC)², “(ISC)²: The World’s Leading Cybersecurity and IT Security Professional Organization”
Modern Healthcare, “Healthcare Struggles to Recruit Top Cybersecurity Pros”
Reuters, “Your Medical Record Is Worth More to Hackers Than Your Credit Card”
TechTarget, “Cybersecurity Skills Shortage Demands New Workforce Strategies”
SecurityIntelligence, “Tough Challenges in Cybersecurity Ethics”
U.S. National Library of Medicine National Institutes of Health, “A History of the Shift Toward Full Computerization of Medicine”