Ransomware
In my opinion, Chad should implement Sara’s suggestion: take the most critical parts offline and add more trusted humans. There are many companies that could risk public safety if they were managed by over-networked systems and then hacked. One that comes to mind is 23andMe. As consumer genetic testing gets more popular, the risk of cyber attacks increases. If 23andMe’s system was hacked, a person’s genetic data can be used for discrimination or extortion, and the implications are far worse if entire databases are leaked. This could potentially raise national security concerns. I don’t believe we fully understand the true implications of such an attack. According to a report, 23andMe and Ancestry are being investigated by the Federal Trade Commission over their protocols for handling personal information and genetic data and how they share that information with third parties. Regulations tend to lag behind tech so it’s difficult to navigate these situations because there is no standard for genetic privacy yet.
For consumer genetic testing, personal information and genetic data should be online and carefully guarded. It is difficult to identify elements that should never have access to the Internet—I don’t believe there is one for consumer genetic testing companies, other than DNA testing protocols. However, I don’t believe a hacker would be interested in gaining access to those protocols. Personal information and genetic data are the main draw for hackers and I believe the vulnerabilities lie in how these companies share this data to third parties.
Who Invited Her?
If the woman stayed quiet, the company would’ve continued to invest their resources in their interconnected network. She asked a very simple question: “Why do we need to access them digitally?” This must’ve been psychologically difficult to ask in this situation because the team seemed to have already decided the solution already. She had the courage to challenge two assumptions: the assumption that she shouldn’t speak up as a deputy to the COO and the assumption that anywhere-anytime access was safe. Although I wouldn’t blame her if she had stayed quiet, it’s important for her to speak up (despite how hard that can be) and for her coworkers to welcome her diverse perspective in order to instigate change in an organization.
