Ransomware Doesn’t Scare Me; Listeria Does
- One immediate field that I can think of off the top of my head is consulting. Consultants are tasked with protecting the confidentiality of their clients and their clients’ data. An element of consulting that should never have access to the Internet (on the consultant’s side) is personally-identifiable information. Consultants should never receive any personally-identifiable information about people from the clients that they are working with, and should delete any information that they receive / not look at any information they receive if it does contain personally identifiable information because that is a violation of privacy and can result in the consulting firm getting into sticky situations if not handled well. Information that should be carefully guarded is anything that is shared with the consultant from the client–this information should be guarded even after a case ends through a proper disposal method.
Who Invited Her?
- In this case study, Sara Wilund spoke up and questioned why the executives needed to amp up security. She argued the opposite–instead of ramping up security, the company should focus on taking their assets offline. She brought up what no one else thought of: bringing in a consultant. Had the CEO ignored her, or if she had stayed quiet, the company could have gone in the direction of spending more money on security haphazardly. In fact, as Chad noticed during the consultant inspections, “seeing all the vulnerabilities made him think another attack was all but certain.” Had Sara stayed quiet, the company would have gone in the direction of 1) losing more money due to spending on security supplies, and 2) losing more assets due to another hacker attack.
- She challenged the notion that going digital was better. Digitalization can help make a company more efficient in many aspects, such as reducing labor costs and improving accuracy, but it also does have its shortcomings. Sara proved that not everything was better with digitalization, and not everything needed to be digitized. She also challenged the notion that someone of a more subordinate rank (she was the deputy to the COO) could speak up against executives and express her opinion. She further challenged gender stereotypes, where women are typically silenced and men are listened to–despite the men dismissing her opinions, she still held onto them strongly. It’s important that she challenged all of these implicit assumptions because she opened a new area for the company to look into when determining what they should do.
This case study may be relevant to our project because we are working with a lot of data from the Internet. When we are scraping for data, we have to be careful regarding issues around privacy. We can only pull data that has the consent to be shared, and we also have to be careful with how people are using our data on our app. Since we will be hosting users on our platform, there is information we must protect from hackers (logins, photos, etc.).
