TechFite Case Study C841: Review on Evidence
TechFite is a tech consultancy company whose client’s product information ended up in the hands of the company’s competitor. An investigation was launched to find out how this took place. It is suspected that TechFite facilitated the data breach. It was found that there were no specific details on the auditing of the user accounts. This is one of the vulnerabilities that would have facilitated the leaking of privileged information. This is evidence of the violation of the non-disclosure agreements (NDAs). Although the company employees may not have actively leaked the information, their negligence facilitated the loss.
Additionally, it was found that TechFite was receiving money by using off-the-books payment methods. It is also evident that two email accounts created with the request of Carl Jasper were used for intelligence gathering activities. This could be how the products’ information leaked to the competitors (Cristea, 2020).
It was also found that the TechFite computers were used to penetrate the computer systems of other internet companies. This may indicate the deliberate attempt to gather privileged information on the technology developed by various companies. Additionally, they engaged in intelligence gathering activities such as mining the digital trash from other companies in the pursuit of intelligence. This may indicate that Carl Jasper may not be acting alone.
Strategic and Competitive Intelligence Professionals (SCIP)
This may also violate the Strategic and Competitive Intelligence Professionals (SCIP) ethics that prohibit the use of illegal and covert business intelligence activities. It is also evident that the business intelligence unit may have created dummy accounts without proper authorization. This account has access to critical information such as legal, finance, and human resource. This is a possible vulnerability used in the leaking of the data. However, it is not evidence of the exact means used to extract privileged information (Connor & Doan, 2021).
Read Also: Topshop Marketing Strategic Planning Essay
TechFite Ethics and Cybersecurity Powerpoint
Techfite Ethics and Cybersecurity Case Study
It is noted that the organisation does not collect any other detail about the clients and visitors to their website. In addition to this, personal information is not disclosed to the third party, the sponsors. The client’s personal information can be shared with the vendors in cases where the product or service is concerned (Gregory, 2007). They may also leverage personal information while responding to the client’s inquiries.
Women in Cybersecurity
However, it is noted that Women in cybersecurity do not take responsibility for third-party organisations’ practices, information, and privacy. This is with the realisation that third parties would utilise cookies to leverage the customer’s personal information for advertisement purposes. Therefore, the organisation urges the visitors not to send sensitive information such as credit card numbers, driver’s licenses, and social security numbers.
TechFite ought to adopt such measures to facilitate the enhancement of privacy (Gregory, 2007). However, because the company deals with sensitive information in its core business, it ought to have better data security methods. Such methods include the escalation of privilege among the workers according to the security required in providing services.
SVCSI – Silicon Valley Cybersecurity Institute
The second company is SVCSI – Silicon Valley Cybersecurity Institute, a not-for-profit organisation that seeks to promote, investigate, and develop the best practices. The company’s cybersecurity section defines terms that include account, business, company, consumer, cookies, country, data controller, and personal data, do not track, usage data, and website. The personal information details include usage data, address, phone number, name, and email address.
The organisation informs the clients of the instances that would lead to the disclosure of personal data to third parties; they include business transactions such as a merger, law enforcement, and other legal requirements such as the lack of compliance to legal obligations (Gregory, 2007). TechFite failed to disclose the guidelines on dealing with the client’s data. There ought to have been a protocol for the management of data for the benefit of the clients.
In general, there was bleach in the company’s non-disclosure agreements after their product found its way to the competitors. TechFite had guaranteed they would not breach confidentiality, but their infrastructure does not allow them to commit. This happened to two of the company’s clients, with TechFite being the common denominator. The actor, in this case, is the company’s management in ensuring the protection of clients.
The clients also ought to have clarified whether the infrastructure in TechFite would facilitate the It was found that there was a lack of escalation on privilege, surveilling internal network activity and traffic, and enforcing data loss prevention (Gregory, 2007). Therefore the protocol in TechFite does not allow data protection. Even though there were overt acts of bleaching the non-disclosure agreements, there was negligence, thus leading to illegality due to omission.
The fact that the infrastructure in TechFite did not facilitate the protection of customers’ information from third parties. The fact that there were non-disclosure agreements means that TechFite should ensure that they adhere to the non-disclosure agreements. Therefore the negligence in the company leads to the leaking of information on the client’s product getting to the hands of the competitors. This affected the future profitability of the client’s research process (Gregory, 2007). Therefore, TechFite was in direct contradiction with its responsibility as a consultant with sensitive information belonging to the clients.
Business Intelligence Unit
The Business Intelligence unit proved that there was negligence on the side of TechFite. The protocol used to ensure cybersecurity in TechFite contains a basic procedure that does not match the sensitivity of the client’s information (Gregory, 2007). This indicates gross negligence for a tech consultancy company. Additionally, a piece of misleading information on the company’s website indicated that they could provide information protection according to the non-disclosure agreements.
To prevent such a breach of privilege, but ended up auditing the company employees’ user accounts to ensure that there is cybersecurity for the client’s privilege. There also ought to be data loss prevention for sensitive documents. Additionally, there is a need to escalate privilege for the client’s sensitive documents (Caspian IT Group Code of Ethics., n.d.). There is also a need to prevent surveillance in the company’s network. The negligence would be ensured to ensure success with the project. Therefore the client’s intellectual property rights would be protected from competitors.
One of the deliberate measures that would be implemented in this pursuit includes incorporating security awareness training and education program. The TechFite worker ought to understand fraud prevention, whaling, phishing, malware, and spam (Caspian IT Group Code of Ethics., n.d.). Additionally, the tech support team should audit all the worker’s user accounts to prevent privileged information from finding its way to the client’s competitors.
In conclusion, there is negligence in TechFite while dealing with the client’s privileged information. It would be ethical for the company’s management to ensure that they must fulfil their promise to clients when they sign non-disclosure agreements. Therefore the infrastructure ought to work in the best interest of the client’s. Security awareness is very critical for the client, management workers at TechFite. They ought to have a department specialising in cybersecurity.
To improve cybersecurity at TechFite, the following steps can be taken:
- Implement regular user account audits: This would ensure that all user accounts are legitimate and that any suspicious activity is detected and addressed promptly.
- Implement proper financial tracking: This would prevent the use of off-the-books payment methods and ensure that all financial transactions are transparent and traceable.
- Limit access to sensitive information: By restricting access to sensitive information to only those employees who need it to perform their job, the risk of data breaches is reduced.
- Conduct regular security training: Employees should be trained on how to identify and prevent security threats, as well as on the company’s security policies and procedures.
- Implement strong passwords and multi-factor authentication: This would make it more difficult for unauthorized individuals to access sensitive information.
- Conduct regular security assessments: This would help identify vulnerabilities and weaknesses in the company’s systems and networks, and allow for appropriate measures to be taken to address them.
- Implement incident response plan: A well-defined incident response plan will help minimize the impact of security breaches and allow for a quick and efficient response.
- Compliance with Industry standards: Compliance with standards such as SOC2, PCI-DSS, HIPAA and ISO 27001 would ensure that the company is following best practices and industry standards for data security.
- Regularly monitor network activity: Regularly monitoring network activity would help detect suspicious activity and prevent data breaches before they occur.
- Adopting a culture of security: Creating a culture of security within the company would help ensure that all employees understand the importance of cybersecurity and take it seriously.
It is important to note that improving cybersecurity requires ongoing effort, and it is necessary to regularly review and update the security measures in place to keep up with the ever-changing cyber security landscape.
Citation and Reference Example 1-No Specific Writing style
|Citation and Reference Example 1-No Specific Writing style|
|In-text||An ethical guideline used by the Information Systems Security Association (ISSA) states that members will “Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles” (ISSA Code of Ethics, n.d.).|
|Reference Page entry||Information Systems Security Association (ISSA) Code of Ethics. n.d. Retrieved from
Citation and Reference Example 2-No Specific Writing style
|Citation and Reference Example 2
No Specific Writing style
|In-text||According to Grama (2015), “the Internet is a protected computer because the Internet facilitates commerce between different states”.|
|Reference Page Entry||Grama, J. L. (2015) Legal Issues in Information Security|
- Caspian IT Group Code of Ethics. n.d.
- Gregory, P. H. (2007). Security and privacy driven by business-aligned cyber risk management – SANS IT Code of Ethics.
- Connor, B. T., & Doan, L. (2021). Government and corporate surveillance: moral discourse on privacy in the civil sphere. Information, Communication & Society, 24(1), 52-68.
- Cristea, L. M. (2020). Current security threats in the national and international context. Journal of Accounting and Management Information Systems, 19(2), 351-378.