Like in any business or implementation of any new business model, there will be risks that need to be evaluated by key members of the business team that is taking on this new implementation. The case of implementing Wombat Securities technologies into Chatham University is no different. In buying, leasing, or subscribing to a security system from a university's perspective there is going to be risk. Some of those risks can be operational and transactional, confidentiality of information, and risks to business continuity. Operational and transactional risks can arise if the firm being targeted does not have the supported technology and the infrastructure of the institutions processing environment. If Chatham Universities processing environment was not up to scale to buy, lease, or subscribe to Wombat Securities, it may pose a risk. Risks to confidentiality of information are brought to light by how much confidential information a third party handles. The more often they handle a large volume of confidential information, the more at risk. Chatham could possibly be at risk if Wombat securities were to handle a large amount of confidential information very frequently, as a third party. However, Wombat requires very little end-user information, other than an email address mitigating the risk versus other software systems. A threat to business continuity from a security perspective relates to if their servers can continue their operations, that keep the overall business operations going, in the event of a natural disaster or a threat to the electronic. In the Austin text, The Adventures of an IT Leader, IVK was hit with a very big problem when it’s systems went down one morning, leading to the debate over what the company should do, shut down or keep going. Something that businesses do not want to deal with is the response time it takes for their systems to get back up, and in the case of IVK, it took too long (Gallaugher, 2015). How fast the systems are able to respond in such an event, and how resilient are they to in adapting is crucial to continuing the business operations.
If Chatham were to use Wombat’s security systems, there will be times where the university will come across privacy issues from the customer, employee, vendors, or any other individual whose privacy rights might be violated. For the majority of privacy issues they may come about, the risk associated with these issues is fairly average and the potential for something serious to occur is unlikely to happen. Wombat does reserve the right to update, modify or otherwise alter the privacy policy with the university at anytime, and at their own discretion will generally provide an up to date notice to users through posting an updated privacy policy on the site. Wombat does provide information on any materials changed to the privacy policy and any further changes will be notified by email once those become effective. The university will also have to be aware that Wombat does share information about their customers with third parties and this is an important part of their business. Even though they do use it responsibly and don't share, sell, rent or otherwise disclose personal information collected by their forms, Chatham should be aware that there is a possibility of email address, company information, or names to third parties being compromised. This information sent to third parties may include browsing data used for third party promotional or tracking purposes.
Wombat security and its partners use cookies or similar technologies to analyze trends, administer the website, track users movements around the website and to gather demographic information about the users as a whole. It’s important for the university to understand that they have the choice of accepting or declining the use of cookies through their web browser. Wombats information may include IP addresses, browser type, ISP, files viewed on their site and more. Wombat does employ or partner with other companies and individuals who perform functions on their behalf like processing credit card payments, shipping, web analytics, surveys and providing marketing assistance and have access to personal information. The university should be aware of this and understand Wombat needs to comply with the law and protect the rights, property, and safety of their users and information. Wombat also includes customer testimonials, comments, and reviews that may contain personal identifiable information. In this case, the university should be aware a whether or not they gave Wombat consent to post their information prior to the testimonial.
While looking at potential security issues from technical perspective, a security issue would be a firm, in our case Chatham University, not having the necessary technology and update software to support a Wombat security Knowledge Assessment, Mock Phishing tool, and Awareness Training modules. If the software that Wombat Securities uses are more advanced than the system that Chatham uses, that could potentially leave the IT systems at Chatham temporarily vulnerable. This could have the opposite effect on Chatham that Wombat would want to have, leaving a IT system of a firm more vulnerable to phishing attacks. However, these security issues are only potential issues, as if a firm's software was extremely outdated. As stated above, discussing potential privacy issues, a major security issue from a behavioral perspective is the part of the business model Wombat does not share their customers’ information with third parties. In a real life case, this comes down to trust. How much does a firm trust a business like Wombat Securities to handle this amount of information and not get burned. At the end of the day, what Chatham University would be doing is allowing another business to have access to faculty, staff, and students possibly confidential information. Where trust is built in any aspect of life is on experience and proving over and over again that someone or something can be trusted. One thing that Wombat Security does have is a proven track record that they can be trust in a given business situation. Wombat has worked with business such as financial service companies in the Midwestern U.S., international chemical companies, and Gartner, a technology research company. All have given testimonials to the great work that Wombat securities have given them, and how they have accelerated their business forward. One thing that Chatham also does not want to happen is a security breach, which could cause reshuffling at the top as is shown in the ZDNet newsletter article, Target names DeRodes CIO; Aims to rebuild security chops (Dignan, 2014). When Target had a security breach, a clearing of the house and a new CIO was in place. Other businesses may follow their lead if they experience their own set of security issues.
When considering the potential risks, security and privacy, the benefits from Wombat Security outweigh the risks. In the Harvard Business Review article, I Was a Cyberthreat to My Company. Are You?, employees falling for criminal attacks on software are presented. The article touches on how employees are presented very often with the opportunity to be a potential risk to their own company via a cyber threat (Prokesch, 2014). Wombats services of educating employees on how to avoid being a threat to your own company present huge benefits. The risks of Wombat, stemming from third party representatives having access to a firm’s information and security vulnerability due to outdated software, are wiped out when testimonials and credible case studies from top universities give way to Wombat’s effective services. The IT systems are Chatham University should not be a problem to be working with Wombat Security's’ software, and the third party representatives having potential access to information should not trouble Chatham due to the case study and effective project done by Wombat Security at a northeastern college. The potential risks are small, and the potential benefits are large.
Prokesch, S. (2014, November 05). I Was a Cyberthreat to My Company. Are You? Retrieved
November 04, 2017, from
https://hbr.org/2014/08/i-was-a-cyberthreat-to-my-company-are-you
Austin, R. D., Nolan, R. L., & O’Donnell, S. (2016). The adventures of an IT leader. Boston,
MA: Harvard Business School Publishing.
Dignan, L. (2015, December 04). Target names DeRodes CIO; Aims to rebuild security chops.
Retrieved November 04, 2017, from
http://www.zdnet.com/article/target-names-derodes-cio-aims-to-rebuild-security-chops/
No comments:
Post a Comment