Project Combination Plus Summary

Running head: MILESTONE THREE

Milestone III

Terri Y. Hudson

IT-659 Cyberlaw & Ethics

May 15, 2017

The hack that occurred at Yahoo in 2016 remains to be one of the shocking events related to a technological company. From analyzing the incident, it can be seen that the group was laid back in some aspects and is huge to blame for the incident. There are clearly some changes that the company could have implemented that would have prevented the incident. This article will look into relevant changes that would have prevented the occurrence of the hacking.

Recommendations

Upgrading security system

Before the incident, Yahoo had failed to prioritize information technology security. Despite frequent requests from the staff and security experts for the need use new models in securing information, the board of directors failed to authorize these recommendations. The argument was that these new models were expensive and complicated. This decision later came to haunt the firm as it was one of the reasons that the systems were hacked. The systems were outdated, and the systems were left vulnerable. For instance, Yahoo stored passwords of its user an algorithm named MD5 that was first published in 1992 and which was discounted as a secure security method from the mid-2000s. If the company had made upgrades to the security system, they would have been able to prevent the incident, or they would have at least been warned in case of unauthorized access (Perlroth, 2017). Therefore, upgrading the security system becomes a valuable recommendation that would help in preventing future similar incidents.

Hiring legal hackers to test the system

White hat hackers are individuals who test the systems of companies to evaluate risk posts and offer recommendations. They are very in the event where a company wants to prevent sophisticated attacks. Utilizing this group of hackers to perform high-level penetration and attacks tests could have helped Yahoo to know its weak points. However, the company once again failed to prioritize security and did not apply these precautions and was left with a vulnerable security system. These days it is an ordinary routine for companies to conduct in-house tests. However, the engagement of white hat hackers offers efficiency and exhaustive analysis of the system. If Yahoo had taken advantage of this aspect of precaution, it would have been able to prevent or to work on weak spots in the security system. Therefore, as one way of ensuring that the firm does not have future incidents of the same caliber, it is recommendable to involve white hat hackers as a measure of preventing sophisticated attacks (Farhat, McCarthy & Raysman, 2011).

Ethical guidelines

Many of the ethical dilemmas face by IT professionals especially when it comes to information technology revolve around privacy. Ethical guidelines can be defined as codes which an organization used to determine what courses of actions are morally wrong or right. These guidelines are then used by employees of the firm to determine the order and way through which they perform their duties (Radziwill, Romano, Shorter & Benton, 2015). One of the ethical guidelines that would have helped prevent the incident is prioritizing consumer’s security. That is in this case; Yahoo was faced with the dilemma of whether to upgrade the security systems or not. On the one hand, upgrading the systems seemed to be an expensive and complicated task but at the same time, leaving them in that state was a risk to the security of their consumers. Faced with these options, the firm went for the business minded option and decided to save on costs and risk being hacked. However, the company failed to realize that the consumers are of importance to the firm and this move undermined their importance to the firm. As a result, the incident inevitable took place. In the future and even at the moment, it is recommendable that Yahoo makes an ethical decision with the consideration that the customers are of great value to the company. The loyalty of the company should be with the consumers since they are virtually responsible for the revenue that the firm generates.

Another ethical guideline that the company should have used so as increased monitoring of computer and online activities. As far as the law permits, a company has the right to regulate the activities that take place with their equipment. This is to enable them to determine cases where employees are taking advantage or misusing company property. To further protect the information security and prevent cases of hacking, the company should implement the ethical guideline that ensures they can read all the messages that are sent using the firm’s computers. This is because in most cases of hacking, the perpetrator is always an insider or happens to have insiders help (Bhardwaj & Singh, 2011). If Yahoo had taken the extra measure of monitoring activities that take place on their company’s computers and online platform, they would have been able to see the patterns that eventually led to the incident. This guideline could be enforced by the use of in-house white hackers to regularly test the proficiency of the employees in detecting dangers on the online platform and being able to use precautions required. This would have helped the firm to avert the crisis and should be on the company’s strategy as a way of preventing the occurrence of similar incidents in the future.

References

Bhardwaj, M., & Singh, G. P. (2011).Types of hacking attack and their counter measure. Int. J. Educ. Plann. Admin, 1(1), 43-53.

Farhat, V., McCarthy, B., & Raysman, R. (2011).Cyber-attacks: prevention and proactive responses. Retrieved June, 15, 2015.

Perlroth, V. (2017). Yahoo Says 1 Billion User Accounts Were Hacked. Nytimes.com. Retrieved 10 April 2017, from https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html?_r=0

Radziwill, N., Romano, J., Shorter, D., & Benton, M. (2015). The Ethics of Hacking: Should It Be Taught? arXiv preprint arXiv:1512.02707.