As others within this discussion forum have highlighted, the current impetus is in the direction of steadily increasing remote work. With these increasingly digitalized organizational activities, the governance of conduct within the digital realm will be of paramount importance to management and employees alike. If those within an organization do not feel that the digital workspace within which they function is secure, respectful, and supporting of clearly delineated modes of conduct, morale and productivity will suffer. Group cohesion and functioning (Robbins & Judge, 2017) are inherently linked to an organizational perception of the security of their work setting.
2020 brought many sweeping new privacy laws into effect and enactment. It appears that the legislative and judicial pendulums are swinging nationally in the direction of increased codification of data privacy best practices, and this emphasis upon standardization of digital conduct fundamentally impacts corporate, non-profit, and educational organizations. The specific impacts this upswell of legal changes pivoting organizations towards a more regulated internet are still unfolding. The onus is on management to prevent the digital divide from isolating and unduly shortchanging its most vulnerable internal communications. "The cost of cyber- insecurity is already too high” (Raicu, 2021, p. 1).
The consensus of leaders in the cybersecurity community is clear: data privacy vulnerabilities must be speedily addressed for all organizations.
“The need for cybersecurity is becoming increasingly important due to our dependence on Information and Communication Technology (ICT) across all aspects of our cyberphysical society. Cybersecurity is essential for individuals, for public and non-public organizations, but guaranteeing security often proves to be difficult. The websites of many governments have limited security”(de Bruijn & Janssen, 2017, p. 2)
For organizations to trust their leadership, they must see evidence that leadership is self-aware of its own vulnerabilities within its "cyberphysical systems, the greatest impact occurs when an intruder gains access to the supervisory control access and launches control actions that may cause catastrophic damage" (Ten et al., 2008). Transparency from the C-Suite concerning its essential need to continually reassess and upgrade the cybersecurity practices and experiences of its employees is often in short supply. The nature of cybersecurity requires that it change and adapt constantly, and as we know, organizations often resist change.
The Information and Communications Technology (“ICT”) Supply Chain Risk Management (“SCRM”) Task Force at the Federal Cybersecurity & Infrastructure Security Agency provides a great example of how public and private-sector partners can work together to complement one another’s strengths and facilitate better mutual access to real-time information. The task force promotes a public/private, hybrid model for collaboration. Representatives from the technology and communication sectors participate with a shared focus upon securing the supply chain for their respective sectors. The goal of the ICT SCRM Task Force is to develop strategic and operational recommendations for risk reduction; since 2020 it states that private sector organizations should adopt a “Zero Trust Model” (Clarity Innovations, Inc, 2020, p. 1) for its digital networks. In other words, organizations must conduct their digital communications, both internally and externally, with the ongoing acknowledgement that security breaches are constant and inevitable.
Most senior leadership in both the private and public sector still operate with zero transparency as to how they manage their organizational cybersecurity. Organizations have an enormous challenge to integrate cybersecurity into their daily operations. Organizational cultures must embrace the new security landscape which can no longer relegate cybersecurity protocols to a faceless IT group who sends out infrequent, wonky updates which are difficult for the rest of the organization to comprehend. An inclusive approach on the part of management which educates and fully informs all its employees can begin to demystify the topic in the organizational behavioral context (National Initiative for Cybersecurity Education Working Group Subgroup on Workforce Management at the National Institute of Standards and Technology [NIST], 2018).
References
Clarity Innovations, Inc. (2020). Establishing a zero trust ecosystem [PDF]. K12blueprint.com. Retrieved 2021, https://www.k12blueprint.com/sites/default/files/K12-Building_Zero_Trust_Ecosystem.pdf
de Bruijn, H., & Janssen, M. (2017). Building cybersecurity awareness: The need for evidence-based framing strategies. Government Information Quarterly, 34(1), 1–7. https://doi.org/10.1016/j.giq.2017.02.007
National Initiative for Cybersecurity Education Working Group Subgroup on Workforce Management at the National Institute of Standards and Technology. (2018, October 15). Cybersecurity is everyone's job. NIST. https://www.nist.gov/news-events/news/2018/10/cybersecurity-everyones-job
Raicu, I. (2021, March 23). On cyber-insecurity and the common good. scu.edu/ethics/internet-ethics-blog. https://www.scu.edu/ethics/internet-ethics- blog/on-cyber-insecurity-and-the-common-good/
Robbins, S., & Judge, T. (2017). Essentials of organizational behavior (14th ed.). Pearson.
Ten, C.-W., Liu, C.-C., & Manimaran, G. (2008). Vulnerability assessment of cybersecurity for scada systems. IEEE Transactions on Power Systems, 23(4), 1836–1846. https://doi.org/10.1109/tpwrs.2008.2002298
