What special security threats do online businesses face? Although online businesses and businesses with an online component have the most potential for growth and expansion, they are also the most vulnerable to threats, such as security breaches and viruses. If you’ve ever clicked on a banner ad or downloaded a program, you’ve run the risk of allowing adware or spyware onto your computer. Adware is any software application that displays banner ads or pop-up ads while a program is running. At best, this is annoying. At worst, the software installs spyware, which tracks your personal information and passes it on to a third party without your knowledge.

Spyware operates in the backchannel of an Internet connection, collecting data and relaying that data to interested parties for the purposes fraud or identity theft. This can cripple businesses. Hackers can use spyware to steal money, erase valuable information, or even crash an entire company’s system. The most insidious spyware can capture keystrokes, thereby stealing passwords and other confidential information, which can grant hackers unlimited access to company networks.

Can a business protect its online identity? Any business that processes transactions online is at risk of having its customers’ credit card information stolen by hackers. Spyware is not the only method that hackers use to obtain private information. Phishing is a common way to trick online users into sending their personal information, like credit card numbers, straight to hackers.

Suppose you have a credit card account with Bank of America and you receive an e-mail from the company informing you that your online passwords need to be updated. The e-mail requests that you fill out a secure form with your personal information so Bank of America can reactivate your online access. The e-mail has Bank of America’s logo and background, and it includes a link to the secure form to be filled out. You click on the link, which takes you to an online form on the Bank of America website. After completing the form, which asks for your name, address, password, credit card number, and credit card expiration date, you click the submit button and send all of that information to Bank of America.

Surprise! You’ve just been phished. That e-mail was not from Bank of America but from hackers who broke into Bank of America’s network and copied its logo and e-mail design. The link you clicked took you to a fake website that was designed to look like an authentic registration form. You just sent your banking information to phishers, who can now use your credit card to make fraudulent purchases in your name and potentially destroy your credit rating. It also hurts Bank of America because the bank will have to track and cancel any illegal transactions and issue you a new credit card account. If you find yourself in this situation, be sure to report it to the company’s fraud or abuse center.

Banks are not the only businesses that suffer from phishing. Online retailers, such as eBay, or payment services, such as PayPal, have been the victims of spyware and phishing. This can cost them dearly because customers may no longer trust these websites after they have been scammed. Businesses that have been hacked often spend thousands of dollars on reclaiming lost information and updating their antivirus programs and security systems to prevent future break-ins. Although these security breaches remind us of the risks of online transactions, they also force online businesses to keep their networks protected with the latest technology and take extra precautions to protect consumers.

What risks does a breach of security pose for management? With so much of the value of a modern business stored in electronic material—whether as documents, software programs, or e-mail files—a company can be vulnerable to hackers. Hackers are individuals who gain unauthorized entry into a computer system. Their goal may be to disrupt the operation of the system or gain access to protected data. The retailer Target had a breach to its data records that impacted more than 70 million people. Information stolen included customer names, credit card numbers, e-mail addresses. Secret Service investigators believe it may take years to identify the hackers responsible. Analysts estimate the cost to Target at nearly half a billion dollars.

Another large security breach occurred when the Sony Pictures Entertainment division was illegally hacked a few years ago. Before IT staff could halt the infiltration, the hacker software had stolen and then erased everything stored on thousands of the company’s computer systems. The hackers than began to copy the files they had stolen to public sharing sites—unfinished movie scripts, social security numbers, and lists of salary information about top film stars were all made public. This was after a large security breach had occurred on the Sony PlayStation Network a few years previously. In that attack on the online gaming service, more than 77 million members had personal information and credit card numbers exposed to an unknown hacker.

Sometimes it is not an attack from the outside that jeopardizes business stability. The business can also be vulnerable if technology is not implemented reliably. Even a short blackout of vital services, such as internal e-mail or customer access to a corporate website, can damage a company’s reputation and value. For example, when the Hawaiian airline Go! attempted to sell 1,000 tickets for $1 each, the promotion crashed the company’s website, and buyers couldn’t purchase the tickets. To win over the upset customers, the airline was forced to double the number of $1 tickets it was offering.4

Can technology also be used to support ethical conduct? Part of the Sarbanes-Oxley Act of 2002 mandates that all public companies have procedures for handling the concerns of whistle-blowers—people who report on illicit activities. Several corporations now use their intranet to allow whistle-blowers to make anonymous reports. Organizations such as the Occupational Safety and Health Administration (OSHA) and the American Civil Liberties Union also have designed their websites to allow people to file reports easily and safely, shielding them from possible retaliation.

This type of reporting system is common in hospitals and medical centers. Staff members can report “near misses”—mistakes that could have occurred but were caught and corrected—through the organization’s intranet. This allows an organization to learn from possible mistakes but safeguards the employee from embarrassment or disciplinary action. Without the benefit of anonymity, many mistakes and unethical actions might go undetected.

Other websites are more controversial in how they support similar activities. The site WikiLeaks describes itself as “a multi-jurisdictional public service designed to protect whistleblowers, journalists and activists who have sensitive materials to communicate to the public.”5 But it has sparked several controversies because it has made public confidential documents from the U.S. military, the Central Intelligence Agency, the U.S. Embassy, and a variety of private corporate reports and e-mails. For example, WikiLeaks made public a video of a U.S. Army helicopter strike in Iraq against a group that included children and two Reuters journalists.6

How has technology impacted employees? Some uses of technology in the workplace have brought about difficult changes. The increasing volume of e-mail can contribute to a breakdown in communication as fewer personal exchanges take place. Communication experts agree that in face-to-face discussions, up to 93 percent of the meaning of the messages exchanged is communicated in nonverbal ways—through gestures, glances, body position, and facial expression. As more office discussions take place via e-mail, the chance of misunderstandings and errors continues to rise.

The boundary between work and home has also blurred because of the increase of technology. Once a worker has access to office files from home and the office has access to employees via smartphones or live videoconferencing, the workday can extend dramatically.

How does technology affect employee privacy? At home, U.S. citizens are guaranteed specific levels of privacy and freedoms. In the workplace, however, the expectation of privacy is quite different. Electronic monitoring is commonly used to track employees’ keystrokes and e-mails, examine their Internet browsing histories, and even monitor their mobile phones and text and instant messages. Camera surveillance is also used.

Electronic surveillance can help companies prevent theft, fraud, and employees from loafing on the job and improve a firm’s security. The practice is also generally legal as long as employers inform their workers they are being monitored. However, if the monitoring is extensive, employees can begin to feel stifled to the point where they no longer do their best work. Researchers have found that employees experience an increase in stress and anxiety when their work is being monitored, which in turn can lead to health problems and job dissatisfaction.7 Finding the balance between an appropriate level of monitoring and an optimal work environment is a continuous challenge.