Ethics and security in information technology

Organizations store enormous amounts of private and sensitive data about their employees, clients and partners. Individuals rely on businesses to keep this confidential information safe, yet many organizations experience data breaches.

As a case in point, in 2023, Health Care Services Corporation announced that unauthorized users had accessed confidential data for over 192,000 patients.¹ That same year, Tesla announced a data breach impacting over 75,000 people.²

Data leaks and other breaches of security in information technology can lead to serious financial and legal consequences. For instance, companies may need to pay fines or ransoms after becoming victims of data breaches. Meanwhile, individuals may be more vulnerable to identity theft if information like social security numbers gets stolen.² Read on to learn more about the importance of ethics and security in IT.

The ethics of information technology

Ethics in information technology refers to moral guidelines that dictate how professionals should use computers and other forms of technology. These ethics help IT professionals navigate increasingly complex ethical dilemmas.³

Examples of ethical dilemmas in IT include deciding whether or not to:³

• Use copyrighted or patented material
• Disclose data leaks to the public
• Collect personal information from clients

IT professionals must follow some ethics in information technology to ensure legal compliance. The California Consumer Privacy Act requires businesses to practice transparency when collecting personal data.⁴ Likewise, the Fair Credit Reporting Act regulates the information gathered by consumer reporting agencies.⁵

IT professionals can also address ethical issues in the field by following best practices recommended by professional organizations. In particular, the Association for Computing Machinery’s Code of Ethics and Professional Conduct states that members should avoid actions that could cause harm and honor confidentiality.⁶

Security in information technology

The National Institute of Standards and Technology defines information security as “protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability.”⁷ Information security ensures that companies uphold data privacy and mitigate risk.

Cyber attacks are one of the biggest security threats in IT. Digital criminals have invented increasingly sophisticated methods to gain unauthorized access to data. According to the Cybersecurity and Infrastructure Security Agency (CISA), here are three recent cybercrime trends:⁸

• Attacking cloud storage: Criminals increasingly target cloud infrastructures to steal consumer data and prevent companies from accessing their cloud accounts
• Holiday and weekend cyber attacks: Criminals are more likely to attack U.S. organizations during holidays and weekends when fewer IT professionals work
• Triple extortion: Criminals may encrypt an organization’s network and make multiple threats to extort ransom money from the business, such as threatening to release confidential data and cut off internet access

The Federal Communications Commission recommends that organizations adopt security measures to safeguard confidential data. Best practices include:⁹

• Installing the latest antivirus and security software on company devices
• Using firewalls to prevent unauthorized access to private networks
• Storing devices in secure locations to avoid theft
• Encrypting and password-protecting Wi-Fi networks
• Requiring multi-factor authentication to access sensitive data
• Only allowing employees to access confidential data directly related to their jobs

The intersections of ethics and security in information technology

Ethical considerations play a significant role in security practices in IT. According to the ACM Code of Ethics, computer professionals have an ethical obligation to uphold the public good and implement systems to prevent security breaches.⁶ Likewise, ethical considerations influence many security measures, such as the installation of firewalls to prevent data breaches.⁹

Strategies that IT professionals can use to ethically address the threat of security breaches include:

Responding to cyber attacks promptly

If cybercriminals manage to access sensitive data, IT professionals have an ethical and legal obligation to take immediate action. CISA recommends that organizations immediately contact them, the FBI, or the Secret Service to report data leaks and other incidents.¹⁰

Additionally, the Securities and Exchange Commission requires public companies to disclose data leaks within four days of discovery. Companies must also practice transparency by providing an annual public report about their cybersecurity policies and procedures.¹¹

Conducting risk assessment

The ACM Code of Ethics states that computer professionals have an ethical obligation to analyze risk and take steps to minimize the harm that may occur due to the intentional or unintentional dissemination of data.⁶

According to the Open Data Institute, organizations can mitigate harm by considering these risks before sharing data:¹²

• Commercial: Risk of losing a competitive advantage
• Ethical: Risk of the data harming the environment, individuals, society, or national security
• Legal: Risk of violating laws, regulations, and legal contracts
• Reputational: Risk of damaging the company’s public reputation

After identifying risks, organizations can take security measures to prevent damage, such as anonymizing data before sharing it to protect individual privacy. Say a company wants to release data that would reveal the location of key components of the electrical grid. They might decide to exclude or censor that information to protect national security.¹²

Emerging trends and technologies in ethics and security in information technology

IT continues to evolve rapidly as new technologies emerge. Many IT professionals have recently implemented artificial intelligence tools. Additionally, companies have increasingly become interested in using information security to advance social justice.

Here are two recent trends in IT and their ethical implications:

Implementing artificial intelligence security measures

The recent emergence of large language models like ChatGPT has inspired many IT professionals to incorporate artificial intelligence tools into their workflows. For example, you can use AI tools to:¹³

• Automate threat response to cyberattacks
• Continuously monitor networks for cybercrime activity, even on the weekends
• Detect false threats
• Evaluate the behavior of company employees to spot bad actors who might steal data

However, AI also presents numerous ethical dilemmas. These tools can make mistakes or discriminate against particular groups.¹⁴ As a result, they may make faulty decisions, such as wrongly accusing employees of malicious behavior. Additionally, the use of AI to monitor user behavior may violate privacy rights.¹⁴

Combining IT ethics with corporate social responsibility

IT professionals promote ethics by aligning information security policies with corporate social responsibility (CSR) values. CSR refers to voluntary principles businesses use to impact individuals, society and the environment positively. Organizations that develop CSR strategies incorporate tenets like diversity and inclusion, fairness, and transparency.¹⁵

IT professionals can combine ethical approaches to information security and CSR to practice corporate digital responsibility (CDR). This approach benefits society by ensuring that businesses collect and manage data responsibly. Additionally, organizations can practice CDR by avoiding biased algorithms and adopting strict policies that exceed legal requirements.¹⁵

You can stay ahead of the latest trends in IT by following news publications in the industry and attending conferences like the ACM’s Workshop on Artificial Intelligence and Security.¹⁶

Security and software engineering in modern enterprises

Security and software engineering are inextricably linked. As technology continues to evolve at an exponential pace, ensuring secure software development is more critical than ever. Software engineering practices focus on producing high-quality software that meets user needs while being efficient and reliable.

However, security concerns arise when developing software without considering potential threats or vulnerabilities.

One significant ethical concern in this realm involves data collection and data management. With the exponential growth of data-driven services, especially web services, most organizations find themselves handling more data.

According to a recent McKinsey article, “High-performing organizations are three times more likely than others to say their data and analytics initiatives have contributed at least 20 percent to EBIT” and “winning companies are investing in the tech, data, processes, and people to enable speed through better decisions and faster course corrections based on what they learn.”¹⁷

This hyper-adoption and reliance on critical customer and business data make these large organizations attractive targets for cybercriminals. This brings about various ethical dilemmas.

One such dilemma: How should data be stored and accessed, ensuring information security without infringing on user privacy or diminishing the quality of the service and/or product?

Computer science and software engineering professionals must grapple with these ethical issues and find a balance that protects user data while delivering robust and effective software solutions. Computer security, especially in computer networks and web services, becomes paramount in these situations.

Ethical concerns in computer security

In the realm of computer science and IT, ethical concerns extend far beyond data. Ethical aspects of computer security encompass a broad range, from ensuring unbiased algorithms in data mining to respecting intellectual property rights, preventing software piracy and safeguarding individual privacy rights.

A prominent ethical issue arises with access control in computing systems. Who should have access to certain data or functionalities? How can network users be ensured a secure yet unrestricted experience? Computer security isn't just about safeguarding data; it's about ensuring an ethical digital experience.

Web services, given their omnipresence, pose particular challenges. As they become integrated into everything from e-commerce to medical devices, ensuring network security becomes not just a matter of data protection but a matter of public safety.

Digital ethics in the age of advanced technologies

The realm of digital ethics involves more than just security and technology considerations. It's about ensuring that as we integrate new technologies into our daily lives, we're doing so in a way that's respectful of individual rights, societal norms and global standards.

Advanced technologies, such as AI and data mining, present both incredible opportunities and significant ethical challenges. In light of this, how can large corporations ensure the ethical use of AI, especially when dealing with sensitive data? Or, how should businesses handle intellectual property in an age where data is so easily shared and replicated?

On the other hand, information assurance is a growing field that blends the technical aspects of information security with the ethical standards required to use technology responsibly.

Security and ethics in IT are not merely technical or theoretical concerns—they are more important than ever in a quickly expanding digital universe. They touch upon the very essence of how we interact with technology in our daily lives, how businesses operate in the digital age and how societies evolve in the face of rapid technological advancement.

Elevate your career with an online M.S. in Computer and Information Science

Companies rely on IT professionals to implement ethical and effective security measures. You can learn the latest techniques to prevent data leaks and other cybercrimes with an online M.S. in Computer and Information Science from Marquette University.

Our leading program enables you to develop career-ready skills you can implement in the workplace. You’ll sharpen your ethical decision-making and technical abilities as you take classes like Advanced Computer Security, Data Ethics and Data Security and Privacy.

You can also focus on Information Assurance and Cyber Defense, IT Management and other areas, which will allow you to dive deeper into the topics that align with your interests and professional goals.

Schedule a call with an admissions outreach advisor today to get started.