Information security seems to have become a hot-button issue for every single member of the entrepreneurship area. Although the recent technological breakthrough has provided a plethora of opportunities for improving the quality and speed of data processing, it has also facilitated numerous malefactors with tools for conducting cybercrimes such as sites hacking, identity and personal data theft, attacks at major databases belonging to public and private companies, etc. The CVS Company is no exception to the rule of information safety; without a proper security system for its data, the company is currently facing the issue of patients’ personal information leakage. Although the patients’ personal data has already been made available to criminals and there is hardly anything that the organization can possibly do about it, CVS may still improve its information management and facilitate the patients with safety once a set of measures aimed at reconsidering the current approach towards information security is undertaken.
A closer look at the subject matter will reveal that being a technology-based organization, such as CVS, does not mean being able to secure the data that the organization has at its disposal in an adequate and reasonable manner. Particularly, the issue regarding information management deserves to be brought up. It is highly desirable that an organization should have a rigid set of rules and principles concerning information transfer. For instance, it is necessary that the staff should be prohibited from discussing the company related information with anyone apart from the organization members. The specified principle should be spelled out in an especially clear manner, as people traditionally have a very distinct image of a rivalry company in their mind and, therefore, tend not to relate their family members and friends to the potential threat to the security of the organization’s data. Thus, it can be assumed that the lack of clarity in CVS’s code of ethics and information management manuals has led to the drastic effects mentioned above. Consequently, the concept of non-disclosure of the patients’ personal data must be made one of the crucial notions in the framework of the facility’s operations.
In order to prevent the issue from becoming a recurrent phenomenon, one must make sure that a new and improved set of principles for the CVS members to comply with when dealing with the patients’ personal data (i.e., retrieving it, transferring it from one staff member to another, discussing the subject matter with each other, etc.) should be detailed and provided for all company members to get themselves acquainted with. The specified goal can be identified as an interim one, as the rules and principles for the staff to follow have to be designed rather swiftly so that the organization could start altering the staff’s behavioral patterns sooner and, therefore, had more time for the specified behavior to be developed into a habit in the employees. Moreover, the CVS organization will have to notify all patients so that the latter could secure their personal information; the measure in question concerns particularly the data such as credit card numbers, passwords, etc., i.e., the information that needs to be restored with the help of the bank or the related service. Moreover, since some of the data such as phone numbers and addresses, when made public, may trigger an instance of robbery, it is crucial that the patients should be instructed on carrying out the corresponding measures to protect themselves.
When it comes to defining long-term goals, a consistent update of the guidelines regarding information security must be brought up as the first legitimate step towards preventing all sorts of cyber attacks and information leakage (Williams, Hausmann, Hardy & Schubert, 2013). The specified measure must be viewed as essential to the safety of the patients’ data, as the new staff members may be unaware of the company’s policies and, thus, lead to another instance of information leakage, which may have much more drastic consequences that the current one has had so far. Additionally, a change in the staff’s attitude towards their roles and responsibilities, as well as a change in their behavioral patterns based on a role model provided should be carried out. As a result of the above-mentioned steps, one will be capable of creating an environment, in which the very concept of breaking the company rules regarding information transfer will become impossible. For instance, the staff members will be able to identify the existing options in the process of decision making related to information acquisition and processing, choosing the one that complies with the organization’s current principles (Narula & Jindal, 2015).
In addition, the redesign of the leadership strategy should be considered as one of the long-term goals for the organization to strive for. A closer look at the problem will show that it would not have occurred once the proper ethical and behavioral guidelines should be provided to the staff. The lack of employees’ understanding of their roles and responsibilities was the key reason for the problem to occur; therefore, the staff will have to be guided towards a more responsible task management. The specified objective, though being quite time-consuming, is still possible once the proper leadership approach is adopted by the head of the company and the organization’s managers. The transformational strategy, which creates premises for reinventing the staff’s concept of corporate values, organizational behavior, and ethics, should be interpreted as the ultimate tool for increasing both responsibility and motivation among the company members: “One of the hallmarks of critical leadership is choosing change as opposed to choosing to change” (Santamaria, 2012, p. 20). Seeing that the specified leadership strategy presuppose that the company leader and managers should give the staff an example to comply with, the transformative leadership approach is a perfect choice for improving the process of data management in the organization. As a result, the basis for corporate social responsibility can be created (Nielsen & Thomsen, 2012).
While the company can hardly address the leakage of data itself, as the personal details of the patients have already been made public, the organization is still capable of preventing further negative outcomes from occurring. Once the patients’ personal data is altered and the current security system is updated in accordance with the above-mentioned considerations regarding the staff’s possible data disclosure, CVS will provide its patients with an enhanced security and, therefore, much more efficient services. It should be noted, though, that the specified steps will require not only significant financial resources but also consistent training of the staff so that the members of CVS could use the corresponding equipment in an adequate and efficient manner. Additionally, the problem regarding the information transfer in general and the company’s policies regarding data should be considered.
Reference
Narula, S. & Jindal, N. (2015). Social media, Indian youth and cyber terrorism awareness: A comparative analysis. Mass Communication & Journalism, 5(1), 2–5.
Nielsen, E. & Thomsen, C. (2012). Corporate social responsibility (CSR) management and marketing communication: research streams and themes. Hermes – Journal of Language and Communication in Business, 49(1), 49–64.
Santamaria, L. J. (2012). Transformative critical leadership in action: Re-visioning an equity agenda to address the community college achievement gap. Journal of Transformative Leadership and Policy Studies, 2(1), 15–24.
Williams, S. P., Hausmann, V., Hardy, C. A. & Schubert, P. (2013). Enterprise 2.0 research: Meeting the challenges of practice. Web.