MBA BLOG
ETHICAL ISSUES RE PRIVILEGED USERS
Privileged users essentially have high level access to company resources and they much understand the organization’s structure. These users are usually system administrators but may also include any head of departments or managers who are given all the accessibility to an organization’s data, security controls and resources. In an IT environment, privilege users are those who are being given the authority towards the computer system or network. They have the authority to override or bypass certain security restraints as well as permissions to perform activities such as shutting down systems, loading device drivers, install and uninstall applications, configuring networks or systems, provisioning and configuring accounts. They also have control over the user’s workstation for troubleshooting issues. Given so many privileges, abusing it is something that is the most dangerous cyber threats that can happen to the organization. Privileged users constitute a significant risk to the organization’s security. However, to maintain efficient workflows and business functions it is necessary for privileged users to have to have such access and information.
In my line of work as an IT personnel, no doubt that I have the accessibility to staff data that it’s related to their user ID as we are the one who sets it inside our system. We are also the one who manage the Clinical Information System where we have the access to all patient’s data including their results, medical history and so on. Any system related to staff usage, we are the one who is giving the accessibility according to their job scope. We have to manage all IT-related matter for our hospital from A to Z. By having all that privileges, we will help to smoothen the hospital‘s operation 24/7. But sometimes never that we realize that many of our tasks involve ethical issues.
For example, the fastest way in troubleshooting issues reported by a user is by doing remote access to their workstation. Remote to their workstation given a meaning that we will see whatever user is doing, be it personal or work-related. Sometimes the user didn’t realize that we are able to see everything on their workstation. To them, when we remote, we only can see the issues reported by them. We try to ignore when seeing things that are not related to work and advise them accordingly if it can affect our system. Of course, before doing any remote to their workstation we will ask permission and explain what we are going to do in solving the issues.
All in all, we as IT personnel cannot avoid dealing with ethical issues in most of our tasks. But where do we stand? Although many ethical issues that IT and security professionals confront may have not been set it into law, nor is there a standard mandatory oversight body for them, as head of IT Services I always advise all my staff that we have to go back to the basic of ethical values. As a human being, we are guided by our religion and also laws of nature, seeing someone else personal thing, or violating our privilege it’s a no-no. We are supposed to be the gatekeeper for any threats to the hospital’s system, not the one who abuse it for our gain.