Connect with us

Latest News

How to lead a digital transformation — ethically

Published

on

The fact that COVID-19 accelerated the need for digital transformation across virtually all sectors is old news. What companies are doing to propel success under the circumstances has been under the spotlight. However, how they do it has managed to find a place in the shadows.

Simply put, the explosive increase in innovation and adoption of digital solutions shouldn’t be allowed to take place at the expense of ethical considerations.

This is about morals — but it’s also about the bottom line. Stakeholders, both internal and external, are increasingly intolerant of companies that blur (or ignore) ethical lines. These realities add up to a need for leaders to embrace an all-new learning curve: How to engage in digital transformation that includes ethics by design.

Simply put, the explosive increase in innovation and adoption of digital solutions shouldn’t be allowed to take place at the expense of ethical considerations.

Ethics as an afterthought is asking for problems

It’s easy to rail against the evils of the executive lifestyle or golden parachuting, but more often than not, a pattern of ethics violations arises from companywide culture, not leadership alone. Ideally, employees act ethically because it aligns with their personal values. However, at a minimum, they should understand the risk that an ethical breach represents to the organization.

In my experience, those conversations are not being held. Call it poor communication or lack of vision, but most companies rarely model potential ethical risks — at least not openly. If those discussions take place, they’re typically between members of upper management, behind closed doors.

Why don’t ethical concerns get more of a “town hall” treatment? The answer may come down to an unwillingness to let go of traditional thinking about business hierarchies. It could also be related to the strong (and ironically, toxic) cultural message that positivity rules. Case in point: I’ve listened to leaders say they want to create a culture of disruptive thinking — only to promptly tell an employee who speaks up that they “lack a growth mindset.”

What’s the answer, then? There are three solutions I’ve found to be effective:

  1. Making ethics a core value of the organization.
  2. Embracing transparency.
  3. Proactively developing strategies to contend with ethical challenges and violations.

These simple solutions are a great starting point to solve ethics issues regarding digital transformation and beyond. They cause leaders to look into the heart of the company and make decisions that will impact the organization for years to come.

Interpersonal dynamics are a concern in the digital transformation arena

Making digital shifts is, by nature, a technical operation. It requires personnel with advanced and varied expertise in areas such as AI and data operations. Leaders in the digital transformation space are expected to possess enough cross-domain competency to tackle tough problems.

That’s a big ask — bringing a host of technically minded people together can easily lead to a culture of expertise arrogance that leaves people who don’t know the lingo intimidated and reluctant to ask questions.

Digital transformation isn’t simply about infrastructure or tools. It is, at its heart, about change management, and a multifunctional approach is needed to ensure a healthy transition. The biggest mistake companies can make is assuming that only technical experts should be at the table. The silos that are built as a result inevitably turn into echo chambers — the last place you want to hold a conversation about ethics.

In the rush to go digital, regardless of how technical the problem, the solution will still be a fundamentally human-centric one.

Ethical digital transformation needs a starting point

Not all ethical imperatives related to digital transformation are as debatable as the suggestion that it should be people-first; some are much more black and white, like the fact that you have to start somewhere to get anywhere.

Luckily, “somewhere” doesn’t have to be from scratch. Government, risk and compliance (GRC) standards can be used to create a highly structured framework that’s mostly closed to interpretation and provides a solid foundation for building out and adopting digital solutions.

The utility of GRC models applies equally to startup multinationals and offers more than just a playbook; thoughtful application of GRC standards can also help with leadership evaluation, progress reports and risk analysis. Think of it like using bowling bumpers — they won’t guarantee you roll a strike, but they’ll definitely keep the ball out of the gutter.

Of course, a given company might not know how to create a GRC-based framework (just like most of us would be at a loss if tasked with building a set of bowling bumpers). This is why many turn to providers like IBM OpenPages, COBIT and ITIL for prefab foundations. These “starter kits” all share a single goal: Identify policies and controls that are relevant to your industry or organization and draw lines from those to pivotal compliance points.

Although getting started with the GRC process is typically cloud-based and at least partially automated, it requires organizationwide input and transparency. It can’t be effectively run by specific departments, or in a strictly top-down fashion. In fact, the single most important thing to understand about implementing GRC standards is that it will almost certainly fail unless both an organization’s leadership and broader culture fully support the direction in which it points.

An ethics-first mindset protects employees and the bottom line

Today’s leaders — executives, entrepreneurs, influencers and more — can’t be solely concerned with “winning” the digital race. Arguably, transformation is more of a marathon than a sprint, but either way, technique matters. In pursuing the end goal of competitive advantage, the how and why matter just as much as the what.

This is true for all arms of an organization. Internal stakeholders such as owners and employees risk their careers and reputations by tolerating a peripheral approach to ethics. External stakeholders like customers, investors and suppliers have just as much to lose. Their mutual understanding of this fact is what’s behind the collective, cross-industry push for transparency.

We’ve all seen the massive blowback against individuals and brands in the public eye who allow ethical lapses on their watch. It’s impossible to fully eliminate the risk of experiencing something similar, but it is a risk that can be managed. The danger is in letting the “tech blinders” of digital transformation interfere with your view of the big picture.

Companies that want to mitigate that risk and rise to the challenges of the digital era in a truly ethical way need to start by simply having conversations about what ethics, transparency and inclusivity mean — both in and around the organization. They need to follow up those conversations with action where necessary, and with open-mindedness across the board.

It’s smart to be worried about innovation lag in a time when enterprise is moving and shifting faster than ever, but there is time to make all the proper ethical considerations. Failing to do so will only derail you down the line.

Latest News

Echelon exposed riders’ account data, thanks to a leaky API

Published

on

Image Credits: Echelon (stock image)

Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information.

Fitness technology company Echelon, like Peloton, offers a range of workout hardware — bikes, rowers, and a treadmill — as a cheaper alternative for members to exercise at home. Its app also lets members join virtual classes without the need for workout equipment.

But Jan Masters, a security researcher at Pen Test Partners, found that Echelon’s API allowed him to access the account data — including name, city, age, sex, phone number, weight, birthday, and workout statistics and history — of any other member in a live or pre-recorded class. The API also disclosed some information about members’ workout equipment, such as its serial number.

Masters, if you recall, found a similar bug with Peloton’s API, which let him make unauthenticated requests and pull private user account data directly from Peloton’s servers without the server ever checking to make sure he (or anyone else) was allowed to request it.

Echelon’s API allows its members’ devices and apps to talk with Echelon’s servers over the internet. The API was supposed to check if the member’s device was authorized to pull user data by checking for an authorization token. But Masters said the token wasn’t needed to request data.

Masters also found another bug that allowed members to pull data on any other member because of weak access controls on the API. Masters said this bug made it easy to enumerate user account IDs and scrape account data from Echelon’s servers. Facebook, LinkedIn, Peloton and Clubhouse have all fallen victim to scraping attacks that abuse access to APIs to pull in data about users on their platforms.

Ken Munro, founder of Pen Test Partners, disclosed the vulnerabilities to Echelon on January 20 in a Twitter direct message, since the company doesn’t have a public-facing vulnerability disclosure process (which it says is now “under review”). But the researchers did not hear back during the 90 days after the report was submitted, the standard amount of time security researchers give companies to fix flaws before their details are made public.

TechCrunch asked Echelon for comment, and was told that the security flaws identified by Masters — which he wrote up in a blog post — were fixed in January.

“We hired an outside service to perform a penetration test of systems and identify vulnerabilities. We have taken appropriate actions to correct these, most of which were implemented by January 21, 2021. However, Echelon’s position is that the User ID is not PII [personally identifiable information,” said Chris Martin, Echelon’s chief information security officer, in an email.

Echelon did not name the outside security company but said while the company said it keeps detailed logs, it did not say if it had found any evidence of malicious exploitation.

But Munro disputed the company’s claim of when it fixed the vulnerabilities, and provided TechCrunch with evidence that one of the vulnerabilities was not fixed until at least mid-April, and another vulnerability could still be exploited as recently as this week.

When asked for clarity, Echelon did not address the discrepancies. “[The security flaws] have been remediated,” Martin reiterated.

Echelon also confirmed it fixed a bug that allowed users under the age of 13 to sign up. Many companies block access to children under the age of 13 to avoid complying with the Children’s Online Privacy Protection Act, or COPPA, a U.S. law that puts strict rules on what data companies can collect on children. TechCrunch was able to create an Echelon account this week with an age less than 13, despite the page saying: “Minimum age of use is 13 years old.”

Continue Reading

Latest News

Casualties Mount As Violence Intensifies Between Hamas, Israel

Published

on

Israel has called up more troops and launched its heaviest assault yet along the Gaza border. Seven people in Israel have been killed. Losses are much higher on the Palestinian side.

Continue Reading

Latest News

Palestinian Perspective: What The Conflict With Israel Looks Like From Gaza

Published

on

NPR’s Steve Inskeep talks to Omar Shaban, founder of a Gaza-based think tank, and Palestinian lawyer Diana Buttu, about how this cycle of Palestinian-Israeli violence plays out in their neighborhoods.

Continue Reading

Trending

Copyright © 2020 Latin America Business News

en_USEnglish