Data Breaches and KM Lifecycle
Data breaches and hacks have been one major issue faced by organisations worldwide. Hundreds and thousands of data breaches and hacks in the past and many in the most recent years reveal this has been a complex issue to solve (Informationisbeautiful.net 2021).
Figure 1: Biggest Data Breaches & Hacks of the World
(Source: Informationisbeautiful.net 2021)
The above shows that the last three years have marked many data leaks and hacks cases. These are all big companies in their domain of business and respective industries.
For this study, Air India has been chosen as the case study to establish a relevant discussion. The company has informed its travellers of a data breach. About 4,500,000 records of passengers containing their name, date of birth and much more have been leaked. The data breach has occurred at the passenger service system of SITA. Air India partnered with SITA to upgrade its IT infrastructure, including a departure control system, automated boarding control, and an online booking engine (The Indian Express 2021).
This study aims at discussing core components of the KM (knowledge management) lifecycle followed by developing a KM plan for Air India.
The lifecycle of KM means taking precautions proactively to ensure knowledge is facilitated effectively at levels of an organisation while also safeguarding data flow from malicious attacks. Besides, this is about reactively implementing actions to address a data leak crisis to recover from losses and provide enhanced safety to customer data. Research says there are essential components of the KM lifecycle. These core elements are:
There could be two types of people in a KM program on a broader aspect, like senior leaders and cross-functional stakeholders. Senior leaders provide insight into the plan and the wider organisational strategy. The cross-functional stakeholders are involved in implementing a KM plan (APQC.org 2021). Studies have found that some KM plans fail to identify the key contributors, guardians, and consumers of knowledge (Saulais and Ermine 2020). It can be stated that cross-functional stakeholders of a KM plan can be both supportive or act as barriers under different circumstances.
Similarly, if the senior leaders do not approve a KM plan, it cannot go live even if it potentially addresses a major problem of the company. According to some researchers, receiving approvals for a plan can be a time-consuming process due to the bureaucratic culture in organisations. Because of this and more other reasons, some countries, like the United States of America (USA), are trying to move away from bureaucracy to provide a better workplace culture to employees. More countries, like India, have paid minimum attention to workplace culture (Rana 2018).
The process means creating a plan to facilitate and manage knowledge by identifying what is critical for businesses and individuals to do well, collecting data from inside and outside of the organisation, and reviewing the process within a given timeframe (APQC.org 2021). If there is no process, probably there will be no implementation. Air India collaborated with SITA to ensure its IT infrastructure was upgraded, but perhaps the company lacked in basic activities required at its operational level to safeguard the data. After the incident, they took the initiative and showed they were concerned. However, what they did later to address the incident could have been done before to discourage such an issue from happening.
Components of a KM Plan
Effective KM has a workflow that involves creating and examining content, taxonomies to organise content, and enabling tools to connect people to the content devised. Many organisations go for content management to uncover innovations (APQC.org 2021). Abubakar et al. (2019) studied that the knowledge management plan cannot meet its objectives without a workflow and relevant tools and technologies for implementation. For instance, websites are a good source for abundant information and can be used in a company to benefit from a vast knowledge situated externally. But this could also be a gateway to malicious actors doing harmful things to the company. It is important to have safeguards, like blocking offensive websites and training employees on which website to only visit (Cheng, Liu and Yao 2017).
A KM plan should have a strategy for execution that includes the value that the KM proposes, the tools, approaches and skills required to deploy it, a budget to set the program into action, and the KM’s anticipated impact to measure return on investment (ROI) (APQC.org 2021). The number of security breaks bred exponentially, especially during COVID-19. The recent high-profile attacks, like the Colonial Pipeline, reveal that even the most difficult infrastructures are threatened by data breaches (Bloomberg.com 2021) as no company is resistant to falling prey to data breach attacks, whether companies like Air India are doing enough to safeguard customer data.
A KM plan has three main components (Hislop, Bosua and Helms 2018):
This defines the kind of knowledge that the project is seeking to achieve. Besides, it contains the assigned actions to ensure the knowledge is accessed. It is primarily important to know how to facilitate knowledge in organisations. Knowledge in an organisational context can be divided into implicit and explicit. Explicit can be captured, coded and secured to a dedicated place, but implicit is into the brains of professionals, and management must have something to utilise those. This is in line with the ‘Theory of Organisational Knowledge Creation’ that knowledge formation has two distinct dimensions – implicit and explicit. This knowledge can be secure if some attention is paid to the role and commitment of individuals, aspects of their intention, the effects of changing climate both within and outside an organisation, and the role of autonomy (Nonaka 1994).
It defines the system in which the management of knowledge will be done. It spans across the role and accountabilities of employees, the technologies to use, and the process to follow to execute all activities. Individuals, be it employees or IT professionals, must know whether or not they are a part of one team engaged in knowledge management to collaborate to do the needful. In this regard, ‘Social Identity Theory’ sayings are significantly important. The theory mentions that individuals perceive that they belong to a group or are standalone members. If they realise that they are members of one team engaged in protecting knowledge created, they would know what they can do best for the team (Straub et al. 2002).
The implementation plan can include numerous activities, like providing training to employees, forming a community to speed up the implementation, recruiting new people if organisations’ expertise level is insufficient, and installing technology on desktops to protect the data. There is a need to transform chaos into a sensible process to establish the required senses. As the ‘Theory of Sense Making’ describes, disordered things need to be transformed into ordered ones, such as a systematic workflow if a change is most certainly needed (Dalkir 2013).
About theories and three components of a KM discussed above, it can be argued that people, process, strategy, and technology are all important in a KM plan. Therefore, for Air India to avoid data breaches in the future, they must understand the barriers to knowledge management. There is a need to address some of the potential individual barriers, like (Riege 2005):
- Shortage of time for individuals to engage in the sharing of data,
- Lack of integration between KM’s strategy of a company and its strategic goals and objectives, and
- Non-existence of technology to implement technological solutions to discourage data leak cases.
Ensuring these things are all available won’t help alone, as previous studies have found traces of failure in managing knowledge even if companies went for massive spending on knowledge-management systems, personal computing and others (Davenport 2011).
As the analysis suggests, the following can be developed as a Knowledge Management (KM) plan for Air India:
|
A Knowledge Register |
A KM Protocol |
An implementation plan |
|
Data encryption |
Data to be kept encrypted |
Call a meeting to decide on the issues that are to be solved |
|
HSMs accessibility |
Data encryption to continue while the exchange of communication between clients, Air India human resources and applications |
Form a policy to manage the data breach cases |
|
Key management activities |
Third-party data processors shouldn’t be granted access to HSMs |
Plan budget for policy implementation |
|
The encryption key and third-party data processor |
Management has to monitor the implementation |
Wait till the budget gets approved |
|
Third parties and readable data |
Air India human resources to key management only |
Go for data encryption in its databases, while it is shared between client, Air India Personnel and applications |
|
Multifactor authentication of clients |
Encryption keys must not be shared with the third-party data processor. Instead, it is to be stored in a vaulted data centre of Air India |
Communicate the policies and changes to employees by getting the HR manager into a scene |
|
The readable data shouldn’t be accessible for third parties |
Provide training to employees |
|
|
Multifactor authentication of clients is to limit the access to authorised users only, like passengers |
Table 1: A KM Plan for Air India
(Source: The author’s construct)
Conclusion
Air India perhaps didn’t take measures to protect data from the analysis when forming a partnership with SITA. Indeed, there is necessary to design a KM plan to better deal with data breach issues. In this regard, the components of a KM plan, as in Table 1, can be useful for the management of Air India.
References
Abubakar, A.M., Elrehail, H., Alatailat, M.A. and Elçi, A., 2019. Knowledge management, decision-making style and organisational performance. Journal of Innovation & Knowledge, 4(2), pp.104-114.
APQC.org, 2021. What are the Best Four Components of Knowledge Management?. [online] APQC. Available at: <https://www.apqc.org/blog/what-are-best-four-components-knowledge-management> [Accessed 13 December 2021].
Bloomberg.com, 2021. Bloomberg – Are you a robot?. [online] Bloomberg.com. Available at: <https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password> [Accessed 13 December 2021].
Cheng, L., Liu, F. and Yao, D., 2017. Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), p.e1211.
Dalkir, K., 2013. Knowledge management in theory and practice. Routledge.
Davenport, T.H., 2011. Rethinking knowledge work: A strategic approach. McKinsey Quarterly, 1(11), pp.88-99.
Hislop, D., Bosua, R. and Helms, R., 2018. Knowledge management in organisations: A critical introduction. Oxford university press.
Informationisbeautiful.net, 2021. World’s Biggest Data Breaches & Hacks — Information is Beautiful. [online] Information is Beautiful. Available at: <https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/> [Accessed 13 December 2021].
Nonaka, I., 1994. A dynamic theory of organisational knowledge creation. Organisation science, 5(1), pp.14-37.
Rana, M., 2018. Cultural Variations in Organisations of India and United States: A Comparative Study. International Journal of Arts and Commerce, 7(1).
Riege, A., 2005. Three?dozen knowledge?sharing barriers managers must consider. Journal of knowledge management.
Saulais, P. and Ermine, J.L., 2020. Knowledge Management in Innovative Companies 2: Understanding and Deploying a KM Plan Within a Learning Organization. John Wiley & Sons.
Straub, D., Loch, K., Evaristo, R., Karahanna, E. and Srite, M., 2002. Toward a theory-based measurement of culture. Journal of Global Information Management (JGIM), 10(1), pp.13-23.
The Indian Express, 2021. Explained: What is the Air India data breach that has hit its customers?. [online] The Indian Express. Available at: <https://indianexpress.com/article/explained/air-india-sita-data-breach-explained-7325501/> [Accessed 13 December 2021].
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
