Shalini Kesar and Simon Rogerson
“The advent of computer technology has brought many kinds of opportunities and some of these, not surprisingly, are of a criminal nature”. (Bainbridge 1993)
Various sources indicate that computer related misuse is increasing (for example, see Oz 1994, Forester and Morrison 1994). It has been argued that computer misuse can not only result in the destruction of main computer systems but also backup systems causing damages up to hundreds and thousands of dollars (Audit Commission 1994). The survey conducted by the UK Audit Commission in 1994 highlighted a number of trends in computer fraud and abuse that revealed an almost five-fold increase in reported virus infections; an almost eight-fold increase in the use of illicit software; and a four-fold increase in instances of unauthorised private work.
Illicit acts can result due to incompetence, ignorance, negligence in the use of IT or deliberate misappropriation by individuals. Further such acts can vary from simple acts to serious crimes. Irrespective of the nature of illicit acts, intentional acts such as fraud, virus infections, illicit software and sabotage have been dealt under the term ‘computer misuse’. However, in the literature the terms misuse and abuse have often been used inter-changeably. In this paper, computer misuse is defined as the occurrence of an intentional act, that is a deliberate misappropriation by which individual(s) intend to gain dishonest advantages through the use of the computer system(s). Misappropriation itself may be opportunist, pressured, or a single-minded calculated contrivance.
It has been argued by researchers and practitioners that reported cases of computer misuse only represents the ‘tip of the iceberg’. Therefore the complexity and invisibility of computer misuse which, along with other factors, that lead to many difficulties in measuring, detecting and prosecuting offences can not be underestimated. Consequently computer misuse is an issue of significant concern. This paper argues that in order to manage computer misuse, a greater understanding of its origins along with its effects is imperative. Further, it classifies various types of computer misuses and relates their increased incidence to the attitudes and social norms in play. Thus it argues that individual attitudes and social norms with respect to the illicit behaviour must be examined in context of with the personality factors, work situation, along with the opportunities that may exist within organisation.
In conducting the argument the paper takes the support of the theory of reasoned action as proposed by Fishbein and Ajzen (1975). The theory is used to interpret computer use and misuse issues in a large public sector organisation in India. The paper draws on the findings in the case study to identify some key ethical principles that organisations need to adopt in order to minimise misuse and abuse.