In recent years, communication is frequently seen as the medium used to construct leadership relations rather than merely a tool for efficient management. In this regard, discursive leadership should be considered a communication-based approach that contributes to management’s changing role in organizations. According to Miller (2020), discursive leadership is a model highlighting “the constitutive role of communication” and interactions among the stakeholders of a company (p. 176).
Leadership processes and corresponding issues thus contribute to organizational change, which, in turn, augments the firm’s operational methods, structure, technologies, or strategies in response to internal or external factors. This paper aims to discuss the organizational communication process of Nike and suggest an alternative that would contribute to the solution of a specific issue, namely, improving the company’s information security.
Nike is one of the companies facing information insecurity of their data. While Nike is still active in many emerging markets, its growth potential is enormous. Nike has become an international company having a base in China, Brazil, and India (Kannan et al., 2017). Previously unknown website failures allowed anyone with specific code lines to read server data such as passwords, potentially giving the company easier access to Nike’s internal systems. The flaw was discovered by Corben Leo, an 18-year-old researcher, who notified Nike via a dedicated security reporting email address listed on the company’s bug bounty page (Nike, 2019).
Nike is a lot more than a sportswear store; in recent years, the company has pushed hard into the data collection market, incorporating sports and activity tracking into its products and developing wearables. Such an information loophole is an example of how important Nike should focus on offering its information security. The company should introduce a new department that will focus on quality assurance and testing to solve information security, and the implementation of discursive leadership principles can significantly benefit this process.
Approach to be Used
A system approach will be applied in introducing a new department that will be focused on coming up with the necessary solution to the insecurity of data in Nike premises. The department will be mandated to ensure the systems are monitored daily and a quality report is shared with the leadership. The quality assurance and the testing department will have two categories of employees; those working with pre-deployment checks and those for post-production monitoring. The new department will need to use a decision-making process that will focus on improving information security to ensure hackers will not be able to access the organizational database.
In a competitive market, strategic governance is a capacity-building process that enables a company to create value by ensuring each of the stakeholders feels secure sharing information with the company (Nike, 2019). Nike should research internal and external factors to maximize resource utilization for its intended goals of protecting its data. Discursive leadership affects organizational change and can therefore help the company move away from the current state of affairs to a more secure and reputable one.
Nike, through the new department, should take significant steps to better protect its product concepts and other proprietary information, despite at least two egregious security violations. According to Herold (2016), the implementation of the “Keep It Tight” employee education program to raise awareness about security threats, especially cybercrime, is a better idea to educate its employees on the importance of information security. The management should categorize information and find ways to store the information in different databases. A recovery database should also be implemented to ensure the data is always available in case the direct database is not functional.
When the material was stored on paper, it was easier for Nike to protect intellectual property, such as footwear and apparel drawings. A former employee claimed in the mid-1990s that the company was concerned about possible dumpster dives of drawings outside the Michael Jordan Building on the Nike campus, which housed designers (Campbell et al., 2019). The company’s vulnerability has grown, and data has been transferred to digital files. Nike should, therefore, ensure the data is protected by allocating individuals to monitor the activities in the database and front end of the website.
Identifying who must be present is the first step in ensuring information security. Senior managers make up the Executive Team, which develops the safety program’s mission and goals and security policies and risks. On the other side of the table are those in charge of daily safety activities. Nike’s quality assurance and testing department should develop proposals on how to protect the company and share them with relevant IT specialists for help on how to implement them. The team leader can assign one owner to each asset and classify them based on their importance and value in the event of an infringement after compiling the list.
The risk assessment must take into account threats and vulnerabilities. The security team should start by making a list of potential threats to the company’s assets and then rank each threat according to its likelihood and severity. According to Miller (2020), Nike IT management should consider the company’s vulnerabilities and classify and categorize them according to their potential impact. The categorization should focus on people, processes, and technology. The team should then examine the lists of vulnerabilities to see where information is most vulnerable.
Currently, the software development team is mandated to check the security processes and monitor the products both in the development phase and after deployment. The Nike website’s hacking was one of its downfalls and made it lose its customers’ trust. According to the company, the website was designed for wholesale users rather than regular users, but users were able to log in using their Nike.com username and password (Tang & Zhang, 2016). Because of the microservice architecture and server configuration, Nike claims that the bug never compromises user data. By using the on-page login form, one can be sure that credentials were processed while the vulnerability was active on the affected website. An attacker could have also used other nearby or accessible systems and services.
Clearly, the systems approach will be successful since the security at the company will be enhanced. The measure of success will be performed by conducting surveys to collect feedback among the employees and the management. This will provide feedback to evaluate if the approach is successful. With the advancement of technology, many firms invest in security measures to protect their information from vulnerabilities. Therefore, the strategy has prospered in various companies that have implemented it, for example, Amazon.
Implementing a Different Process
An alternative process that will make Nike more successful in the short time possible is outsourcing its information security activities. Outsourcing services will reduce the time of coming up with a new program that will ensure the security of the Nike premises’ assets. The management of Nike should be able to analyze the safety of its information and make decisions that will improve it in the future. Future priorities should be communicated to employees, and leaders should encourage them to consider them. Because of its strong global brand awareness, the company should assure clients the security of their information is shared with them. The development of an information security culture has been aided by cybersecurity training and awareness. Consistent training emphasis has resulted in the development of some beneficial habits. As a result, once a habit is formed, it becomes second nature, assisting in developing cyber security-conscious culture. Employees can rely on data interactions that must follow strict security protocols, which reduces the risk of errors.
References
Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2019). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431-448.
Herold, R. (2016). Managing an information security and privacy awareness and training program. CRC press.
Kannan, K., Rees, J., & Sridhar, S. (2017). Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1), 69-91.
Miller, K. (2020). Organizational Communication: Approaches and Processes. Seventh Edition.
Nike, H. J. G. (2019). Network & Information Security——Messages from Guest Editors for the Special Issue. China Communications, 04.
Tang, M., & Zhang, T. (2016). The impacts of organizational culture on information security culture: A case study. Information Technology and Management, 17(2), 179-186.