The idea of hijacking an encounter (intention) belongs to the cyberbully; he plays a direct role in this action (causality). The hijacker pursues his own goals and does not take into account ethical norms and the feelings of others, and further consequences. At the same time, he cannot foresee the reactions of meeting participants and possible outcomes. To summarize, the cyberbully is morally responsible for Zoombombing but not ethically accountable for different responses and emotions.
Intentionally sneaking into an online meeting without reason and invitation is a violation. It can be expressed in several ways: it can concern both breach of the law (posting prohibited content, identity theft) and violation of personal boundaries and causing psychological trauma. The latter action may entail the need to pay compensation, which will be sought through the courts. Therefore, the cyberbully is legally responsible for the incident.
The meeting intruder can act as an individual, pursuing his personal goals or on behalf of the company, carrying out appropriate orders from management. In the second case, the concept of accountability can be considered. Accountability is broader than responsibility and extends to a group of individuals. Accountability is high in this case if the cyberbully was performing a task on behalf of a company whose purpose is to illegally infiltrate online meetings. Accordingly, the cyberbully’s accountability is high if the cyberbully completes the necessary assignments.
The IT professional must take appropriate measures to investigate or stop cyberbullying to avoid moral and legal liability and low accountability. The responsibility of webmasters is to ensure the well-being of web users and to eliminate cyber-bullies. The company should have clear boundaries and actual goals that are expected to be achieved due to information security management. There is a standard set of protections that any company that cares about its information security should use. Such a set includes anti-virus software, firewalls, attack detection/prevention systems, access control systems, vulnerability scanners, and more. Another critical point is staff training: one can apply any security measures, but if employees are not aware of the importance of ensuring it, the company is doomed to cyberattacks. Accordingly, the IT professional must learn the theoretical part and put it into practice in the future. All actions that are taken to stop cyberattacks should be discussed with management to increase efficiency and accountability.
