Cybercrimes are rising in every other moment due to lack of attention to the organizational state of security systems. Following the recent cyberbullying incident, the ABC, Inc was a victim of data loses, it has come to the attention of the company management that the possible loophole to data leakage is due to inadequate security system management, servicing among other factors.
audit is to be done security appliance system , and the possible cause of attack addressed, prioritizing the implementation of the new security system alongside updating other existing previous system features. The following are some of the recommendations for better data security in ABC, Inc. organization.
Recommendation for implementation of better data security for ABC, Inc. company.
According to the security measures put in place by Mr Ed young, the ABC, Inc data security safety measures need to be taken with absolute priority. The central data point is to be looked at before any other external data link. With these measures in place, the data server structure needs to be well defined to avoid loss of data due to the use of insecure server system.
SSH Keys.
Data server configuration is the key, and this should be done accordingly by addressing the initial security needs of the appropriate structure.
In regard to this, server security must be enhanced using SSH keys as an encryption protocol to secure all server communications and provide absolutely credible system access from the entire client computers within and outside the organization.
SSH secure shell is the current most reliable data protection measure; since it provides the ultimate Security for both client computers and severs administration. It gives a secure login protocol through the provision of both private and public key pair, solely for authentication purpose. The network administrator can keep the private key secret and offer the public key to the organizational users.
Full disk encryption.
The purpose of this kind of encryption is to protect the organizational user computer from access by unauthorized staff and any other outsider. This is done to all personal desk computers, and each staff should keep the password secret. All sales and marketing laptops should also be encrypted.
Full disk encryption is a complete form of computer encryption with all folders and volumes fully encrypted. To access a fully encrypted computer requires you to provide an encryption passcode or use the USB device to power on your computer.
Firewalls.
A firewall is a very useful piece of software that filters and decide on what service is exposed to the network. It operates by restricting access through to every port unless the publicly available ports. The number of services may be running by default through a typical server, and can be categorized into the following groups;
Internal service: this is a form of service that accepts only local connections or within the server itself, and cannot be accessed by an external service.
Private services: this is an example of the database control panel that is accessed by a certain selected group of client devices.
Public service: example of public service is a web server. It is accessed by everyone on the internet, including anonymous.
A firewall restricts access to the database according to the above categories. The internal services are completely restricted for access from the outside world; private service can be used by selected organizational computers while public services are open to anyone for access. It therefor ABC, Inc. Should work based on either private or internal services for reliable data security.
Regular system updates.
The ABC, Inc. network administrator Mr ED young reported that all computers used within the organization run from the outdated OS; this is another loophole used by hackers to conduct any fraudulent activities and damage to existing data.
Both server and client computer updates should all be maintained since this is the most powerful tool for organizational data security. The server partching is the most appropriate action to prevent compromises, and vulnerability reduced by regular updates.
System auditing service is the key, and must be assign as a priority. ABC,Inc. should ensure that the systems undergo automatic update to reduce the cost of maintaining server security.
Effects of cyber-attack to consumer confidence.
Company’s product identity is as a result of uniqueness in its production. The company production secrets and daily modes of operation are what it brings the company difference form any competitor. Whenever production or any other operation secret lands to the hands of a competitor, the company will lose its identity; and the competitor will use their trick to attack them in the market. This will bring a lot of effects on the side of the consumer since they will be manipulated by the competitors; and as a result, the company will lose their potential customers.
Moreover, the company needs to retain its secrets to protect the competitors from attacking their selling points. This is because when they get hold to ABC, Inc. inventory data, they may ruin the company’s reputation and flood their duplicate products in all the selling point while using the companies duplicate raw materials and production procedures in their production plants.
Information devises security policy.
Following the recent data breach case where fraudsters compromised the client system accounts, more data have been lost, and all company account is currently at risk. Our customers are not in a position to trust our company services as a result of a high risk of getting their confidential data exposed to cyberbullying.
However, ABC Inc. is now left vulnerable to fines, costly remedies such as credit report monitoring, consumer notifications and damage of company reputation. As a company, we hereby draft our company employee’s internal data security policy to govern any data field that may be vulnerable to cyber-attacks along with the data devices which are used outside the office; especially sales and marketing laptops. The policy contains the following:
Data security policy.
All the ABC Inc. company employees are required attend the security training scheduled to take place from tomorrow at the company boardroom; upon which everyone is required to sign and agree to uphold the use the policy use. The policies requirements are as follows;
- Every employee/official from ABC Inc. should identify any stranger or otherwise unauthorized individual in ABC Inc. should immediately notify the company security personnel.
- Visitors must be escorted to wherever destinations within ABC.inc company offices at all times. As a company employee responsible for escorting visitors, you must ensure that you restrict them appropriately.
- Every employee must keep sensitive company emails safe by ensuring that emails are not referenced to any external email addresses apart from using the company hosted email service.
- Employees must ensure that all working desk is clean after use, and any information in print must not be left unattended otherwise in case of waste papers, all must be shredded and disposed of appropriately.
- All the company employees should adhere to the ABC.inc company password policy. Every employee must have unique password credentials and must not be used in any other external services, and restrict any other employee from accessing the password.
- All employees should not be allowed to access the information in a different department apart from their own; neither do they be allowed to enter with no official permission from the head of the respective departments.
- Terminated employees are required to return all ABC, Inc. company records with personal information and their official accounts deleted from the server; with their user password changed from their office computers.
- An employee must notify respective authorities in case of any lost device containing scope data.
- All the laptops used by sales representatives from the field events should be secured with a personal password and protected from accessing any other unidentified wireless networks. Also, the ABC, Inc. technicians should ensure that no external wireless network should be connected to their office computers rather than the official ABC, Inc. Wi-Fi network. Network barriers should be installed to block any other external network form showing up within the organization compound. This is because a Wi-Fi network can be used by potential fraudsters to siphon data from the server system.
All employees are required to adhere to this new and acceptable policy. Acting contrary will be considered as a bridge of contract policy terms, and the organizational management will take immediate and respective actions against the act.
Conclusion.
The above strategies provide the ABC, Inc. company with an overview of the required strategies for improvement of the organizational security systems. It is better to note that the company data is crucial as it holds the organization in its stable and credible state. In order to control the use of data within and outside the organization, Security must be implemented before any other service, and this must never be an afterthought.