IT Security Risks survey and the results were quite startling. In a conservative estimate, “The average damage suffered by large companies from a single serious incident was $649,000. For small and medium-sized companies, the average damage was $50,000” (“Global corporate it,” 2013). These damages can be the result of fines, lawsuits, as well as lost revenue from customers, who no longer have faith in the security of the company. It takes many years for a business, such as TIBIA, to build a reputation, but it can all be lost in a matter of seconds.
Because of this, the following security concerns need to be agonized, with a plan in place for prevention. External threats External threats are those that occur from people not involved with TIBIA. These could be competitors or random hackers or thieves. These types Of threats can occur at the software and hardware level. External Software Threats and Solutions. At the software level, the types of crimes include viruses, spam emails, pushing emails, data snifters, denial of service (DOD) and other cyber-attacks.
To protect against these threats, the first thing needed is a strong firewall needs to be in place on all of the servers to help build a defense against irises being sent to the server or any workstations. Complementing the firewall should be a type of intrusion detection software that will, “Monitors system and network resources and notifies network security personnel when it senses a possible intrusion” (Stair & Reynolds). For the workstations and other devices, a strong anti-virus program needs to be installed and continually updated.
For messages going to and from the TIBIA servers, encryption software is necessary to prevent data snifters from picking up any of the information packets being transferred, which may contain private many information or clues on how to breach the server. Most importantly all, TIBIA users should be educated on the possible threats available and how to avoid them. For example, pushing emails tend to pose fraudulently as an established bank or merchant, in order to fool users into accessing a mock site, made to look like that business.
Once the user enters their information, the cyber criminals now have a means of committing identity theft. Alternatively clicking on one of those email links may cause mallard or spare to attach itself to the workstation or server, infecting other workstations connected to it. While a firewall or antivirus software might protect from these attacks, some emails may slip through to an employee. In this case, the best defense is the knowledge to not access a bank or merchant site through an email link and instead access those sites directly from a web browser.
External Hardware Threats and Solutions. An external hardware attack can include break-in theft, or destruction of property by outsiders. Protection against these types of attacks involves implementing locks, an alarm system, as well as hiring a security company to physically monitor each of the TIBIA offices. Internal Threats and Solutions Internal threats are those that can occur from TIBIA employees or those associated with the company. The most common of these types of threats is the accidental or internal leak of data.
To protect against such threats, all TIBIA system users should have individual surname and password access with access privileges based on what department they are working in and what relevant data they should have access to. A security policy should be In place that informs all TIBIA employees of the responsibility of keeping data secure by not sharing files or their login credentials. Unfortunately, there may be issues of disgruntled employees that may look to do harm to TIBIA. Because of this type of threats, it is important for the company to monitor TIBIA employee activity online and in messages for alert about potential situations.
In addition, a security dashboard should be setup for the TIBIA system. A security dashboard provides a “Comprehensive display on a single computer screen of all the vital data related to an organization’s security defenses, including threats, exposures, policy compliance, and incident alerts” (Stair & Reynolds). Mobile Device Misuse and Solution In today’s tech saws world, phones, tablets and other devices can be used for sharing files and sending messages through a variety of means. The misuse of mobile devices, “particularly mobile phones, were among the most dangerous threats – both external and internal” (“Global corporate it,” 2013).
The best method for combating this type of threat is to have a security policy in place and have all TIBIA employees educated and aware that sending company information through such devices to non-TIBIA personnel is strictly prohibited and that there are disciplinary actions for violation of this policy. Ethical Issues Some of the solutions mentioned to these threats bring up ethical issues. With ethical issues, there is a general sense of what is right and wrong that may not have any ties to what is legal.
There could be a situation where something is ethically wrong, but may still be perfectly legal to do. IT professionals are especially offered many opportunities for unethical behavior. However this issue “Can be reduced by top-level managers who develop, discuss and enforce a code of ethics” (Stair & Reynolds, 2012). Regarding Table’s employees, listed are the ethical issues and recommendations for handling them. Monitoring Company Emails Communication is important in any business and emails provide a means for TIBIA staff to communicate and send information and files with relative ease.
However there may be instances of employees using emails for personal purposes or to commit unauthorized file sharing. The ethical question is “Should you read the private e-mail of your network users just because you can? Is it K to read employees’ e-mail as a security measure to ensure that sensitive company information isn’t being disclosed? Is it K to read employees’ e-mail to ensure that company rules (for instance, against arsenal use of the e-mail system) aren’t being violated? ” (Shinier, 2005). To protect the security of TIBIA, emails can and should be monitored.
This is something perfectly legal. Ethically, all employees and new hires should receive a written statement, to be signed, that acknowledges that TIBIA reserves the right to do this if they feel a reason to do so. Work emails are owned by TIBIA and personal email use should be restricted during actual work hours. Personal emails can be done on employees’ personal devices and should be reserved to work breaks. In addition, a security policy should be outlined that deals with the ramifications for private company data being shared by email to non-TIBIA affiliated people.
Monitoring Company Web Use As mentioned in the previous report, computer waste costs TIBIA money and leads to a loss in productivity. This is committed when TIBIA employees are surfing the internet for personal use, instead of working. The ethical question in this situation is, “Is it K to monitor the Web sites visited by your network users? Should you routinely keep logs of visited sites? Is it negligent to not monitor such Internet usage, to prevent the possibility of pornography in the oracle that could create a hostile work environment (Shinier, 2005).
As with the issue of company emails, TIBIA has the right to monitor the use of its servers. Employees should be made aware and sign off on the fact the company reserves the right to monitor what sites are being visited internally, especially if there is reason to believe that employee productivity is down because of computer waste. Another alternative is the use of filtering software to “prevent visiting non-work related websites, especially gambling or porn” (Stair & Reynolds). Performing Background Checks For hiring new employees, the processing of performing a criminal aground check is nothing new.
However, recently certain companies have incorporated credit check in addition to the standard criminal background this. This is being done because of the, “desire of organizations to protect themselves in the wake Of the numerous corporate scandals Of the past few years but also because technology has enabled this data to be gathered, processed, and accessed quickly and inexpensively/’ (Reeling, 2006). Doing something like this can be considered a violation of employee privacy. The answer to this question isn’t so clear cut. Obviously given Table’s business del, credit checks are not necessary for potential employees.