With the increase in technological advancement in most if not all the companies across the globe, it has come in handy with numerous risks that these companies faces as I have illustrated in this paper.
Security Threats Facing Organizations and their Control Measures
Mobile devices such as tablets, laptops and smartphones are some of the personal materials that are commonly used by employees in most organizations. These devices pose a major threat to organizations as they are connected to job network (Wi-Fi) while at the same time are used to access sensitive job related information such as customer financial details. Hackers can therefore gain access to the institutional data through these gadgets because in most cases they aren’t as protected as required to keep away the hackers from accessing such sensitive information especially when they are connected to public Wi-Fi.
Use of simple and obvious passwords
Most of the internet users such as employees in various organizations are not aware that the use of simple passwords is a major threat to their operations as this puts them vulnerable to hackers who may gain access to their systems and perform their needs.
Ransomware and malware
These have in the past posed a very serious threat to many organizations and even caused “Denial of Service” DoS. For example, in 2017, there was an outbreak of WannaCry Ransomware that proved to be so strong that it even had the ability to shut down some of the systems across the globe.
Users of a higher privilege in an organization such as system admins, general managers have become the target point of most hackers today as they have higher access rights as compared to their junior colleagues. This in essence gives the hackers an opportunity to access their systems with much easy and sometimes they don’t even realize.
Controls to be considered
To curb the above mentioned security threats plus many others that exists, there are a number of actions that organizations need to take into consideration including but not limited to:
Conducting proper training to system users/internet users who happen to be the employees on the best practices that they need to understand with regards to internet usage. Employees must be made to understand the need for data security. They must also be informed about some of the sites and links that they are not supposed to visit or click as some of these are the avenues used by hackers to gain access to sensitive company data.
The rule of “Strong Password” usage must be communicated to the employees from the word go. Work devices such as computers, laptops, Access points must be encrypted with highly protected passwords that cannot be guessed by hackers for access of the organizational systems and databases. These passwords must also be constantly changed at least quarterly per year for security purposes.
Organizational devices like computers must only be accessed by authorized users only for the purposes of accountability at any given time.
Sensitive information/data that has been used must be done away with in an appropriate manner to avoid landing into the wrong hands.
These are just some of the security control measures. There exist several other vital measures that if applied accordingly would ensure data security in totality.
(2017) Outbreak WCry/WannaCry Ransomware | www.cert.be. https://www.cert.be/docs/outbreak-wcrywannacry-ransomware.html
For example, in 2017, there was an outbreak of Wannacry Ransomware that proved to be so strong that it even had the ability to shut down some of the systems across the globe.
ISO/IEC ISO/IEC 27001 Information security management. http://www.iso.org/cms/render/live/en/sites/isoorg/home/standards/popular-standards/isoiec-27001-information-securit.html
Company passwords must be constantly changed at least quarterly per year for security purposes.