Assume that you have been asked to consult for a company that has branch offices in four continents. You have implemented a management information system that will enable its managers to exchange information about various company activities in the areas of marketing, sales, HR, finance, and administration. As part of the implementation process, you are required to make a recommendation on the types of security measures that should be taken with implementation of this system.
What are some of the potential security threats to managing information related to these activities across multiple locations?
What strategies or tools could be used to minimize these types of threats upon implementing a system in this situation?
Potential Security Threats to Managing information
Here is a summary of the top five threats:
#1: Malicious Code. A northeast manufacturing firm software bomb destroyed all the company programs and code generators. Subsequently the company lost millions of dollars, was dislodged from its position in the industry and eventually had to lay off 80 workers. To make sure this doesn't happen to you, install and use anti-virus programs, anti-spyware programs, and firewalls on all computers in your business. Moreover, ensure that all computer software is up-to-date and contains the most recent patches (i.e., operating system, anti-virus, anti-spyware, anti-adware, firewall and office automation software).
#2: Stolen/Lost Laptop or Mobile Device. Last year, a Department of Veterans Affairs' employee's laptop was stolen from his home. The laptop contained 26.5 million veterans' medical history. In the end, the laptop was recovered and the data was not used; however, the VA had to notify 26.5 million veterans of the incident, resulting in Congressional hearings and public scrutiny. To make sure this does not happen to you, protect your customers' data when transporting it anywhere on a portable device by encrypting all data that resides in it. Encryption programs encode data or make it unreadable to outsiders, until you enter a password or encryption key.
#3: Spear Phishing. A medium-size bicycle manufacturer relied heavily on email to conduct business. In the normal course of a business day, the company received as many as 50,000 spam and phishing emails. In one case, an employee received a "spear phishing" email that looked like it came from the IT Department, and asked the employee to confirm the "administrator password." Luckily for the company, when the employee asked the line manager for the "administrator password" he investigated further and realized the email was a scam. To make sure this does not happen to you, instruct all employees to contact their manager, or simply pick up the phone and contact the person who sent the email directly. It's important to make your employees aware of what a spear phishing attack is and to be on the look out for anything in their in-box that looks suspicious.
#4: Unsecured Wireless Internet Networks. According to news reports, hackers pulled off the "biggest data breach ever" through a wireless network. A global retail chain had over 47 million customers' financial information stolen by hackers who cracked through a wireless network that was secured by the lowest form of encryption available to the company. Currently, this security breach has cost the company $17 million, and in particular $12 million in one quarter alone, or 3 cents per share. To make sure this doesn't happen to you, hen setting up a wireless network, make sure the default password is changed and make sure you encrypt your wireless network with WPA (Wi-Fi Protected Access).
#5: Insider/Disgruntled Employee Threat. A former employee for a company handling flight operations for major automotive companies, deleted critical employment information two weeks after he resigned from his position. The incident caused around $34,000 in damages. To make sure this does not happen to you, divide critical functions and responsibilities among employees within the organization, limiting the possibility that one individual could commit sabotage or fraud without the help of other employees within the organization.
Strategies or tools could be used to minimize these types of threats
1. Malicious Code (Spyware/Viruses/Trojan Horse/Worms)
According to a 2006 FBI Computer Crime Study, malicious software programs comprised the largest number of cyber attacks reported, which resulted in an average loss of $69,125 per incident. Malicious software are computer programs secretly installed on your business's computer and can either cause internal damage to a computer network like deleting critical files, or can be used to steal passwords or unlock security software in place so a hacker can steal customer or employee information. Most of the time, these types of programs are used by ...
This solution is concerned with how a company implements a management information system that will enable its managers to exchange information about various company activities in the areas of marketing, sales, HR, finance, and administration and enable its system to be protected from potential security threats by implementing security measures, tools, and strategies.