Documente Academic
Documente Profesional
Documente Cultură
Security
For Internal Corporate Setting
0
ENGL 3080 - Business Writing
Kyle Maidens • Kelsey Tucker • Jay Scroggins
November 15, 2017
Table of Contents
Introduction 1
Defining Cyber Security 3
The Importance of Addressing Cyber Security 6
Reputation 7
Operational 8
Financial Repercussions 8
Solutions 8
Prevention 9
Policy Change and Implementation 10
Employee Training 10
Security Software 11
Mantraps 11
Encryption Key Management 11
Host Intrusion Detection System (HIDS) 11
Conclusion 12
1
Introduction
Cybersecurity is a high priority for businesses and corporations that use digital
infiltration into company systems. Therefore, it is vastly important for businesses and
attack.
dismantled company of lost finances and clients. Cyber-attacks can greatly affect a
business’s future and how the world views the company. According to Business Insider 1,
numerous attacks have occurred this year including a massive cyber-attack on Ukraine
in June. Not only did the attack affect airports, banks, and government offices of
Ukraine, surrounding countries such as Russia, France, Germany, and Norway were
also affected1. If attacks can affect entire countries, businesses and corporations are at
a larger and more vulnerable risk of being attacked if they are not equipped with the
To equip businesses and corporations with the right tools to prevent cyber-attacks, our
team has outlined what cyber security and cyber security breaches are along with
2
multiple cyber security methods and how breaches can happen. For digital security, we
offer suggestions for company policies, employee training, and software to install for
Cyber security is a broad spectrum of methods that can be used as protective measures
for a company’s digital content. The Digital Guardian2 defines cyber security as
networks, devices, data, and programs from attack, damage, or unauthorized access.
Cyber security’s foundational job is to protect data on a digital device for an individual, a
group of individuals, or a large company. Along with the mentioned technologies such
as protective software used for security measures, practices of cyber security include
policies whether personal policy for using your own device or company policies for their
employees.
For a company’s internal measures for cyber security, a large portion of basic security
measures are employee policies. Implementing employee policies regarding safe cyber
activity within the company can save a business from a multitude of attacks. Policies
range from how employees use company computers and devices for personal use,
information across networks. Although policies for each company may be different, the
purpose of the policies is to protect the business they are associated with along with the
business’s customers. Policies can and should be tailored for each company so the
3
For internal security regarding software, there are many types of software a company
can purchase depending on what content is needs to be protected. Tech Target 3 says
that the most common software companies invest in is application software which is
For companies that deal with sensitive information that can be of monetary value
(information that can be stolen and sold), information security is the proper
strategies that maintain the chosen methods that are used by the company to prevent
cyber attacks3. The basic function of infosec is to ensure that sensitive information stays
with the authorized parties and there is no unauthorized access. Infosec programs are
typically run by an outside party hired by a company3. Their scope of protection resides
commonly at risk for hacking to be personal health records, personal information, trade
156,736,615 files of data breaches have been recorded for 2017; however, only 422
4
have been made public. Cyber hacks and breaches do not receive much media
coverage so many business owners and corporate executives are not educated enough
Not only do breaches happen often, they can happen in many forms and by many
methods according to Roger Grimes from CSO5. Below are the three most popular
Users are tricked into installing programs of websites that they deem trustworthy
and have visited often. Instead of normal website coding, malware interferes with
the website.
Users receive emails appearing legitimate. After opening the email, a rogue link
● Outdated Software
techniques.
Aside from the technicalities of cyber-attacks, breaches can also occur from the
38% of cyber breaches occur from lack of adequate employee training. We conducted a
5
company devices and company protection software. In Figure 1 from the survey, 53.3%
said either that their employer does not use protective software or they were unsure. In
Figure 2, almost 50% of surveyors said that their employer does not have policies on
No
24%
Figure 1 Figure 2
educated and educate others on digital infrastructure within their company. If employees
are inadequately trained or misinformed of a company’s digital system and policies, the
a company’s reputation in society, cause monetary loss, and sometimes destroy beyond
repair.
6
For example, ItNews11 reported the travel agency Flight Centre confirmed a data breach
in July caused by human error. In May 2017, DataBreaches.net12 reported a breach that
occurred in New York at Kaleida Health when patient information was leaked through a
phishing scam on an employee’s email account. An unauthorized third party was able to
infiltrate Kaleida’s record system to obtain patient information. These breaches along
with many others that have occurred this year explain the importance to prepare for
potential cyber-attacks. Simple phishing and email scams have impacted these
businesses. If clients feel unsafe with a business, said business will lose clients which
Reputation
Reported by The Guardian, one of the largest cyber-attacks of 2017 was the attack on
Deloitte, one of the largest accounting firms in the world 13. Six of Deloitte’s largest
clients were impacted from the email server breach. It was reported that an
information. It was also noted the password entry was only a one-step entry, not a two-
their clients, they claimed this breach as an embarrassment, especially regarding their
own field of work. Though Deloitte is a large company that is not easily dismembered,
this blow to reputation impacts not only their company, but their clients. Consumers do
not want to be associated with a business who cannot protect themselves. Deloitte’s
email breach shed a negative light on them as if they were not capable of protecting
7
Operational
down production for three days14. Since Integrity Cabinets is a smaller business, they
were not aware of ransomware attacks. Even though 80% of their infrastructure exist
digitally, this was new territory for them. This ransomware attack included demands of
money estimated at $9,000. Though this sum does not seem large, it still put a dent into
their money and profits from shutting down production for three days.
Financial Repercussions
With both Deloitte’s email server breach and Integrity Cabinets ransomware attack,
financial repercussions were evident. Deloitte’s client list had the risk of being
diminished from a weakened public opinion. Deloitte’s breach spread a lack of trust of
them across their consumers which could push for clients to leave their business. For
Integrity Cabins, the halt of production dipped into their profits. Not only did it shut down
production for three days, their order placement system was also compromised. The
ransomware encrypted files so employees did not have access to them in order to work
within company programs. The surface level of financial repercussions for Integrity
Cabinets was the ransom demand of $9,000. This money dipped into their budget. They
could have used this money for repairs for their machinery or new machinery. The
amount of the demand allows the company to pay without breaking even but still losing
Solutions
There are many solutions to cyber security ranging from policy implementation to
software installment. Solutions are simple steps and methods that can save a company
8
from a devastating blow to company reputation and even monetary loss. Below, we
Prevention Policies
Prevention measures are simple steps employers can implement into their employee
policies. According to the 2015 Cost of Data Breach study by the Ponemon Institute
Employee training and review of policies annually can reduce the risk of cyber-attacks.
everyone stays up-to-date on cyber protection. The following are steps from Homeland
ways for hackers to gain access to you or your company’s personal information.
calls that claim to be from retailers or collection agents that need your
information. These people are often actors and should not be trusted. If possible,
get the caller’s name and a callback number just in case they get a hold of any
information.
Changing your password makes it more difficult for a hacker to access personal
information. Avoid using common words and include other characters such as
9
● Keep Your Software Up to Date
Software updates are usually free and only take a few minutes to download.
important.
Another way for hackers to access you or your company’s personal information is
to trick you into going onto a malicious website. They often make the site’s URL
go unnoticed by many people when they click on a link. This is why website URLs
Education
like, then attacks are more likely to happen from employees carelessly
emails from an unknown source. A quiz on cyber security is also a good way to
learn about an employee’s knowledge on the subject and how much they need to
be taught. From these simulated exercises, employers can evaluate what topics
of cyber security
10
Security Software
There are multiple forms of cyber security software. Below are explanations and
website3.
Mantraps
Mantraps are a form of physical cyber security that require codes or key cards for
access to a room that harbors sensitive information. Optional mantraps can require
other forms of verification such as biometric verification using biological reference such
as one’s hand, fingerprint, or eye scanning. Although some mantraps can be expensive,
verification process.
An encryption key is a complex algorithm that secures data from being accessed by
unauthorized users. Amazon offers users to create and manage their own encryption
keys. Management of these is important because of how complex they can be. There
should be a small group of individuals within a company that manage the encryption
keys.
HIDS included programs such as firewalls, anti-virus software, and spyware detection
programs.
● Firewall: This program is used to control incoming and outgoing network traffic
11
more holes of infiltration, a firewall program will protect against several of holes
● Anti-virus Software: This software not only protects against computer viruses, it
malware attacks.
settings to monitor employees’ browser history. However, spyware can also harm
Conclusion
Cybersecurity is one of the most pressing threats to companies. With the multitude of
ways that the digital space can be breached, it is imperative that companies are
informed and prepared. These attacks can be crippling to companies and customers. As
responsibility to change and evolve with the threat. Companies should take the
necessary steps to prevent and combat these threats and ensure a safe digital space for
company and customers. Our team is prepared to help companies make these
transitions so that they are better prepared for an attack in the future.
12
Reference Page
1. Harrington, Rebecca. “Here Are the Companies and Government Agencies Affected by the
Cyberattack Sweeping the Globe.” Business Insider, Business Insider, 27 June 2017. Web.
companies-government-agencies-affected-2017-6
2. Lord, Nate. “What Is Cyber Security?” Digital Guardian, Digital Guardian, 27 July 2017. Web.
http://searchsecurity.techtarget.com/definition/data-breach
5. Grimes, Roger A. “The 5 Types of Cyber Attack You're Most Likely to Face.” CSO Online,
https://www.csoonline.com/article/2616316/data-protection/security-the-5-cyber-attacks-you-
re-most-likely-to-face.html
6. “Big Data Analytics in Cyber Defense.” Ponemon Institute LLC. Teradata. February 2013.
https://www.ponemon.org/local/upload/file/Big_Data_Analytics_in_Cyber_Defense_V12.pdf
7. “Protect Myself from Cyber Attacks.” Department of Homeland Security, Homeland Security,
attacks
8. “Reduce Cyber Security Risks with Employee Training.” Reduce Cyber Security Risks with
risks-employee-training
13
9. “Security.” IBM, IMB, Web. November 13, 2017. www.ibm.com/security/data-breach.
10. “Data Breaches.” Privacy Rights Clearinghouse | Data Breaches, Privacy Rights
11. Coyne, Allie. “OAIC Investigating Flight Centre Customer Data Leak.” ITnews, Nextmedia, 21
centre-customer-data-leak-471346.
12. Dissent. “NY: Kaleida Health Notifies 2,789 Patients about Phishing
www.databreaches.net/ny-kaleida-health-notifies-2789-patients-about-phishing-incident/.
13. Hopkins, Nick. “Deloitte Hit by Cyber-Attack Revealing Clients' Secret Emails.” The
Guardian, Guardian News and Media, 25 Sept. 2017. Web. November 17, 2017.
www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-
secret-emails.
14