Cyber security – a keen eye to it

What is cyber security

Cyber security is the process of protecting devices in a computer network from disruption of service, theft or damage of parts of the computer system such as the software or hardware. This document deals with a security placn for an organization called Seek Hardware Ltd that is based on multiple locations with over five hundred employees. The organization is likely to face data breaches, malware attacks, data losses, phishing and hacking security issues. Some of the counter measures to solve this security issues include employees’ training, installation and regular update of antiviruses and software applications, carrying out regular backups and using firewalls. Employees can also obtain and apply knowledge and skills though training that should be carried out by employers. Training will help make the employees be aware of security issues and counter measures. Security policies should also be employed in the organization which every staff should follow in order to maintain the security of the organization at high levels.

Introduction

According to Maglaras Janicke, Ferrag, & Cruz (2018), cyber security, which is also referred to as computer security is the protection of computers in a network from misdirection and disruption of services, damage or theft of computer data, hardware or software. Computers, servers, mobile devices and electronic systems are protected from malicious attacks that may originate from internal or external sources. The devices in the computer network are kept free of any security threats and this ensures that each device within the network operates normally. Cyber security has five main types which are: critical infrastructure, network security, application security, internet of things security and cloud security. Cyber security is very beneficial to both organizations and individuals in terms of protecting user’s and organization critical data from unauthorized modifications, deletion or access. Cyber security is also important in ensuring data availability though limiting access to only authorized personnel and maintaining data integrity. The main objective of this paper is to come up with a security plan for Seek Hardware Ltd which is a medium organization that sells IT hardware parts. The organization is based on multiple locations and communication is through logical point to point connections with each location having 550 staffs.

Security plan

Seek Hardware Ltd is based on multiple locations with each location having more than five hundred employees. The organization is likely to face a lot of cyber-attacks based on its size and communication channels used. Managing all the employees in each location is the major challenge as not all of them are likely to adhere to the rules and regulations of the organization. This calls for a development of a security plan and policies that should guide the operation of the organization. Seek Hardware Ltd organization is likely to face a number of cybersecurity risks, threats and attacks from external and internal sources. A cybersecurity risk is any risk that is associated with disruption, damage or loss in terms of data or financial means due to a failure, error or unauthorized access of the computer system (Radanliev .Roure, Nurse, Nicolescu, Huth, Cannady & Montalvo, 2019). Seek Hardware Ltd is likely to face cyber risks which include data breaches which is as a result of data access from external sources due to poor security measures, malware attack that result from not using malware scanning applications such as antiviruses, loss of data due to lack of backups, hacking and single factor passwords. Seek Hardware Ltd is also likely to face cyber security threats that include malware which are malicious software application including viruses, worms and spyware. These applications alter the normal functioning of the system. The other cyber threats include phishing which can be done by an external entity pretending to be an employee of the organization and through this, data will be stolen and used for malicious gains. The company is also likely to face man-in-the-middle attack during a transaction or communication between two users of the system. The other cyberattacks that Seek Hardware Ltd is likely to face are denial of service attack, DNS tunneling and zero day exploit.

Security counter measures

For Seek Hardware Ltd to maintain its normal operations and protect its data from external unauthorized personnel, various security counter measures need to be taken. According to Call, Hidayat, Peacock & Yang (2017), security counter measures are techniques, procedures or actions that aid in the reduction, prevention or minimization of the harm that threat or vulnerability is likely to cause and report it for the corrective action to be taken. Seek Hardware Ltd faces a number of cyber security risk and attacks that needs respective counter measure to handle these issues. Some of the countermeasure include training employees on the importance of cyber security in the organization, installing and regularly updating antimalware, antiviruses and antispyware software application on each computer to prevent malware attacks from external sources, implement the use of firewalls which will guard the internal computer network against unauthorized external access, regularly downloading and updating the operating system and application so as to be updated on the current policies and security measures of each application and operating system, making regular backups and storing them on secure locations to prevent data loses in case of a system failure, securing organization Wi-Fi and wired networks and hiding them to prevent external forces from breaking into the network, regularly changing password which will help prevent other users from using another person’s account, introducing data access measures to regulate which data will be accessed by each employee and requiring each employee to enter their username and passwords in order to access the system. This counter measures will make sure that the system is secure throughout its operation and data integrity, confidentiality and availability is maintained. Communication between users of the system should also be encrypted to prevent tapping of sensitive information of the way. Other advanced security measures that Seek Hardware Ltd should employ include avoiding reckless clicking on links that may lead to phishing websites, using two-factor authentication which will provide two layers of security to prevent hacker from breaking into user’s systems, keeping track of each staff’s digital footprints to prevent the occurrence of data breaches and other security issues and being aware of social engineering and employing methods to avoid them. These security measures will ensure that Seek Hardware Ltd organization will maintain its normal operations and be able to identify and avoid any security breaches.

Training

Training is the process by which a particular skill is developed to a certain desired standard through instruction and practices from a supervisor and is constitutes the basic concept of development of human resource (Hanaysha, 2016). Efficiency, correctness and consent is achieved by employees through training whereby the skills and knowledge for doing a particular job is acquired and advanced.

Training can also be defined as an organized procedure through which people acquire skills and knowledge concerning a definite purpose. The primary purpose of carrying out training is helping members of the organization apply skills, knowledge, attitude and abilities they acquire for a particular job in the organization. Seek Hardware Ltd should carry out training on its employees be first educating them on the importance of cyber security on the system, ways of ensuring cyber security on the system and action to take in case a cyber-attack, threat or risk is detected. This will help the organization maintain maximum information security and be able to carry out its normal operations without any issues. Seek Hardware Ltd need to carry out training on its employees on business environment whereby each employee should be introduces to the business environment of the organization, organization complexity which deals with making the employees understand on the structure of the organization and its operations, human relations which deals on how the employees are supposed to relate and behave to each other in professional ways and each employee’s job specification and requirements. Training is important to Seek Hardware Ltd as it will help coordinate good relationship between employees and the management and this will increase the competency of employees. Training will also make each staff of the organization be aware of their duties and this will make them accountable and responsible. Kang & Na (2020) states that there are different types of employees that should be given to employees of an organization depending on their job type, time of employment, level of complexity of the job and level of awareness of the organization and they include induction, refresher, vestibule, promotion and on job training. In training all its staff, Seek House Ltd should come up with a training program that will be productive and successful. Appropriate training for the employees will be advantageous to both the company and the staff in making the employees become more productive. Seek Hardware Ltd should follow a number of steps in training its employees and this steps include; firstly assessing the organization training needs and development needs, defining the training objectives which, for Seek Hardware Ltd is mitigating cyber security risks and threats. Thirdly, Seek Hardware Ltd should design a training program which will define on the when each member of the organization is likely to be trained as this will ensure that all members get adequate training. After developing training plans, Seek Hardware Ltd should implement the training program and assess their effectiveness. The whole training program should introduce the staff to security issues of the organization, counter measures against these security issues and ways to handle these issues in case they occur.

Security Policy

A security policy defines what is termed as a secure organization, system or other entity and it addresses the behavior and constraints of members of the organization and measure that are taken to secure the system (Knjazihhin, Dotan, Say, Martherus & Vasant, (2017). A security policy of an organization is a written document that outlines measures of protecting an organization from security threats and ways to handle the threat in case it occurs. The company assets are identifies in the security policy and potential security threats for each asset determined. The main asset of most organizations as well as for Seek hardware Ltd is its data which includes employee’s data, employer’s data and organization data. Data can be protected from external and unauthorized personnel by employing a number of security measures, these include using firewalls and virtual private networks within the organization. Employee’s and employer’s data can be protected from access by foreign entities by setting up identity measures such as the use of passwords, unique identification ids and biometric data such as fingerprint and iris data. Other assets of the organization include the IT hardware parts that the organization sells and in order to secure those, the organization should ensure physical security which entails using secure warehouses to protect them from theft and damage and this will ensure that the organization continues to carry out its business as usual.

In Conclusion

According to the recent research, cyber security risks, threats and attacks have costed many organizations billions of dollars and some organizations have not been able to recover from these losses. It is important to put strong security measure in place in order to safeguard an organization from these threats and attacks so as to maintain the normal operation of an organization. Handling all cyber security threats is important to a system as it helps a business reduce the risks of falling into becoming a victim of sabotage and data security as well as harmful spywares and malwares (Chernysheva, Shepelenko, Gashenko, Orobinskaya & Zima (2017). For Seek Hardware to maintain its security at higher standards, several security measures should be taken as this will help maintain its data integrity, availability and confidentiality. Employment training is also an important activity to carry out as this will prevent security issues that may arise within the organization due to lack of knowledge on security risks. Physical security is also important as this will help safeguard the physical assets of the organization which are the IT parts that the organization deals with and other physical parts of the computer system.