MIS2101 Section 702 – Amy Lavin – Spring 2014

7 – Preparing for a cyber attack

With the numerous amount of data used to support company specifically in an enterprise wide information system. The integration of applications is incredibly conducive to congregating your information. Data can be share seamlessly across department to department but this also leaves you open for attack. This article discusses what a company should do to prepare and what preventative actions to take. http://deloitte.wsj.com/cio/2014/03/03/former-fbi-agent-mary-galligan-on-preparing-for-a-cyber-attack/?KEYWORDS=enterprise+wide+information+system

Taking from the following article

1. How should small businesses deal with cyber attacks what advice would you give them if every mobile device is essentially a vulnerability?

2. To prevent an accidental breach through a negligent employee should their be policies in place about what you can do with your laptop? If so what would they consist of and if not why do you believe their shouldn’t be any policies?

3.  In most cases cyber security breaches are identified by a third party, why do you think this is the case?

 

10 Responses to 7 – Preparing for a cyber attack

  • Small business will have to deal with cyber attacks just as larger companies do. Businesses have to have a plan in place and tested regularly as a further security measure. A response plan should also be in place to quickly bring business back in order. Basically, businesses large or small have to be proactive with their security procedures because of the vulnerability.

    If security breaches are costing businesses money due to the negligence of an employee computer, I say they should have policies for employees to following to reduce or nullify accidental breaches.

    I am not sure why cyber security breaches are identified by a third party.

  • Small companies will have to assess and overcome cyber attacks just as large companies would. However I believe that small companies should have a different focus on their security breaches than large companies like Target. In Target’s case, the hackers can go after millions of customer’s sensitive information where as that would most likely not be the case for the small business. They should both have plans in place, but should focus resources in different areas.

    Since work laptops are property of the company and not the employee, there absolutely should be protocols in place to stop breaches. This can be through different security software or just not allowing employees to remove the laptop from the workplace.

    Third parties may be the ones to find cyber breaches because the in-house IT workers have a false sense of security in believing their systems work properly, where as, an outside source would be skeptical and pay closer attention for breaches.

  • 1. How should small businesses deal with cyber attacks what advice would you give them if every mobile device is essentially a vulnerability?

    Personally, I would ensure that all employees computers are up to date with recent software to prevent attacks. However, if one were to occur I would isolate the compromised material immediately and try to resolve the issue. If it were to be confidential information I would go through the means necessary to ensure proper procedure to limit loss.

    2. To prevent an accidental breach through a negligent employee should their be policies in place about what you can do with your laptop? If so what would they consist of and if not why do you believe their shouldn’t be any policies?

    I believe if given a company laptop that laptop should only have access to company networks and internal emails. Whether negligent or not limiting network exposure will limit the individuals ability to attempt any breach. Also I would limit means of data transferability I would not allow any copying via USB or Disc to be allowed under security settings in hopes of deterring such a threat.

    3. In most cases cyber security breaches are identified by a third party, why do you think this is the case?

    I believe if you build something you have a great pride in it also you don’t have another perspective of it because its your design. This can go hand in hand with IT workers. You take all this time to establish servers and firewalls and build these labyrinth of a network to avoid attacks. But you miss out on the simplest of things when building this complex design. This is why I believe outside consultants play a major role in aiding with such breaches.

  • 1. How should small businesses deal with cyber attacks what advice would you give them if every mobile device is essentially a vulnerability?
    I think that a small business has less to worry about reguarding cyber attacks. First of all small companies would not be the first ones targeted since they usually have smaller amount of clients and information. I think I would suggest that all devices be monitored and any small change should be notified to appropriate parties. Just like large company they need to have a plan in place.

    2. To prevent an accidental breach through a negligent employee should their be policies in place about what you can do with your laptop? If so what would they consist of and if not why do you believe their shouldn’t be any policies?
    Yes there should be policies. Although many employees are giving various technology and equipment through their job it is key to remember that they do not own it. In my office there is a list of blocked websites that employees are not to access. This is for the safety of the computers, if a virus is contracted then it would be the employees fault if they had gone to a restricted site.

    3. In most cases cyber security breaches are identified by a third party, why do you think this is the case?
    I believe this is the case because usually a company is so involved in what they are doing they might not pick up a slight change in the system at first. The third party company is there to double check and review the system from an outside perspective. It is like when you hire a specialist.

  • I think that in general it is something that small businesses have to deal with, but not on the same scale that the large companies do. They won’t have as much information to protect, which should mean that it is easier to protect. They probably wouldn’t be the initial target of a cyber attack as their is not a wealth of data to steal like huge companies data.
    I think it is rare that an employee would cause a breach and shouldn’t really be that big of a focus. It could happen, but in reality it will come from these outside hackers that are looking to obtain tons of information. I don’t think companies any extra policies than they have to protect themselves from employees causing a breach accidentally. If they are properly trained it shouldn’t be an issues. It is easier for third parties to detect failures in systems as they have a different and fresh approach to a system than the every day employees.

  • This is a good article on protecting yourself and things that you should be thinking about. I thought it was interesting to hear about what the government is doing to protect…

  • For business, the system must be up to date for strong security to anti virus ,or spam mail incoming or suspicious links.
    Employees must follow restrictions to use work computer or, link personal lab top or computer to work system.
    Ms. Levin remind me the case of Obama Care system was got hack. The solution is still floating and unclear out there.

  • small businesses are subject to the same risk that large businesses do when it comes to cyber attack. Only thing is the large companies have more to lose and a bigger image to protect Eg. Target. Small businesses should becareful what information they send out via Phones, computers, etc to reduce the potential cyber security breaches

    Maybe not everone should be able to or allowed to do anything or any transaction on any laptop they want. Maybe the company could set out 3 heavily secured particular computers for activities that could potentially fuel a security breach. this way, the number of devices dealing with secure information is limited

  • I think small businesses with less than 30 employees should not have to worry about cell phones being attacked. If a small business is trying to protect itself from a cyber attack it should not give all of its access to its employees. Only the employees who need access should be granted. This way it may be easier to pinpoint the attack if is an internal attack.

    If the laptop is company property its should be used for company property, but that would be impossible to control. I am sure it is common for other users to use a work lab top without consent from its true owner. To protect from any kind of breach their should be some kind of voice control or finger print access to navigate the laptops private work related information.

    Hard question. Maybe third parties have seen a various amount of ways a cyber attack can happen rather then the in-house employees.

  • 1. How should small businesses deal with cyber attacks what advice would you give them if every mobile device is essentially a vulnerability?
    With small businesses they would deal with it right away without any hesitance. They must contact people and make sure everyone is aware in a quick and efficient manner.
    2. To prevent an accidental breach through a negligent employee should their be policies in place about what you can do with your laptop? If so what would they consist of and if not why do you believe their shouldn’t be any policies?
    Yes there absolutely should be. Laptops should be used for business purposes and if employees are abusing their laptops and it should be breaching a policy if they go too far with their web searches. The policies should consist of monitoring the number of times someone has used their laptop for something other than work and if it gets to a certain number of occasions, then they should get a written warning and a meeting with their boss.
    3. In most cases cyber security breaches are identified by a third party, why do you think this is the case?
    Outside consultants do not have a favored view when looking at devices. People who create their own things have a harder time admitting that they were at fault, and an outside perspective isn’t shaped by that.

Leave a Reply to Michelle Hatooka Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 14 other subscribers