There have been a lot of documented events wherein large scale multinational corporations have been successfully victimized by cyber security and information system attacks. It is surprising and frightening at the same time that even those corporations are being targeted despite the fact that they are the ones that are very much capable of setting up formidable information system defenses against malicious entities. In the case of Sony, one of the latest victims of cyber security breaches, their latest announcement suggests that they are investing $15 Million for a more formidable cyber security defense. Evidently, their previous budgets were not enough to ward off the most recent attacks . While those reports are valid, this creates the notion that only large scale multinational corporations are the ones being targeted by hackers and other malicious entities. The reality is that startup companies like Pea Pod are also being targeted. In fact, it makes much more sense for smaller companies like Pea Pod to be targeted because they have little to no resources and technical knowledge how to successfully screen al possible cyber security threats. This is so far one of the possible risks to the company’s security system. That is, compared to bigger companies, they have limited resources to successfully security threats.
Security Policy
Five of the most common threats for businesses that operate online such as Pea Pod are the following: Malicious Codes, The Use of Portable Devices, Spear Phishing, Unsecured Wireless Networks, and Insider Threats . By implementing a comprehensive security policy addressing these top five threats, Pea Pod and other small businesses can potentially ward off some 82% of the existing security threats. These can mean a lot of things for a company that does not have the firepower and resources to ward off the most complex and sophisticated used by attackers who target large scale multinational corporations.
Malicious Codes
Malicious codes can be easily detected by anti-virus and anti-malware programs. For commercial entities like Pea Pod, they can easily avail of a business or enterprise package from top-selling anti-virus software vendors like Kaspersky, Norton, and Symantec. It is important to note that the installation of such programs on all computers being used by the company should be mandated because even a single computer that is connected to the organization’s network that does not have the necessary protection against the malicious codes can compromise the security of all the other computers connected in the network. Apart from these programs, the installation and activation of firewalls would also be necessary.
Use of Portable Devices
Pea Pod relies heavily on the use of internet and other wireless technologies. In fact, its business model is dependent on these technologies so much that the company would cease to exist and make profits without them. Unfortunately, this can be a major drawback in that the devices being used by the company’s employees may also be a target for hackers. An employee’s personal computer may contain a master list of access codes for the company’s servers. This information can definitely be used by hackers to bypass the company’s information security systems. To address this, it is advisable to implement a policy wherein all employees would not be allowed to use their personal gadgets for all business-related operations and processes. This way, the company can ensure that all forms of information being handled by the company are stored in secure locations only.
Spear Phishing
Phishing is a form of spamming wherein the malicious entity creates a webpage that looks exactly like the original one; its real purpose, however, is to steal the username and passcodes that the individual enters in the site for later use—often for malicious purposes. This strategy can trick not only Pea Pod employees but also customers. This can then result in a widespread theft of information. One way to prevent this is to use secured web domains for all transactions that involve money in order to give the users the ability to distinguish a potentially fake Pea Pod-related website.
Unsecured Wireless Internet Networks
This can be prevented by making use of a secured wireless network and making sure that all computers and networking-capable devices are connected to such networks only. This means that the company should consolidate its networking processes so that there is only one or a handful of networks that the employees can connect to. This way, it would be easier to detect vulnerabilities in the system and later on address them.
Insider Threat
Employees can be a threat to the company’s cyber security as well. One effective policy to implement to minimize this risk would be to decentralize the control of operations and systems that are related to cyber security. This means that not one person should be given the sole authority or administrative power to manipulate or in some case, cause damage to the entire system.
Potential Ethical and Legal Issues
As a business entity, it is the legal and ethical responsibility of Pea Pod to make sure that all customer and business partner information are protected . When it comes to customer information, for example, it is the company’s responsibility that the credit card numbers of its customers are secured and protected from theft. Otherwise, the customers can file charges against it, especially in cases where damages as a result of security lapses by Pea Pod have occurred. The only way to effectively address these issues is to use the five-pronged information system security that was presented above as it creates a holistic approach in handling the five most common threats to companies like Pea Pod.
References
Messmer, E. (2014). 10 IT Security Risks that Small Businesses can't Afford to Ignore. Network World, Retrieved from http://www.networkworld.com/article/2358151/network-security/network-security-10-it-security-risks-that-small-businesses-can-t-afford-to-ignore.html.
Raywood, D. (2015). Is Sony's $15 Million Cyber Security Investment Enough for the Job. IT Pro Portal, http://www.itproportal.com/2015/02/18/sonys-15-million-cyber-security-invesment-enough-job/.
Teixeira, R. (2007). Top Five Small Business Internet Security Threats. Small Business Trends, Retrieved from http://smallbiztrends.com/2007/06/top-five-small-business-internet-security-threats.html.