Introduction and Problem Statement
The research demonstrates that cyber vulnerability is one the most critical aspects on the today’s business agenda. While hostile takeovers, price dumping and other methods of unfair competition were widely prevalent in the business community, nowadays the key of corporate successfulness is information. Specifically, a popular academic opinion in this regard is that a company’s successfulness is mainly determined by its intangible assets, such as patents, customers, reputation, suppliers and business processes.
Therefore, in order to keep afloat and develop the business further, keeping such information protected becomes the task of supreme importance. Furthermore, in some cases the companies are legally obliged to keep the data confidential, especially when personal data of the company clients is in question (Chwan, 2013).
The purpose of this report is to provide a brief, yet comprehensive set of procedures, which should be followed by the company to ensure adequate data protection.
Description of the Procedures
Performing regular risk audits
The principle idea behind this process is to understand what type of information is stored by the organization, what methods of storing are employed, who can access it and what methods of protection are in use. This operation will be helpful in evaluating the current threat level, as well as it will answer whether any kind of immediate action is required.
Appointing someone to be in charge
The second important aspect in this regard is that someone should be always responsible for preserving data integrity. A person with substantial technological skills and human resources background should be appointed to monitor the daily operations, identifying vulnerable areas and developing corresponding risk assessment, prevention and mitigation solutions. Once a leak of information takes place, someone should be always held responsible.
Creating a security and safety plan
It is imperative to have a comprehensive, written security policy. On-going training will help the employees to understand what actions are expected of them in each particular case. It is important to ensure that this plan is understandable to those employees, who do not possess relevant technological skills.
Furthermore, the management of the company should always review and update this plan, because the number of threats and their natures tend to evolve over the time.
Utilizing all possible forms and methods of IT protection
In addition to the discussed monitoring measures, an organization should diagnose and implement all existing forms of effective IT protection, such as deployment of up-to-date anti-virus and anti-spyware, establishment of the reliable internet connection with firewalls and encryption of all types of incoming and outgoing communication. In addition to that, thorough password policies should be also developed and implemented across all divisions of the organization.
Using extensive mobile and other digital devices policies
The data shows that much of the today’s technological leaks occur through the mobile devices. Once logged to the corporate mail by his/her mobile device, an employee jeopardizes the entire organization. Thus, the employees should be comprehensively instructed to keep their personal devices protected, as well as never to use them for work-related purposes.
Implications for future research
This preliminary evaluation for mitigating the possible technological threats gives only a basic overview of the main IT-related threats. In order to develop effective policies, the management team has to develop comprehensive step-by-step guidelines for each of the discussed sections, providing specific insights to the employees on how to deal with a particular situation. Analyzing industrywide “best practices” will be an essential element of the future analysis.
Bibliography
Chwan. (2013). Introduction to computer networks and cybersecurity. Boca Raton: CRC Press/Taylor & Francis Group.
