Part 1
Security departments are not properly educating employees on common threats. Although they are training employees, the level of knowledge is inadequate. Threats occur when employees do not know, willingly ignore or fails to follow the set protocols. Most malicious attacks such as Pishing emails target employees and exploit the individual’s interests or family. Employees are not adequately trained on the various appeals of phishing emails. Employees also pose the risk through lost or stolen BYOD which contains company data. They need to be educated on the threats of the BYOD and it may be necessary to include them in the policy-making process. Employees need to be equipped to avoid unintended disclosure and hacking malware which primarily affects them. To avoid carelessness and increase awareness on potential dangers its critical to educate employees on all possible threats and ways to avoid them.
Part 2
Person to Person (P2P) sharing networks such as bit torrent are a breeding ground for Trojan proliferation. P2P networks are used by cybercriminals to transport malware on the Web. Cyber threats such as spyware, computer worms, viruses, rogue anti-virus software, adware, and backdoors are often transported through P2P (Kumar, 2012). One of the ways to mitigate the risk is by putting in place strict guidelines regarding employee use of P2P sharing networks within the work premises. The company can also conduct extensive training on their staff through courses such as computer forensics, making them aware of the risks of P2P sharing. In addition, it would reduce the risk if individuals could increase the levels of security of their computers by installing better security programs. Companies should ensure that their security systems offer some level of protection against such threats.
Reference
Kumar, P., Naini, S., Sai, K., Ramesh, M. & Kishor, K. (2012). Preventive Measures for Malware In P2P Networks. International Journal of Engineering Research and Application (IJERA). 2(1): 391-400.