Assignment
Your boss mentions that recently a number of employees have received calls from individuals who didn't identify themselves and asked a lot of questions about the company and its computer infrastructure.
At first, he thought this was just a computer vendor who was trying to sell your company some new product, but no vendor has approached the company. He also says several strange e-mails requesting personal information have been sent to employees, and quite a few people have been seen searching your company's trash dumpsters for recyclable containers.
Your boss asks what you think about all of these strange incidents. Respond and be sure to provide a recommendation on what should be done about the various incidents
Respond 250 words?
Discusssion 1
Scammers often pretend to be a person you know, or a company with which you are dealing, or a government official or a charity. There are a few things that are to be considered to prevent such scams and be careful about it.
1) It is necessary to create awareness among the employees about the strange events that are taking place and tell them how to be careful by not falling a prey to the scammers.
2) When someone unidentified is calling up and asking lot many questions about the company and its infrastructure or any kind of personal information, the employees shouldn't reveal any of it to them as it may cause a major loss to the company.
3) It is better to hang up the call or not to respond to such calls. Be cautious when you have to attend calls from unknown numbers.
4) When it comes to emails, think before you click the links if any are present in the email because it might draw in adverse effects. There might be any virus that may affect your computer. It lets the spammer know that you actually exist when you try to open such links.
When such things are repeatedly happening, it is advisable to discuss the issue with the fellow employees or the higher officials.
Be careful with Phishing attacks. They seem to be legitimate websites which can trick the users to reveal their personal information. Legitimate websites will never ask you to enter information on the pop-up screens. Do not download any unknown files from these websites.
It is better to report such activities to the Federal Trade Commission.
Reply: 200 words
Discussion 2
Corporate companies are becoming vulnerable to the cyber attacks day by day due to lack of proper security. Securing IP addresses, company confidential information, and Employee information is most important to not fall as a victim to cyber attacks.
To keep in a big picture it's more important to secure data within the company, because the important data is disclosed to all employees rather than the key players is the main reason for data breaches.
To overcome breaches and attacks:
• Companies should have a privacy policy updated where the only key employees can access the data and for the employee owned devices which cause more threats should have an audit trail created. So with this we can know the information of log in and person who accessed the device at some particular time.
• Company should educate their own employees about the data breaches and precautions to secure the information for which they have access. All employees should be well informed about data sharing, data security and their online behaviors.
They should have a proper knowledge of what is going on in their devices and if there is a suspicious activity spotted it should be immediately reported to a network security or support team.
• Most importantly IT department should be proactive to take steps before hand like information encryption, sensitive data with encrypted keys, controlling access to the employees and all the information should last with company.
Recently forensic experts have been investigating about Yahoo data breach caused in late February this year.500 million accounts were hacked using forged cookies which allow accessing accounts without entering passwords. The hacked data contain date of births, answers to security questions and all email addresses.
This breach is caused due to using or taking those forged cookies by the user account which is a third-party breach. Having known this information about malicious attacks proper precautions and efficient steps to be taken and recommended which I mentioned above.
Reference:
Based on one of my subjects in my undergraduate and my own insights
Reply 200 words: