Essay: Computer Security For Internet Banking And Commerce." (70 Characters)

Describe the Computer Security for Internet Banking and Commerce.

Cyber Security Issues Identified in JL Company

Cyber security has become a growing concern especially with beginner companies being the target of cyber security attackers (Ning, Liu & Yang 2013). Cyber security is so important in business that Indeed it is now viewed as a business issue. Security management in any business becomes doubly difficult especially for companies involved in transacting in the online market. The internet poses important security issues that would require business organizations to make critical precautionary measures to secure themselves against cyber security issues. Small and midsize businesses (SMBs) are often targeted by cyber security attackers, and a recent study shows that almost half of the beginner companies that have undergone cyber-attack opt out of business within a period of six months (Ericsson, 2010) .

In the given case study, there are a number of security breaches that need to be fixed for JL Company to be safe against cyber security attacks. There are a number of cyber security issues that JL Company is vulnerable to, due to a number of cyber security issues that this report is going to address. Hence, this report is going to address the challenges cyber security challenges that JL Company is currently facing, and considering the fact that the company is shifting to online marketing, this report will suggest solutions that will enable the company to fulfill its current and future client requests.

1. Phishing

Phishing is a type of cyber security attack whereby the attackers take advantage of the ignorance of individuals rather than the system itself (Khurana, Hadley, Lu & Frincke 2010).

This issue need to be dealt with as early as possible because the company has now to more cautious against cyber security especially now that the company is shifting to online marketing. JL Company has five employees who have no expertise on IT. It is very easy for them to fall victims to phishing attacks, and so to compromise the business activities of the company.

To address the phishing issue, the employees need an intensive briefing on cyber security issues, and probably get to know mitigate some of the risks, for example by avoiding plugging in questionable flash disks into the computers in the offices. In the briefing, the employees would need to know what cyber security is and how it is related to JL Company. Secondly, the employees need to understand the risks of cyber security attacks in the company and then be briefed on the necessary precautions to take. Employee training is a basic security practice that will enable the JL Company employees to beware of cyber security attacks and take security precautions.

How to address the Issue

The company should hire an experienced networking expert to help the company in networking, as the 17 year old employee is obviously not experienced enough.

Furthermore, training the employees would be the best solution because the training will instill a sense of personal responsibility in taking precautions against cyber security attacks, as opposed to other alternatives that would employ external security experts. This would be less effective since external experts are not always dependable, as they are normally outsourced.

 The cost implications of this procedure will be an approximate of A$70 (Modi, Patel, Borisaniya, Patel & Rajarajan 2013).

1. Brute force attacks

A brute force attack is a scenario whereby an attack uses all means possible to crack user account passwords in order to access it (Wang & Lu 2013).  A brute force attack is one of the most dreaded cyber security attacks that is often conducted against web attacks. The aim of this type of attack is to access user accounts either by repeatedly guessing passwords or by taking over an open session of a user’s account (Gupta, Agrawal & Yamaguchi 2016).

Since the company is moving into the online market and has started communicating and sending confidential documents to its clients, it is imperative that they encrypt their data. Currently, in JL Company, all confidential information is emailed and stored without being encrypted. This is very dangerous for the company, as the data can be accessed anytime by attackers.

 Another security risk is that each of the employers can easily access another’s laptop which is a dangerous situation since attackers can compromise all the computers should they get access to just one of the laptops. To protect each laptop should be secured with a strong password. Furthermore, the company should opt to implementing full – disk encryption tools that come bundled in novel operating systems.

 To reduce the chances of brute force attackers unlocking a password through multiple attempts, the user accounts should be initiated to close after three failed attempts to log in (Fatima 2011) The user accounts should be locked until the administrator unlocks them. Another more complicated technique to protect company data is to set out a lock out time for user accounts to close after a certain number of attempts to log in, whereby the waiting time will be set to increase with each unsuccessful attempt to log in.

 I would chose these protective alternative because it will make it impossible to project automatic login attempts impossible against any user account.

Why the chosen solution is better than alternative approaches

The company would spend no more than A$120 to protect company itself against brute force attacks.

• Virus Attacks

A virus is a malicious program that is designed to copy itself into the target node in the network to compromise it or get some data (Shariff 2008). The company needs to protect its IT system from virus infection especially as they are moving to online marketing.

As a solution to this issue, all the working laptops in JL Company should be installed with anti-virus security software. On the same note, the employees should be strictly instructed never to insert unknown portable devices into their laptops as they would be potential sources of viruses from attackers. Furthermore, to reduce chances of activating virus programs, spam filters should be installed on each laptop so as to block spam messages that JL Company employees receive, (Stojmenovic & Wen 2014).  JL Company employees each receive s 40 spam emails a day. This shows that there could be a potential spam attacker targeting the company. Spam messages are often very deceitful because they often contain offers that are appealing in nature, and unsuspecting people will often fall victims to this kind of cyber-attack. When clicked spam messages often install a virus software that tends to compromise the security system of the particular node and take control of it (Wang et al 2010). Implementing spam filters will reduce the chances of the employees opening the messages even by accident and hence avoid activating the viruses that come with them.

I deem that using spam filters and installation of anti-virus software into the individual laptops would be the best solution to this issue because it is practically impossible to think of any other protective action as senders of the spam messages cannot be controlled in normal circumstances, and virus programs will always be on the internet. Beyond securing the individual laptops, other alternatives would ultimately be vague. 

The cost implications of securing the five employee laptops with antivirus software would be not more than A$90.95.

Hacking is the act of unknown attackers taking control of a computer from remote (Liu, Xiao, Li, Liang & Chen 2012).  Moving to the online marketing will most likely expose JL Company to hackers. The company should therefore take necessary precautions to prevent online hacking attempts.  Currently, the employees are receiving pop ups in their laptops, a sign of a potential hacking attacks.

As a solution to this issue, the employees should be trained to identify the enchanted grounds of hackers, for example they should be instructed that they should only install trusted software into the laptops and never open unknown or strange emails or popups in their machines while they are transacting online. Another solution to hacking issue would be to protect data by encrypting it in case of a hacking attack.  The company should further strengthen its network system by repairing the server urgently and installing it with a firewall to prevent it from unknown or suspicious requests. The Windows 200 server has robust security features that will most surely secure the work laptops against hacking attempts (Singh, Jeong  & Park 2016). For example, the Windows 2000 server has the latest version of NTFS support that can encrypt both file and directories using DESX (Singhal et al 2013).

Cost Implications

Furthermore, the company should implement the habit of regular backing up of data. Backing of data is an important and basic security practice in any business organization. Backing of business data or personal data, as opposed to any other alternatives will be the best solution since it assures safety of data incase by all means, their IT system gets hacked. Backing up of data will help in recovering it in case of a hacking attack. In JL Company, employees are only required to back up data at their own discretion, which is a very dangerous position to take. Since they are dealing with company assets, it means any information that they are handling is confidential and so it should be properly safe guarded.

 The surest way to protect oneself from data loss is to back it up. An approximate of A$150 would be needed to protect the company against hacking.

1. Ransomware

Ransomware is one of the most dreaded malware attacks (Siddiqui, Zeadally, Alcaraz & Galvao, 2012). Ransomware gets into a computer network and encrypts all files with a public key encryption whereby the attackers alone can decrypt them after they are paid their ransom. Ransom ware can come into a computer either on its own or by attaching itself to email as a downloaded component. Like a malicious virus, ransom wares often go undetected by a good number of antiviruses (Jokar, Arianpoo & Leung 2016).

The fact that JL Company has fallen a victim to ransomware just recently (July 2017) should put the company on toes to mitigate this vulnerability so as to avoid future attacks.

 As one of the means to protect the work laptops from infection by ransom wares, the computers’ security software should be regularly updated. Outdated versions of any security features have been known to have vulnerabilities that attackers have always exploited to gain access to the computer environment (Shariff, 2008). Furthermore, regular backing up of a data will also help in case a computer gets compromised

Regular backing up of a data and updating the IT systems will help in case a computer gets attacked by ransomware. Updating and backing up of data will be a robust solution as compared to conventional approaches because it is a double protection safety approach. It should therefore be made a policy in JL Company that data should always be baked up mandatorily and no by employee discretion. The employees could be further briefed on the precaution measures while transacting online as precaution against ransomware attacks. For example, they would be instructed to avoid clicking on unknown links or downloading suspicious attachments in their emails.

The cost of protecting JL Company against ransomware attack would be approximated at A$200.95.

Conclusion

Security gaps in cyber security can render business organizations seriously imprecated, and in worst cases they can affect bring business organizations to a close. The most appropriate solution to the growing trend of cyber-attacks is to implement a robust security approach that will tackle all aspects of information security in a business organization. JL Company will need to implement the various solutions that have been suggested for each issue identified in order to be declared safe from cyber security attacks. From training the employees to securing all the security loop holes as has been dealt with in this report, the business operations of the company can be kept safe can securely and satisfactorily fulfil it’s the requests of its clients.

References

Ericsson, G. N. (2010). Cyber security and power system communication—essential parts of a smart grid infrastructure. IEEE Transactions on Power Delivery, 25(3), 1501-1507.DOI: 10.1109/TPWR D.2010.2046654 

Fatima, A. (2011). E-Banking Security Issues-Is There A Solution in Biometrics? Journal of Internet Banking and Commerce, 16(2), 1. Retrieved from: https://www.researchgate.net/publication/283384799_E-Banking_Security_Issues_-_Is_There_A_Solution_in_Biometrics 

Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global,(1), 43.
Retrieved from: https://trove.nla.gov.au/work/206771776 

Jokar, P., Arianpoo, N., & Leung, V. C. (2016). A survey on security issues in smart grids. Security and Communication Networks, 9(3), 262-273.
DOI: /full/10.1002/sec.559

Stojmenovic, I., & Wen, S. (2014). The fog computing paradigm: Scenarios and security issues in Computer Science and Information Systems (FedCSIS), Federated Conference on IEEE, 1-8.
DOI: 10.15439/2014F503V

 Khurana, H., Hadley, M., Lu, N., & Frincke, D. A. (2010). Smart-grid security issues. IEEE Security & Privacy, 8(1).DOI: 10.1109/MSP.2010.49 

Liu, J., Xiao, Y., Li, S., Liang, W., & Chen, C. P. (2012). Cyber security and privacy issues in smart grids. IEEE Communications Surveys & Tutorials, 14(4), 981-997.
doi=10.1.1.462.4054 

Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), 561-592.doi>10.1007/s11227-012-0831-5 

Ning, H., Liu, H., & Yang, L. (2013). Cyber-entity security in the Internet of things. Computer, 1.
DOI: 10.13140/RG.2.2.23381.93926

Shariff, S. (2008). Cyber-bullying: Issues and solutions for the school, the classroom and the home. Routledge.DOI: 0018-9162/13/

Siddiqui, F., Zeadally, S., Alcaraz, C., & Galvao, S. (2012). Smart grid privacy: Issues and solutions. In Computer Communications and Networks (ICCCN), 2012 21st International Conference on (pp. 1-5). IEEE.doi>10.1016/j.comcom.2013.09.004 

Singh, S., Jeong, Y. S., & Park, J. H. (2016). A survey on cloud computing security: Issues, threats, and solutions. Journal of Network and Computer Applications, 75, 200-222.https://thesai.org/Downloads/Volume6No3/Paper_16. A_survey_on_top_security_threats_in_cloud_computing.pdf 

Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R., Krishnan, R., Ahn, G. J., & Bertino, E. (2013). Collaboration in multicloud computing environments: Framework and security issues. Computer, 46(2), 76-84.DOI: 10.1109/MC.2013.46 

Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11. DOI:10.1016/j.jnca.2010.07.006 

Wang, E. K., Ye, Y., Xu, X., (…), Chow, K. P. (2010). Security issues and challenges for cyber physical system in Green Computing and Communications (GreenCom), 2010 IEEE/ACM Int'l Conference on & Int'l Conference on Cyber, Physical and Social Computing (CPSCom) 733-738.
DOI 10.1109/GreenCom-CPSCom.2010.36. 

Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5), 1344-1371.DOI 10.1109/GreenCom-CPSCom.2010.36