5 Critical Cyber Security Issues Facing JL Company: An Essay.

JL is a small accounting company residing in Perth, Western Australia. JL currently employs five people – none of whom has any IT expertise or literacy. There are plans to expand the number of employees to at least 10. The boss’s 17-year-old niece was responsible for all computer and network related matters for the past two years. JL are progressively moving into the online market and have started communicating and sending confidential documents to its clients using a variety of online services. In recent months, employees have noticed; computers progressively operating slower, and random malware inspired popups are being displayed. The following list contains an overview of the current situation within JL:

• The SOE consists of Windows 10 laptops, all of which are currently updated with the most recent Microsoft updates.
  
  
• None of the laptops contains any security software.
  
  
• Internet access is via ADSL using a D-Link DSL-2740B wireless router.
  
  
• A QNap TS-412 NAS is used to backup workstation data (at each employee’s discretion) using WinSCP. The username/password for the NAS admin account is admin/admin.
  
  
• A Windows 2000 Server was previously operational in the organisation but a power surge resulted in the power supply no longer functioning.
  
  
• Each employees receives on average 40 spam messages each day.
  
  
• In July 2017 – two workstations succumbed to a ransomware attack and JL paid the ransom.
  
  
• There are currently no policies or rules guiding employees on how to best utilise resources and conform to ideal cyber security conscious behaviours.
  
  
• Employees can access each other’s computers and email accounts.
  
  
• Confidential data is emailed/stored without using any cryptographic techniques.
  
  
• Last week an employee found a USB flash drive in the car park and plugged it into their computer. Since then, the employee has claimed that the computer appears to have “a mind of its own”.

You have been hired to develop a range of recommendations to ensure JL can fulfil current and future client requests. The employees are comfortable, and reluctant to change their current cyber security behaviour. Many of the employees believe that the company is functioning correctly and does not need a new cyber security operational model. JL’s manager is committed to addressing the cyber security issues and improving the culture of the workplace.

The manager has requested that you compile a small, succinct report addressing five (5) critical cyber security issues. In producing your solution, you should address the following requirements:

• Why the chosen cyber security issue should be addressed immediately.
  
  
• A detailed explanation/demonstration of how you propose to address the issue.
  
  
• Why is your chosen solution better than alternative approaches (i.e. clearly compare/contrast your solution to alternatives).
  
  
• A detailed breakdown of the cost in addressing the selected issue.

Security Measures and Advantages

Due to the current security issues concerning cyber security, it is important for the company to lay day security measures that would assist the company to avoid risk that comes with cyber security attacks. There are advantages that comes with employing modern security measures for instance, the company would enhance a general security posture, increase the efficiency of operation and enhance accountability among the staff and the employees among other advantages. Handling of data such as for accounting in the organization may be vulnerable to cyber-attacks, leaking of organization information or even data loss.  The JL Company should adopt to the modern technology in their business operation, it staff should possess adequate knowledge and skills in handling the modern technology because in case of any risk it would be a fatal to the organization. It is important for the company to lay down a strategic security measures that would help in minimizing risk that are associated with adopting to the new technology (Buczak & Guven, 2016).

Since the company have started to engage in online activities, the strategic security measures would play a crucial role in safeguarding the company resources, increasing the number of staff as suggested by the company would be helpful. This report would major on solution that that would address the current security concerns of the company. My research on current cyber security attacks enable to come up with measures that would help in addressing the current situation (Yunfei, Yuanbao, Xuan & Qi, 2015).

Malicious attacks, such as hacking and viruses

Because the computers have the JL company does not have antivirus, the company have recently been attacked by a ransomware, a ransomware is a malevolent software which is created to block accessibility of computer till a specified amount of money is paid.

1. The JL Company should update from windows server 2000 to windows 2012 which have more security features. This would assist the company to limit the vulnerability. In fact the company should do regular updates to the software. Generally it is important for the company to download latest version of windows once it is available.
   
   
2. The JL Company should do regular backups to files remotely daily on an external hard drive which is not connected to the internet. As long as the data would be backup on the external hard drive, the company won’t lose any data if is attacked by the ransomware attack
   
   
3. Employees Apply should always be warned on opening any distrustful email attachments and to never download any app that is not coming from the real store. The employees should always read reviews if they must download the app otherwise it is not recommended.
   
   
4. The company should make use of the antiviruses which has an ability to scan files and identify if it has the ransomware. The company should utilise this antivirus before downloading.

The data loss in the JL Company courses the computer to misbehave, this is because of the errors in the systems in which the data is destroyed by neglect or failures in storage processing or data transmission. Data loss is also closely related to data beach, this is where the data are accessed by unauthorised persons. The JL Company can prevent data loss by doing the following

1. The can should do regular backup
2. A good working conducts
3. Installing antivirus to the office computers- I recommend the JL Company to use VIPRE antivirus, it perform better than other antivirus.
4. Protection against power surge thru a UPS

1. Symantec data loss prevention- which is responsible for data management and tracking of data
2. Trustwave data loss preventions- manage and track data
3. MacAfee data loss prevention- data tracking and management
4. Checkpoint data loss prevention- educate on data loss and remediation

The data of the JL Company does not have access limit, the employees can access emails freely. The company should address this issue immediately because it would bring big security beaches. The consumers of the company would feel worried if this is going to happen. Data beaches will bring a lot of problems to the JL Company, the criminal attacks would affect company negatively and it will costs the company millions of many and it is going to tarnish the reputation of the company (Peltier,2016).  

Recommendations to the JL Company to solve the security beach

Current Situation Analysis

There are several ways in which the JL Company may solve this issue of the security beach which would help the company to safeguard their data.

In the current situation of the company, every employee can access all the data in the office computer. The employees should stop this immediately otherwise the company would learn the add way, after all, it is of no reason for the mailroom workers to access the financial information of the customers. Limiting access would help in avoiding this scenarios and also would limit the employees from clicking on links that may harm the data of the organizations (Perlman, Kaufman & Speciner, 2016).

Analysing the current situations of the JL Company, the employees are causing the computers of the company to be more susceptible to attacks, accessing emails daily will have the potentiality to downloading of viruses. I recommend the company to create posters that would help to warn employees against cybercrimes and provide ways of avoiding those (Da & Martins, 2015).  

I recommend the JL Company to keep the operating and all the application software updated. Installation of patches when it is available will be a good practice. The network of the JL Company is vulnerable because the programs are not updated and are not patched up. This is an easy way to make the network to be strong and eliminate attacks before it happens (Ghai, Sharma & Jain. 2015).

The current passwords used by the JL company admin is very easy to predict. Employees should be encourage to change passwords regularly in order to avoid cyber beaches. The employees should learn to use combination of special characters, uppercase, lowercase, letters and numbers while setting passwords. The password should be made difficult to make it impossible for the thieves to break it and still the data (Flowerday & Tuyikeze, 2016).

The internet access in the company is through ADSL utilizing D-Link wireless router. This type of network have certain vulnerabilities. The company can resolve in the following ways:

The wireless network contain some vulnerabilities such as man-in-the-middle attacks, this happens in a this scenario: the attack set up a wireless network that have the same SSID with the network they are going to copy, when someone tries to connect to the network a ‘’ bogus RADIOUS server’’ capture the logins credentials. The attacker would then connect to the real network using the captured logins (Soomro, Shah & Ahmed, 2016).

Solutions to Current Security Issues

Most of the useful mechanism to use is deploying enterprise mode of wireless securities because it would assist to authenticate every user independently. So in an event of computer being stolen or as staff leaves the organization, the user logins would be revoked (Biscop, 2016)

Use wired network instead of wireless network- is more secure against threats

The JL Company use an incorporated computing devices, digital and mechanical machines that has unique identifiers. This IOT are vulnerable to bring security issues to the company (Wang, Jajodia, Singhal, Cheng & Noel, 2014).

Ways in which the JL Company may apply to prevent IOT threats

• The password for each and every device must be change from default. The devices that does not allow the password update from the default should not be utilized.
  
  
• It would be a good idea for the company to contain a different network that is behind a firewall that is under monitoring. For the all the IOT devices. This will help in securing devices that are allocated from the resources and network (Layton, 2016).
  
  
• Check for regular updates to make sure that the office computers are getting latest patches. Never use software that does not have updates.
  
  
• Ensure that the computers and office devices does not connect automatically to any open WI-FI networks, this not good, it is important to make sure that the devices does not do that (Knapp & Langill, 2014).

For the JL Company to set up a security measure, it would have to use substantial capital to establish a security measure that would help the company to reduce the risk that are exposed to. The infrastructure required would be the servers and servers. The latest security software should also be bought and installed to the computers systems of the organization. These infrastructure may be costly to the JL Company because it would also require experts to that would assist the company in the installation, configuration and maintenance of the system.  The following table summarises the cost per unit and the total cost that would be required in US dollars (Siponen, Mahmood & Pahnila, 2014).

Ways  to address security issues	Unit cost ($)	Total cost ($)
Windows server update	20	100
External hard drive for backups	10	20
Antiviruses	20	30
Employee training	50	100
Human resources	100	200
Data loss prevention softwares	20	80
Posters	5	20
Other expenses	30	80
Total		630

The total approximate cost the company is expected to incur to address all the cyber security issues is $ 550.

Windows server 2000 vs windows server 2012

Windows server 2000	Windows server 2012
The GUI cannot be turn on or off	Has freedom of the interface
Limited server capabilities	Multiple server capabilities
Low dynamic access control	Have higher dynamic access control
Operates with low speed	Has high speed of operation

Vipre was rang as the best antivirus in the year 2016 as compared to other antivirus. Kaspersky was rang number. Both of this antiviruses would be useful in providing the JL Company in providing advance security to the resources of the company. The following table shows the comparison (Almorsy, Grundy & Müller, 2016).

(Armbrust et al. 2010).

Conclusions

The JL company management has face many security issues in controlling their network resources that have resulted to data loss, intrusion, ransomware attacks and other hazards that occur due to negligence and lack of knowledge.it is necessary for the company to design a security measure that would help to protect the network infrastructure. It would essential for the company to systematically design a security measure that would assist the organization to run smoothly and free of risk (Anderson &Pettersson, 2015).

References

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.

Andersson, S. M., & Pettersson, M. G. (2015). U.S. Patent No. 9,191,822. Washington, DC: U.S. Patent and Trademark Office.

Biscop, S. (2016). The European security strategy: a global agenda for positive power. Routledge.

Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176.

Da Veiga, A., & Martins, N. (2015). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162-176.

Flowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and implementation: The what, how and who. computers & security, 61, 169-183.

Ghai, V., Sharma, S., & Jain, A. (2015). U.S. Patent No. 9,111,088. Washington, DC: U.S. Patent and Trademark Office.

Knapp, E. D., & Langill, J. T. (2014). Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress.

Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.

Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India.

Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), 217-224.

Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.

 Wang, L., Jajodia, S., Singhal, A., Cheng, P., & Noel, S. (2014). k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities. IEEE Transactions on Dependable and Secure Computing, 11(1), 30-44.

Yunfei, L., Yuanbao, C., Xuan, W., Xuan, L., & Qi, Z. (2015, August). A Framework of Cyber-Security Protection for Warship Systems. In Intelligent Systems Design and Engineering Applications (ISDEA), 2015 Sixth International Conference on (pp. 17-20). IEEE.