As the IT supervisor at one of the top clothing stores and websites along the east coast, we deal with all sorts of cybersecurity. As for the summer of 2020 we have to be on the watch for phishing scams,ransomware,employee data breaches,cloud storage breaches, and safe transactions for customers. Phishing is when an individual or group attempts to compromise a business through email, by posing as another business. Typically, they target businesses who send large sums of money through wire transfers. Ransomware is any virus that attacks your computer and then claims a specific program or application needs to be installed to fix this. An example of this could be clicking a bad link on a website, and then your computer is locked up except for a link for the virus, which claims you must install it to fix your computer. Employee Data Breaches is any breach of data caused accidentally or deliberately. The two main causes are not enough training to watch out for phishing or avoid ransomware, or it could even be a disgruntled employee selling data after being fired, or leaking data. This data can include anything from clients to account information. Cloud storage is a newer front people are facing, and must be used with caution. Cloud storage is the act of saving data on non-local servers. Strong security needs to be set so that people cannot access and information you have saved within a cloud storage system, and distribute it. We have seen this with celebrities having personal pictures and information leaked due to cloud storage systems being breached. And lastly, you need to be wary of hackers trying to obtain customer information when purchasing items. 

At our company we already have some practices in place to protect our cybersecurity. We have set up a firewall, anti-malware software on our devices, regular data backups, safe passwords, and employee education. We have in place a firewall to manage the network traffic. This can be faulty if employees do not pay close enough attention to the information. Anti-malware is important to have in case an employee accidentally opens an email with a virus in it, as it will work to detect and remove any malware from your computer. Anti-malware could fail you however if you do not keep the program up to date and the subscription paid for. In order to prevent information loss, we will do weekly data backups to external drives. It could be problematic, however, if the drives were lost or became corrupted, and they need to be organized to keep track of what data is where. We encourage our employees to use safe passwords, things that are not cliche or simple, typically number and word combinations. This could be faulty though, as all it would take is one employee not taking this rule seriously and using a weak password on their work devices. Lastly, we try to provide good employee education on how to safely use the internet at work. During orientation we try to provide good information and booklets on how to identify phishing attempts and other threats to our cybersecurity, and we incorporate any new information at our weekly briefs. This could prove ineffective if some threat pops up before we have had a chance to address it with our team. 

There are plenty of different possible measures you could take to increase cybersecurity.  To improve our security, I believe we should increase our firewall to have both an internal and external firewall, to truly have a better watch over our cybersecurity. Secondly we should have training on how to quickly react to and report any new cybersecurity issues, and have a way to inform the rest of the staff, possibly something like an important notice email detailing the issue. Thirdly, we should secure our WiFi by making it a private WiFi only accessible by work devices and set up an alternative WiFi for personal device use. Fourth, we start making multiple copies of backup data, that way if one goes missing or becomes corrupted, we still have the other on hand. Fifth, we need to come up with a way to make any data inaccessible to anybody who has been fired or left, and a system to track who is copying what information, that way if any information is leaked that person can be held accountable. And lastly, we need further education on how to read the firewall logs and how to spot phishing.

References:

Lobert, Chuck. “The Top 5 Digital Security Threats to Business.” Vision Computer Solutions, Chuck Lobert /Wp-Content/Uploads/2017/11/Vision-Logo-Large.png, 19 Nov. 2018, www.vcsolutions.com/blog/the-top-5-digital-security-threats-to-business/.

Mathews, Lee. “Phishing Scams Cost American Businesses Half A Billion Dollars A Year.” Forbes, Forbes Magazine, 5 May 2017, www.forbes.com/sites/leemathews/2017/05/05/phishing-scams-cost-american-businesses-half-a-billion-dollars-a-year/.

Segal, Chelsea, and Chelsea SegalChelsea Segal. “Chelsea Segal.” Cox BLUE, www.coxblue.com/8-cyber-security-best-practices-for-your-small-to-medium-size-business-smb/.