Know Your Enemy:  

Many digital threats can cause harm to a business or organization. Phishing is a common digital threat to organizations. In many phishing attempts, cyber-criminals will pretend to be trustworthy people to gain information on a business. In a phishing attempt, a cyber-criminal may send an email in which they appear to be an official concerned with business information. This email may also include a link that redirects the user to a website that asks for specific information. While the website may appear to be official, any information given to the website by the user will then be redirected to the cyber-criminal. By using a phishing attempt, cyber-criminals can access confidential information.  

Companies are also vulnerable to digital threats such as malware. Malware is a code or software that can be put into a system to corrupt the privacy, security, and availability of information on a system. Some forms of malware include viruses and worms. Malware has the potential to debase and cause disruption to systems. Using malware, data can also be modified or deleted. Malware gives attackers the ability to steal information and confidentiality from a system.  

Ransomware is another digital threat to organizations. Ransomware is a type of malware that detects information within a system and prevents users from accessing the system information. Ransomware can be downloaded to a system unknowingly because of phishing schemes and malicious links. Information can then be downloaded by cyber-criminals who can access this data using an encryption key. Users must then pay for the information to be released.  

Digital threats such as corporate account takeovers allow cyber-criminals to impersonate businesses. Cyber-criminals can cause a corporate account takeover by finding the passwords to the accounts of employees and business websites. In a corporate account takeover, an attacker will access the accounts of a business employee. Through these accounts, the attacker can access information and other business-related materials. Attackers can also use these accounts to install malware to gain access to business information and disrupt systems. Attackers also use corporate account takeovers to transfer funds or steal and sell data from an organization.  

Online services can be made unavailable through distributed denial of service attacks. During a distributed denial of service attack, attackers can establish botnets by implementing malware on a variety of devices. The botnet then requests access to a certain network, server, or service. Excessive requests overwhelm the system and slow the website response time. This attack prevents access to the website and allows cyber-criminals to disrupt the traffic of online networks and services.  

Know Yourself:  

Several steps can be taken to protect a company from digital threats. Several processes and systems can be used to promote web security. Our company uses several strategies to improve the security of our systems.  

Our company uses firewalls to monitor data. By using a firewall, the data that is exchanged between our network and other networks is filtered to prevent the exchange of malicious content. We use web application firewalls to monitor data and interactions between software and apps. Using web application firewalls allows us to prevent the use of malware, and block specific websites, servers, and software. These capabilities improve the security of our company. While the firewall does provide extensive protection, it is still possible for cyber-criminals to access digital information using tactics such as Corporate Account Takeovers. Though there is a firewall in place, an attacker could still be able to access company information by taking over a corporate account.  

Our company enforces the use of strong passwords. This process improves the security of our company by making it more difficult for attackers to infiltrate our systems or impersonate our business. We enforce the use of passwords that contain a variety of characters. Passwords must include uppercase letters, lowercase letters, numbers, and special characters. Passwords should also include a minimum of 12 characters. By enforcing these requirements for the passwords of our company, we reduce the risk of business accounts being hacked. While this process does not reduce the risk of many other digital threats, it improves the chances that attackers will not be able to access information by logging into business accounts.  

As our business includes an online e-commerce website, our website is secure and uses HTTPS protocol as well as SSL. By using HTTPS and SSL, hackers cannot modify the website or collect data from the website. Using HTTPS and SSL is important for e-commerce websites as customers submit personal information to the website. Because of HTTPS and SSL, the server and the user’s web browser can communicate. Though these features are beneficial to the security of the company, these security features do not prevent the use of malware. On their own, HTTPS and SSL would provide little protection for business information if malware were to be used. However, HTTPS and SSL do prevent cyber-criminals from hacking into or modifying the website.  

Our organization also uses antivirus software. By using antivirus software, our company can avoid malware and viruses. Antivirus software analyzes files and data and compares this information to known types of viruses and malware. Through this process, the antivirus software can identify malicious software and viruses. The antivirus software can then prevent viruses and malware from modifying our company’s websites and systems. Antivirus software also prevents malware from making business data inaccessible. While antivirus software prevents hackers from accessing our company’s data through malware, it is still possible for hackers to access data by interrupting the internet connection.  

To prevent unauthorized access to our business’s online data, our company also uses a virtual private network. By using a VPN, our company’s data is hidden from cyber-criminals and hackers. Using a VPN allows our business to have more privacy. Using a VPN reduces the chance that hackers will be able to use a distributed denial of service attack as the VPN will hide the IP address of our company’s devices and network. However, a VPN does not protect against malware and phishing attacks.  

Develop Your Strategy:  

While our company has several processes and systems to ensure security, several procedures could be implemented. By adopting more security procedures, our organization will be more reliable and secure.  

To improve the security of our network, we should begin constantly changing our passwords. This will prevent hackers from using the same password to enter an account with a password that was found. This will also ensure that employees have different passwords for various accounts. This will reduce the number of accounts hacked in the case that a hacker was able to access an account. By changing passwords every 3 months, accounts will be more secure and less likely to be accessed by an unauthorized person.  

Our company will also focus on educating employees on the signs and risks of phishing. Our company will train employees to pay attention to signs of phishing and to evaluate the legitimacy of emails. We will remind employees not to follow links sent through emails, but instead to manually enter the URL to search for the website. Additionally, we will teach employees that the request for personal information through email is a sign of phishing. By teaching employees about phishing, we can prevent the spread of personal information.  

The security of our network can also be improved by updating our software. Cyber-criminals often target faults within old versions of software. Software is often updated to fix security issues and deter hackers from accessing information. By frequently updating our software, we will be able to improve security vulnerabilities.  

Our company can also improve security by backing up our data. By backing up our data, our company can access information in case our network is compromised. This would be useful in the case that our network would be victim to malware or a distributed denial of service attack. We could use a content management system plugin to automatically back up our site. We should also manually back up our databases to protect data.  

Our company will also prevent cross site scripting attacks by implementing a content security policy. This will improve our company’s credibility and will prevent visitors to our website from being exposed to malware. A content security policy allows administrators to state which scripts should be executed and which domains are trustworthy. By using a content security policy, cross-site scripting will be blocked. This will protect our website and visitors to the website from malicious software. 

Sources: 

Bassi, Kendra. “8 Simple Ways to Improve Your Website Security.” CommonPlaces, https://www.commonplaces.com/blog/8-simple-ways-to-improve-your-website-security/.  

Higgins, Malcom. “Does a VPN Protect You from Hackers?” NordVPN, 22 Sept. 2022, https://nordvpn.com/blog/does-a-vpn-protect-you-from-hackers/.  

“Know the Types of Cyber Threats.” Mass.gov, https://www.mass.gov/service-details/know-the-types-of-cyber-threats.  

Lofgren, Lars. “Website Security Guide.” A Simple Guide to Website Security – 2022 Best Practices, Quick Sprout, 7 Mar. 2022, https://www.quicksprout.com/website-security/.  

Martini, David. “What Is the Purpose of a Firewall?” Electric, 15 Mar. 2022, https://www.electric.ai/blog/what-is-the-purpose-of-a-firewall.  

Vigderman, Aliza. “How Does Antivirus Software Work?” Security.org, 13 June 2022, https://www.security.org/antivirus/how-does-antivirus-work/.  

What Is a Distributed Denial-of-Service (Ddos) Attack? – Cloudflare. https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/.  

“What Is Corporate Account Takeover (Cato)?: Security Encyclopedia.” What Is Corporate Account Takeover (CATO)? | Security Encyclopedia, https://www.hypr.com/security-encyclopedia/corporate-account-takeover.  

“What Is Malware? – Definition and Examples.” Cisco, Cisco, 6 June 2022, https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-malware.html#~7-types-of-malware. 

“Spear Phishing.” FBI, FBI, 1 Apr. 2009, https://archives.fbi.gov/archives/news/stories/2009/april/spearphishing_040109. 

Bassi, Kendra. “8 Simple Ways to Improve Your Website Security.” CommonPlaces, https://www.commonplaces.com/blog/8-simple-ways-to-improve-your-website-security/.