I am in the role of an executive at a small to medium-sized corporation.It is a gourmet food retailer with three stores and an online e-commerce marketplace. The corporation sells about $1 million in goods each year; it has more than 35,000 customers, 100 retail employees and 35 corporate employees. There are many digital threats that my corporation could face. Some include malware attacks, man in the middle, denial of service, etc. Malware attacks are when viruses, worms, trojans, spyware, and ransomware are used to affect something with malicious intent. Man in the middle is when someone someone is intercepting communication channels between two or more people, such as email hijacking, or Wi-Fi eavesdropping. Denial of service is when attackers overload the target system with a lot of traffic, ridding the ability of the system to function normally. It slows the system down to the point where it is unusable. It can also come from many sources, such as hackers or malicious insiders. With hackers, it’s usually an individual who targets organizations using a variety of attacks. Usually personal gain, revenge, financial gain, or political activity are what motivate them to do this. Malicious insiders can be employees who have access to company assets and abuse their privileges to steal or damage computing systems and information for economic or personal gain. These insiders can include employees, contractors, suppliers, or partners of the target organization. (Source 1).
Some systems I might have in place for my business would be any items such as computers, work phones, tablets, etc. Any piece of technology can be susceptible to digital attacks, especially malware and man in the middle. (Source 2). There are also three digital processes I could have in place: operational processes, which are an organized set of activities where a specific product, service, or business methodology result from it. Management processes, which are setting goals, leading the organization, and executing activities and tasks. Also supporting processes, which are processes that support the core functions of running the business itself. Active 1: These processes store important information on how the business is run, such as the activities used to create products and how the organization is structured, in a digital format. Hackers could potentially access this information through various methods, and malicious insiders could leak this information. (Source 3).
There are a few ways that I as the owner of the corporation, could protect it from cyber attacks. One being securing the networks and databases. I could protect the corporation from cyber attacks by setting up things like firewalls or encrypting the information.. Also, keeping the Wi-Fi network hidden, and the password protected, and being selective with the information stored in the corporation database. Educating my employees would also be important, such as how they can protect their information and what is and isn’t acceptable when sharing information. I would also limit which employees have administrative access to things, such as certain information. Therefore, reducing the risk of malicious insiders gaining access to said information. Establishing practices and policies to protect the company from cyber attacks and setting guidelines for resolving issues if they come up is another protective measure I could use. I would ensure that I outline the procedures for handling situations if they arise, as well as the consequences for not following those policies. Training my employees what the difference between fake antivirus offers and real notifications is also important. It will keep issues from happening later if they know what to look for ahead of time. (Source 4).
Those are the issues I could face, the things I have to protect, and how I would protect them if I were in charge of a corporation.