Organisational Security Potential Threats Malicious Threats

Published Date: 02 Nov 2017

Viruses are a self-replicating delivery method that is created to do harm to a computer. There are many types of viruses such as worms. Worms can be transmitted through a USB or network. A worm was the first type of virus created; it was created to send out updates among computers because it was fast and more efficient than people having to do it themselves. Worms can take up a lot of bandwidth and can cause network traffic.

A Trojan is not really a virus because it only has the delivery method trait and not the self-replicating. The name Trojan gets its name from the Trojan horse, its gets this name because it pretends to be something is not. Trojans are mainly attached to anonymous e-mails or from people’s accounts that have been hacked. They can be sometimes found on links to an irrelevant webpage.

Spyware is another type of malicious malware that tries to steal username and passwords secretly without the user knowing. Key logger is an example of spyware as it records the keystrokes you make in a text file. It can also open a port on your system that can allow easy access for a hacker.

Scare ware is another type of malware, Scare ware comes up with a pop up telling you that have several viruses on your computer, but you can get rid of them by downloading a free piece of software. When accepting the download.exe file that comes up, the file that accepted will be full of more viruses so the several you may have once had could turn into 100. Then when you see that you have all these viruses it gives you an option to get the premium software to get rid of them that could cost a lot of money, which will do absolutely nothing.

Hacking is the means of someone breaking into a computer to get access to the system and documents. There are many ways they can break into the system, such as obtaining the username and password of the account. Usernames and Passwords are not secure, so the hacker could easily get hold of the username and password, one way could be just by looking over the persons shoulder when they go to type it in.

There are also ports which is another means of accessing the computer, to send and receive data. With a firewall you will be able to make sure your ports are secure and are not easily accessed, But if any ports on your computer are insecure and a hacker knows the IP address they can use this to gain access to the computer.

Wires are another way your data can be hacked; wires can be used as a means for a hacker to monitor your signals. They can do this by using crocodile clips and clipping them to the wires from your organisation or they can use a coil that picks up the radiation from the wires and can be sent to the hacker for them to monitor.

Another way to get private information from people could be e-mail scams, where they send an e-mail pretending to be your bank saying they owe you money, so you click the link and type your bank info, and then the information gets sent to their computer. Another way could be through a phone call, where they try selling you false products, so when you pay them for it they will never arrive etc.

Threats to E-commerce

In a business, there are physical threats that have to be considered. For example theft, is quite a high chance it could happen in your business and on your systems. This could happen if prices of hardware or software are too high, memory could be stolen out of the computer towers or they could take the entire tower themselves.

Another threat could be natural disasters, e.g. fire and floods. If a fire or a flood happens in your place of business, this could cause damage to your systems, which could cause you to lose vital data if it has not been backed up.

A distributed denial of service (DDOS) is when a large amount of users are trying to connect to a server or a website. A bot net could be used for this as there will be a lot of connecting at the same time try and shut it down. A DDOS can have an effect on anything from a plain website to a gaming server, with the intent of shutting it down.

Defacing a company’s website, will affect the image of that organisation and will affect the amount of users that organisation will have. For an example, if a banks homepage is defaced either by someone putting an irrelevant image on there or text that attacks the bank, customers that see this will lose trust in that bank and will doubt the security that bank has, because if the bank can’t keep their website safe then how can they expect that bank to keep their data about them secure or the money they have with in the bank.

Vindictive action can also be a problem when an employee could cause damage to the system on purpose. If this is done this can cause loss of productivity from trying to fix the damage system or having to redo work that may have been lost or deleted.

Counterfeit goods

Counterfeit goods, are a big problem in any organisation. Any company that has any kind of counterfeit goods can get sued costing that organisation a large amount of money depending on the amount of goods.

Counterfeit goods can also cause software problems. For example, if you get a fake copy of windows 7, you may not get fully functionality of that copy. Another problem is that you will need to disable your updates, so then windows don’t pick up on that, disabling updates will cause low security for your system and can open it up to loads of viruses and malware. If you didn’t get your copy of windows from a trusted supplier or source there could be a high chance that when you use it, there could be malware on it that is also being downloaded on your computer which can cause major problems for your company.

Staff that has counterfeit DVDs, music or games can cause damage to their computers. The counterfeit goods they bought could have harmful malware that could be booted onto their systems when they load up their computer. This will cause damage to their computer and can help hackers to hack into your system. Also it is waste of company resources, and a can stop productivity if they are playing games and watching DVDs.

Physical Security

To help improve your physical security inside your organisation there are a few improvements you can consider. Having locks on your doors that have expensive and valuable equipment and/or data in can help reduce it from being stolen or deleted. This will help to keep your organisation intact and will reduce the risk of low productivity.

Having employees sign in and out of systems will reduce people stealing your data and knowing any secrets in your organisation. Having staff members walk away from their systems that they are still logged in at, gives an opportunity for someone to steal data from your organisation or delete vital information.

Biometrics scan is also a good security measure to have, to help keep out any unwanted visitors into your business or into rooms with valuable data. With biometrics you can fingerprint scans, retinal scans or voice recognition. Retinal scans and voice recognition will probably be the more secure to have in a business as it is difficult to sound like someone else or even copy their eyes

Having guards around your business, will reduce the amount of people trying to harm your business and help keep staff inline and stop people from stealing equipment or people purposely breaking their systems.

Software and network Security

Encryption Techniques

Public key encryption is used by a recipient and a sender to encrypt messages between one and other, to make the message secure and no-one else can read it. When the sender sends a message to the recipient using the public key the recipient gave them, the recipient then uses their private key to decrypt the message. Using this, anyone who tries to intercept the message between the recipient and sender will just get the encrypted message which will make no sense unless you have the private key to decrypt it.

Encryption is needed to keep data safe, such as your personal details and bank transactions. IF you have an unencrypted connection between you and your bank for example, your details can be read and used without you even knowing. Encryption is also good for swapping personal message with someone you know.

Encryption uses prime numbers to encrypt the data as it is hard to decrypt the data. Prime numbers are used as they are a number that can only be made of one and itself. Multiplying two prime numbers together will give an answer that can only be decrypted that by those two numbers as they are the only numbers that go into it.

Use of Backups

Regular backups are also essential in any kind of organisation as they act as a second storage drive. For example if there are any power cuts in that organisation and you had files you didn’t save a backup would help retrieve any files that might of been lost. Also a good thing about backups is if someone accidently deletes a folder containing vital files, if you had backed them up it is possible to retrieve those files and carry on working on them. So regular backups are important to help protect your files just in case anything might go wrong.

Audit Logs

It is useful to keep an accurate record of all faults because it is useful to know straight away what the error is. By knowing what the error is you can work on the solution in how to get it fixed this is also useful because you won’t be wasting time in trying to find the error because you already know what it is and what time it happened.

Also by keeping an accurate fault log you keep the machine in best possible status. This will help keep your machine at fast as you need it. Also by keeping a fault log you can fix errors faster because you already know what the errors are. Also with knowing what the errors are you know which ones are more urgent to fix.

Virus checking software

Having anti-virus software on your computer will keep your system protected from malware and will scan the whole of your system and files to let you know if any have been corrupted. This is good because it is another security measure in protecting your business and keeping it secure as best as possible.

Use of VPN

A virtual private network between two remote sites over a secure and encrypted internet connection. For example in a workplace if they make one sector and network, no matter where they are they will be able to still access that network.

Passwords and Firewall Configuration

To stop somebody cracking your password, it will help if you had a strong password. A strong password would consist of a mixture of letters, numbers and symbols and it would also be good if it was a long password, but it also should be easy to remember or else you won’t be able to access your own account. Having a strong password will make it harder for people to hack onto your profile and crack your password.

Another good way to stop somebody cracking your password would be to have a secure firewall. A secure firewall will stop unauthorised connection to your network. A good way to make your firewall more secure would be to update it more regularly and to tweak with the settings of the firewall to make it harder for hackers to send and receive information from your computer.

Software updating

By updating software you can improve the security of your systems and will be able to access better features and efficiency. By updating your software, it will become better and more useful as it will know more and how it can protect your system better.

Information Security

Having complete data in your business is vital. If you have data about a customer that is not fully completed you can lose a lot of money. If you don’t have the wrong address for a customer every time you send them a bill, they won’t get it causing your business to lose money.

Keeping your customer data confidential is essential in a business. If you don’t keep your customer data confidential your business will breaking the data protection act. You can’t send information about your customers to third parties or out of the Europe.