Q1.
Data breaching is getting common these days as the hackers are getting smarter in means of taking out information from the company.
Security measures are taken by the business but they are not sufficient as the hackers are smart enough in accessing the important data. Data breaches involve many bad effects.
Companies are now more focusing on the protection from becoming the victim. Business can be protected from the data breach by keeping the data of customer save. Some steps have to be taken for protection against the data breaching, some of them are: -
· Appointing cyber security specialist: - Employee should know about all the breaches, the appointed specialist should share their experiences and tell them how to keep the business safe. The best thing is educate you.
· The business and personnel account should be separate: - The emails of business, personnel and banking should be kept separate. You should know what has to be uploaded in the computer and make sure for encryption.
· Awareness: - Hackers mostly use social engineering. Hackers are very smart and creative. We should be aware of everything. The password should be too long and it should involve two step verification. It should have good antivirus program.
· Sense of urgency: - Mostly business does not have method for securing the data. And employees are also not trained. Due to this we should develop sense of urgency for handling the data by using proper training and methods.
Due to data breach they are many effects on the business. It will destroy the reputation of the business. The business should work regularly in developing and maintaining the integrity of its name.
Data breaching also cause decrease in competition. As the hackers want the pricing strategy and trade secret this will decrease the competition between the businesses.
Q2.
According to me, these can be considered as security incidents related to Social Engineering, Phishing scams and Industrial espionage. In my prospective, the best way to protect a company from these attacks is by proper Education.
Employees should be educated on not to respond to any unsolicited email or phone communications without proper verification of the identity of the person on the other side. The easiest way to verify for authenticity is to tell the other that person you will call them back on a verified phone. It is also very important to educate the employees not to open any attachment or access a site from a malicious or un-trusted and invalidated source.
Many organizations are setting up departmental unsafe computers for access to any document or site either physically or by remote a Virtual machine. These computers are wiped and cleaned out frequently and also they should never store sensitive data. Employees need to be educated to change the passwords frequently like every few days and sporadically. It is better not to have any predictability or sequence in when passwords change because having a sequence will let fraudsters plan a head, so it is very important to be sporadic.
It should be made sure that all employees are aware of the potential risk from these types of social engineering attacks. The more the employees are educated of all these, the better the employees and company will be protected. A powerful email filter need to be used for protection against phishing or fraudulent emails. Companies need to carefully focus on securing all threat and vulnerable areas and also dedicated measures need to be put in place to address all the problems.
With the increase in social engineering, companies and their employees are becoming victims as they are subjected to fraudulent emails, compromised sites and phishing scams. So the best way to be protected from such attacks is to have Firewalls, Intrusion detection and prevention mechanisms and Web filters as these will help mitigate threats from reaching the network.
Question: How to Handle Suspicious Email?
You need a response 150 words of both discussions.