Data and Information in a Company - Essential Facilities That Should Be Properly Maintained and Protected - Essay Example

Lecturer: Presentation: Introduction Information refers to processed data that helps in decision making. Informationsecurity is a very essential necessity in an organization or company (Egan 2004 p 22). Information is treated according to the level of management accorded the authority to amend or process it. For example, information that is meant for the board of directors should not be accessed by the junior staff or any other person. Failure to secure information can lead to its loss or exposure of customer’s private information that can have negative impacts on the operations of the business and the customer business relations (Jones 2005 p 36). This essay is an evaluation of the threats to the company’s assets and the most common vulnerabilities from the current operations and by introducing tele-working for its employees. Teleworking or telecommuting is a terminology used to define the aspect of working from a remote location using a personal computer or a work station connected to the company’s network then sending the information through the network (Fisher 2005 p 5). This means that one does not necessarily have to have an office in the company but rather he can work from the comfort of his computer at home. This technology is advantageous in that it enables employees to finish their tasks in time since he can use his free time after working hours to complete his tasks. However, this mode of working poses various dangers to the company’s computers and information. This is because, as these employees upload information from their computers, they risk attaching computer viruses if their computers are not protected by the use of antivirus software (Fisher 2005 p 21). These viruses replicate themselves in the computers in the company’s network corrupting important documents leading to their loss and if not checked, they attack the computers memory leading to total failure of the machines. To ensure that these risks are contained, the board should make plans to avail free antivirus software to the employees so that they can scan any documents they are uploading to ensure that they are free from viruses (Jones2005 p 28). They should also ensure that all the computers in the company’s network also are protected from viruses before the plan of allowing telecommuting is implemented. Another danger that comes with telecommuting is the possibility of losing information to hackers. These are people who break into networks and steal information either for personal use or for malicious purpose (Borchgrave 2001 p 32). If this occurs and the information is used maliciously, it could damage the reputation of the company which would result to loss of customers and eventually lowering the profit margins. Customers are a great asset to any business because they provide market to the goods and services offered by a business. This means that any business venture or plans that are made should be geared towards customer retention. The company should therefore ensure that data security in their networks is enhanced by firewalls and data encryption. This would ensure that hackers are not able to decode any information that they may get either by mistake or by chance. Business assets are part of the property that is owned by a business. They could be fixed assets or current assets depending on their nature. They facilitate the operations of a business enterprise towards the delivery of quality services. In fact they define the scope and the limits within which a business conducts its operations. This company in particular is in the business of IT networking, security products and consulting services. This is a field that is mainly constituted of computers as the main asset. The computers are used for processing and storing databases and information related to the company and its clients. As a method of storing information, computers are faced by challenges that may cause inconvenience to the company. One challenge is the threat of computer viruses that attacks the computer’s memory causing system break down and loss of information (Borchgrave 2001 p 49). They are also susceptible to break -in by unauthorized persons who may tamper with information in the databases. Computers also face physical threats that include vandalizing, effects of power surge and power failure. Vandalizing is the intentional damage of computers and its other hardware components. If this happens, the information stored in them would be lost. Power failure and power surge are contributing factors to loss of information. This is because they lead to loss of memory if the power supply is not constant. To counter these challenges, computer labs should be guarded with strong doors and the usage too should be monitored to protect them from being vandalized. The problem of power failure and power surge can be corrected by installing extra hardware that is the uninterruptible power supply (UPS) that store power which can be used to run the machines for sometime incase there is power failure (Jones 2005 p 65). Power generators are also an option that can be used to provide power. The company advertises its products through its website hosted by the WebCenter. In this context, the website becomes the asset of the company. The company withholds the right to modify or edit the contents in the website. However, websites have become the target for many rogue programmers who create virus and other malware that they attach to the websites such that once you visit the site, you are prompted to perform an action for example to download certain software for free or updates. The programmers often use SQL based programming languages to penetrate the websites through web server technologies which are weak and does not have strong protection against such acts (Borchgrave 2001 p 33). On other occasions, the machines of the web maintaining experts could be infected with the malware such that after doing the maintenance operations, the website is posted together with the malware. This acts as a threat to the customers who visit the website especially from their personal computers and it might result to them refraining from visiting the company’s website which means that the information contained in the website will go into waste thus failing to serve the intended purpose. The services that the company offers to its clients through the consultant personnel are also a great asset to the business. Through these services, the business earns money in form of consultancy fees. The methods through which they perform their duties involves working on laptops on the client’s sites and then regularly back-up all their laptop data to the company’s internal file systems to guard against disk failures. While at it, they subject the information to various risks which are as a result of backing up files in the company’s internal database. This is due to the reasoning that, viruses that could be gotten from a client’s site could be sent together with the files into the database thus destroying important files (Fisher 2005 p 35). Other than that, the company has entrusted these consultants with important information by allowing them to access information concerning clients as well as that in the company’s database. By doing so, they could use the sensitive information to cause malicious damage or expose the information to other competitors weakening the confidentiality between the clients and the company and subjecting the company to unnecessary competition. Marketing plans and financial data can also be termed as valuable assets for the company. These are supposed to be protected for they carry the future of the company. Market plans stipulate the strategies to be followed while distributing, advertisement and competing with other rivals. Financial data is also important because it helps the company to keep track of all the transactions that the company makes. If this data is not protected and it gets exposed to hackers or it is accessed by the competitors, the strengths and weaknesses of the business would also be exposed (Tipton 1999 p 61). The rivals may take advantage and capitalize on them thus threatening the future of the business in terms of investments through selling of shares since the investors may withdraw their support if they feel that the business has a shaken future. The image of a company is very important towards the attraction of potential investors. These threats can be realized due to the various weaknesses in the company’s information systems. Some of these weaknesses include telecommuting which makes the system prone to hackers and computer viruses. Allowing authority to the consultants to access clients’ information and the internal database is another weakness that makes the information vulnerable to tampering and getting to the wrong hands who may misuse it to damage the reputation of the business. The internal database is vulnerable in that all the important files are stored together with the email archives. Emails and other materials from the internet are known to be vulnerable to virus attack. Storing these materials together with files could lead to their loss or they could get corrupted by the viruses (Halibozek 2008 pp 12-14). There are various mechanisms that can be used to counter these threats. In the case of computer viruses the company should ensure that all the computers are installed with antivirus software. Scanning for viruses should be done on every file being downloaded from the internet or being uploaded from a consultant’s laptop. Any removable storage device must also be scanned for viruses before it is used on the computers (Halibozek 2008 p 5). This helps to reduce the possibility of infecting the computers with viruses that may have been transferred from an outside source. The personnel that maintain the information systems should ensure that the antivirus software is updated regularly because the designers of these malwares constantly keep on changing their techniques. To counter the threat of unauthorized access to the company’s files and database passwords should be used to protect and limit the access to only those people who are allowed to perform operations on the files. This ensures that there is accountability incase there is an error or loss of data. Also few people should possess the passwords so as to limit the scope of collective responsibility towards the information. Strong doors and windows should also be installed to protect the computers from physical threats. Electrical appliances for supplying emergency power should also be installed to ensure that data loss due to low power voltage is contained. These appliances include and not limited to power generators, Uninterruptible power supply and ensuring that the computers are switched off correctly after use (Fisher 2005 p 80). This protects the computer memory which is volatile. The strong doors are for preventing forced entry into the computer rooms by unauthorized persons who may have the intention of vandalizing the machines. Data encryption is also important especially where telecommuting is involved. This is the encoding of data using private keys that are difficult to crack (Jones 2005 p 37). For each and every data string sent, a certain key is used to guard it. Both the sender and the recipient should be able to decode the information. The purpose of doing this is to protect the data from hackers who break into large networks with the intention of acquiring information either for personal gain or for malicious damage. This method has been tried and used in the United States who judged it as very difficult to break. However, these vulnerabilities can be exploited since the standards and quality of many information systems and websites are susceptible to them. One way of exploiting is through cracking log in passwords to access information from other company’s databases. This can benefit the company in knowing the secrets of its rivals. It can also design emails with viruses and then design the cure for the viruses and sell them at price. It can also use the available SQL programming technology to modify other accounts and also to remove any evidence of intrusion to avoid conflicts with the law (Foster 2007 pp 14-15). Conclusion Data and information in a company are two essential facilities that should be properly maintained and protected. This is because they help the management to make important decisions regarding the company’s operations. If proper protective measures are not taken, the company risks losing valuable information and clients. It could also have its reputation at stake if the information lands in the hands of malicious people could it be hackers, crackers, bogies or rogue users who could be hired agents of competitors, press or even current and past employees of the company who may want to neutralize the company’s market at their corporate gain or personal vendetta. It is therefore important to ensure that these threats are identified as early as possible before the damage is done. Telecommuting is a useful business operation but unchecked, it can have far reaching negative effects on the company’s over all goals which include making profit, expansion and good reputation. The various vulnerabilities in the information systems can be exploited to benefit the company. This is because of the low standards and quality that leaves room for experts to use their knowledge to capitalize on the loop holes. These people are doing business and they are earning huge amounts of money, it could also be an opening for the company if it capitalizes on the vulnerabilities. Bibliography 1. Borchgrave A. 2001. Cyber Threats and Information Security: Meeting the 21st Century Challenge, Center for Strategic & International Studies. 2. Egan M. 2004. The Executive Guide to Information Security: Threats, Challenges, and Solutions, Addison-Wesley Professional. 3. Fisher M. 2005. The Distance Manager: Hands on Guide to Managing Off-Site Employees and Virtual Teams, McGraw-Hill. 4. Foster J. 2007. Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, Syngress Publication 5. Halibozek E. 2008. Introduction to Security, Butterworth-Heineman 6. Jones A. 2005. Risk Management for Computer Security, Butter Worth Heineman 7. Tipton H. 1999. Information Security Management, Auerbach. Read More