Likely Threats in a Pharmacy and Their Control Measures - Literature review Example

Likely Threats in a Pharmacy and their Control Measures Threats in information security have been a commonissue for many past decades. Threats refer to possible harm that a security system could face if vulnerabilities in the system were exploited (Whitman & Mattord, 2012). Intrusion into a security system could take different forms of threats; physical and logical. Physical threats refer to physical access to unauthorized access location with a malicious intent (Bosworth & Kabay, 2011). Logical threats refer to using electronic means such as a remote computer to gain access to unauthorized place. The two forms of threats could lead to great damage in the business in terms of loss of assets and business integrity. 5 potential physical threats Theft in the pharmacy is highly likely through the pharmacy backdoor. An intruder with a malicious aim could either steal the pharmaceutical drugs that are conveniently located at the backdoor thus ease the workload in transporting the drugs from the store. Funds located in the shelf counters can be stolen leading to heavy financial loss. Vandalism can also occur in case of unauthorized access. A vengeful former employee of the pharmacy could seek to vandalize the vital equipment such as the desktop computers close to the backdoor in a mission to revenge a past-unresolved dispute. The intruder could also start a fire in order to cause property damage and the pharmacy would incur heavy losses. Unauthorized physical access into the pharmacy poses as a major threat. An intruder with technical competency could access vital information in the desktop computers. The intruder could gain crucial information such as confidential customer information. The pharmacy’s credibility could be at stake due to leaking of sensitive information. Further financial losses can occur in case the affected customers decided to seek legal action against the pharmacy. A malicious hacker can gain access to the pharmacy’s fund through the backdoor. Major financial losses can occur in case of the funds’ withdrawal by the hacker. Disgruntled employees can influence the prosperity of the pharmacy in a negative manner. In the case of poor work relations between the employer and the employee(s), negative impact could occur as a result. Unhappy employees could destroy the pharmacy’s reputation and cause decline in productivity through various ways. The pharmacy’s most valuable clients could be lost in case of disgruntled employees’ unethical interaction with them through rudeness or provision of poor services (Kavaler & Alexender, 2014). Such employees would leak important information to potential competitors or tarnish the pharmacy’s image. Loss of profits and the pharmacy’s integrity could be lost as a result. Fire hazards are a likely tragedy in the pharmacy. Possible electrical faults leading to a disastrous fire could occur in the pharmaceutical drug storage area due to its proximity to the desktop computer. A minor scenario of fluid spillage or improper handling in drug transportation could cause spillage of the drugs in liquid form. Such spillage could cause a fire outburst leading to damage of property or combustion of the entire pharmacy. 5 impacts of logical threats Logical threats refer to damage to electronic devices for example computers without physical distortion. Logical threats entail attacks that are aimed at destroying the software component of the computers or rendering them useless (Fennelly, 2013). They are implemented through; injection of the computers with viruses, reconnaissance attacks, social engineering, compromise of machines, distributed denial of service and reconnaissance attacks. These threats pose a great challenge to business firms and are most common due to the remoteness of their implementation. They cause disruption in workflow and lead to great financial losses. Their impact on a business firm such as a pharmacy cannot be underestimated. When malicious software such as viruses are injected into a computer, they corrupt the computer system and replicate themselves (Amoroso, 2013). In turn, this could lead to wastage of computer memory due to bulk memory allocation of the malicious programs. Some viruses tend to completely damage the computer system and render them useless. They disrupt the operating system causing malfunctioning. Affected computers tend to be slow leading to loss of productivity. Funds allocated to repair the computers and purchase new ones to replace the damaged computers lead to reduced profits. Attacks such as denial-of-service corrupt networks, systems, or services with the intent to deny service to the intended users (Amoroso, 2013). The pharmacy’s online clients are not able to access the services due to disrupted network, this may lead to reduced customer turn out over time hence reduced profits. The attacks also lead to disruption of normal business services causing heavy losses in terms of profits. Loss of privacy is also a common feature related to the logical threats. Malicious hackers are applying trojan horses to host computers to trick the unsuspecting clients to enter login information in false scripts other than the pharmacy database. The customer privacy policy is infringed. The information gathered by the hackers may be used for malicious purposes, which violates ethical business codes. Damage to the pharmacy’s reputation is a likely impact in the case where unauthorized persons through remote hacking access private and confidential information relating to the pharmacy and the customer information details. Using methods such as reconnaissance attacks and phishing, vital information is exposed. This ruins the pharmacy’s reputation and its credibility is lost, as long as tough measures are not implemented to secure the pharmacy’s network system. Reconnaissance attacks are used to gain access to the host’s network system. In case the pharmacy’s network system is penetrated, the hacker may withdraw the available funds leading to a massive financial loss. Any business cannot thrive without money to fund it therefore it may lead to total closure of the pharmacy in case all the funds are stolen from the pharmacy’s online account by the hacker Security controls against physical threats. Theft of pharmacy’s assets can lead to the pharmacy closure in case it is not restricted. It can lead to huge financial losses or destroy the consumer confidence in the pharmacy. Theft can be controlled through use of video surveillance cameras that are strategically located in the pharmacy to capture movements in and out of the pharmacy. In order to enhance the efficiency of the video surveillance, application of intrusion alarm systems is necessary to ensure that any robbery trigger is detected and recorded. Highly sophisticated locks need to be placed on the doors especially the backdoor to ensure that security is tightened up to keep out unauthorized personnel. Biometric devices such as a fingerprint scanner and the eye scanner are important in ensuring security of a business firm; this is because the devices require unique identification of each member in the firm using biometric authentication (Bosworth & Kabay). Each fingerprint is unique thus only authorized staff members will be allowed to access the important pharmacy sections such as the caged area and pharmaceutical drug store area. Such security measures ensure that unauthorized members cannot gain access to the pharmacy. Frequent assessment of the employees is important in ensuring that the working environment suits each employee. Work relations between employees and the employer will be assessed to ensure that there is friendly communication between the two parties. It is implemented using questionnaires and interviews whereby the employees are asked a series of questions pertaining to the staff relationships. This ensures that disputes amongst the staff members are solved. Disgruntled employees are given a chance to give recommendations concerning how the working environment operates. Persistent disgruntled employees are laid off from work in case the disputes are not solved. The measures are important in ensuring that privacy in the pharmacy is adhered to and the business reputation is maintained. Unpredictable disasters such as fires need to be considered in ensuring that physical treats do not tamper with the operation of the pharmacy. Smoke detectors are very effective in detecting initial signs of a potential fire. To boost the reliability of the smoke detectors, sprinklers need to be implemented in the pharmacy to ensure that fire is extinguished at its initial stage. Tragedies such as fire cause great damage especially on highly flammable equipment such as cartons and some of the drugs contain flammable chemicals. Proper storage of the pharmaceutical drugs is important to ensure that spillage incidents do not result in massive tragedies such as fire. The distance between the pharmaceutical drug store area and the caged area should be large enough to reduce instances of electric faults causing fire tragedies. In addition to that, fire extinguishers should be strategically located in the pharmacy to help combat with fire incidences. Security controls against logical threats. Viruses and Trojans cause great harm to the computers. They interfere with the normal functioning of the computers and leak vital information to malicious hackers. The installation of software safeguards such as the antivirus is essential. The antivirus detects malware and other Trojans and eliminates them from the computer. The antivirus software also protects the computers from potential harm during online activities. Hackers gain access to a host network through reconnaissance attacks such as packet sniffing. An appropriate counter-measure can be implemented through encryption of data. Data transmitted over network from server to client or vice versa is highly sensitive and hackers take advantage of the network vulnerabilities to sniff packets from which they can gain vital information (Bosworth & Kabay). Encrypting data before transmission ensures safety since encrypted data is difficult to decrypt. Implementation of control access user is essential in ensuring that the respective users only access important customer details. It ensures that user rights are not tampered with in order to access sensitive information. The use of passwords for separate user accounts is also helpful to prevent non-users from gaining access rights. Staff members and clients are advised to use strong passwords that are hard to break through methods such as using md5 decryptors. Business websites play an important role in ensuring that the business is extensive and able to reach its clients around the globe without physical access. However, malicious hackers take advantage of website vulnerabilities to derive sensitive information such as the clients’ personal details. The pharmacy needs to use website vulnerabilities scanners such as Acunetix, NetSparkers to test the loopholes in the website and correct them to guard against website attacks such as Cross-site scripting (XSS) attacks, phishing, and man-in-the middle attacks (Fennelly, 2013). The pharmacy’s computers need to be reconfigured to guard against unauthorized access by securing output and altering access levels. Altering the access levels ensures that privilege escalation is not implemented through remote access. In return, the safety and confidentiality of the pharmacy’s private information is guaranteed. Risk strategies in addressing physical threats. Vandalism as a form of physical threat occurs due unauthorized personnel accessing the pharmacy. Risk avoidance strategy is the most suitable technique to combat such risks. Risk avoidance seeks to eliminate hazard activities that expose the business firm, that is pharmacy in our case, so as to protect the vital assets of the organization. Comparing all other strategies of risk management: risk mitigation, risk assignment, and risk acceptance, risk avoidance turns out to be the most efficient method to eradicate the threat. This is because vandalism causes extensive damage to the pharmacy’s assets; therefore, the best option is to get rid of the threat. In case of a fire hazard, the cost of reconstruction of a pharmacy, which includes purchase of new items to replace the damaged goods, is too high. The pharmacy administrators may not be able to raise the required amount needed to renovate the pharmacy due to a fire tragedy. The most appropriate technique to choose to handle such a threat should be the risk assignment method. Taking an insurance cover is a suitable option in managing unpredictable and costly threats such as fire hazard. Although disgruntled employees tend to disrupt normal pharmacy operations and reduce productivity, their competent skills are very important due to specialization of work. Laying off such employees would have a negative impact on the pharmacy development since new employees would take time to develop the required skills to serve efficiently. Applying risk mitigation is the most recommended method .Assessing the employees’ performance and integrity is an option to ensure that business ethics is maintained. Theft causes decline in any business organization. Robbery of items such as pharmaceutical drugs and computers may not only cause financial losses but also lead to lack of consumer confidence in the pharmacy due to security issues. Theft is an extreme issue that can only be dealt with through the risk avoidance strategy. By applying security measures against theft, the threat can be eliminated. Risk strategies in addressing logical threats. Hackers and unauthorized personnel may access the pharmacy’s database remotely. They end up manipulating the data or deleting it completely causes serious losses to the pharmacy. The pharmacy might incur great costs in recovering the lost data. Risk avoidance is the best option to ensure that high-level threats are curbed measures such as use of passwords and antivirus software to detect trojan horses are efficient in managing the risk (Kavaler & Alexander). Unless this strategy is used, alternative methods cannot offer efficient means in protecting the pharmacy’s from high-level risks. Viruses, worms, malware, and other forms of malicious software pose a great challenge in the safety of a business organization. Such risks could cause great harm to the pharmacy’s database and destroy important information. The threats leak confidential information to malicious hackers and programmers. Application of risk mitigation strategy to reduce such risks is important. The threats can be controlled through installation of antivirus programs to detect and eliminate them. Reconnaissance and denial of service attacks tamper with online communication between the pharmacy’s server and clients. These attacks may end up tarnishing the pharmacy’s brand, as online safety is vulnerable. An efficient strategy to counter attack such risks is implementing risk avoidance. This method seeks to eliminate the risks in order to hold the pharmacy’s reputation. Social engineering involves talking to an organization’s staff members with an aim of getting vital login information (Amoroso, 2013). It is not serious issue if proper methods such as maintaining discipline among the staff members are observed. Risk mitigation is an important strategy to reduce the risks. Measures to curb this threat would include supervising and recording electronic communication between staff members and outsiders. Privilege escalation is a common threat whereby unauthorized personnel penetrate to the administrative database and manipulate the commands to gain administrative rights. A high-level issue requires risk avoidance strategy to ensure that the security system is not bleached. It can be implemented using firewalls to ensure that malicious codes are not injected into the pharmacy’s database. References Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology Fennelly, L. J. (2013). Effective physical security. Bosworth, S., Kabay, M. E.,. (2011). Computer security handbook. Hoboken, N.J: John Wiley & Sons. Kavaler, F., Alexander, R. S., (2014). Risk management in healthcare institutions: Limiting liability and enhancing care. Burlington, MA: Jones & Bartlett Learning. Amoroso, E. G. (2013). Cyber attacks: Protecting national infrastructure. Waltham, MA: Butterworth-Heinemann/Elsevier Read More