RE: IT SECURITY ISSUES AND RISKS AT ROSEHILL FURNITURE
In today’s increasingly digital world, the demand for information security as well as safety continue to take up numerous resources at organizations that employ widespread use of information technology. Despite these security issues and risks, information technology still remains an important tool for any organization, more so in terms of gaining a competitive advantage. Rosehill Furniture is one such organization that has through its use of information and technology managed to eliminate the distribution channels and link directly to its end consumers, giving it a massive competitive advantage. However, this increased utilization of information technology also provides a number of potential security risks and issues. For instance, the company could experience Denial of Service attacks, attacks by hackers or cybervandals, infiltration of malicious software programs, such as viruses, worms,spyware, Trojan horses or key loggers, considering the constant need to use the internet for marketing. Further, due to the rising employee numbers and increasing need for ecommerce, other internal threats from employees and software vulnerabilities may also become areas of concern.
These security issues and risks mentioned, pose a significant threat to the organization, as well as to its customers and suppliers. This therefore creates a situation whereby the safety of customer organization or even supplier information may be compromised, bringing about losses and at times serious legal liability, which may threaten the business’ return on investment. Malwares such as the ones mentioned above, usually not only disrupt the operations of computers, but they also provide a gateway through which other entities can gain access to sensitive company information, compromising company operations. Denial of service attacks usually entail flooding company servers and crashing the system, and considering the company’s reliance on ecommerce for its direct sales to customers, such an occurrence would cripple company operations. At times, such intrusions may even result in the introduction of malicious coding into the company’s system resulting in misinformation in other cases. In some worst case scenarios, hackers may even take advantage of our lax security measures to hijack company systems to carry out criminal activities.
In order to secure against the possibility of attacks and intrusions, or cases of data loss, investing in a number of security measures, I believe, would prove to be of good value. In addition, it would also be necessary to establish a back-up plan in order to ensure that operations are still able to run smoothly in case the systems are unavailable. The first step towards securing the systems would be to establish software controls that would limit access as well as monitor for any unauthorized access to the systems, limiting access to only the 15 IT staff as well as upper management. These procedures and policies that will drive the aspect of access control, when coupled with the need for authentication, would ensure that only authorized personnel have access to the company’s critical systems and information. Further, the establishment of a corporate firewall, will ensure proper control of incoming as well as outgoing traffic within the network. This would safeguard against the possibility of Denial of service attacks, hackers and malware attacks among other security threats. Further, measures such as packet filtering, and stateful inspection, in addition to securing the physical infrastructure, may also go a long way towards ensuring greater information security and eliminating some if not all of the security risks currently present. Even though some of these measures may prove a bit costly, the return on investment is definitely worth the trouble.