Mr. Duncan Alexander
Security Issues in the Company
Rosehill Furniture is a good company with IT systems in place. However, there are several security threats that the organization is facing. I would like, through this memo, to bring to your attention some of the security risks in IT section that the company faces. I will also propose solutions or measures that the company should put in place in order to overcome the challenges. Having a web site means that the company data is exposed to many threats online. The attackers may also be from within the company itself. It is important for the company to be aware of these threats, since, they will cost the company greatly in the event that they occur. Having a risk management plan will not only reduce uncertainty to the company but will give us the chance to handle the situation with minimal time. This will be possible since a proper plan on how to handle each case will be in place. Computer threats need to be looked so that the data integrity and safety is still intact. Computer and cyber security should be taken into consideration when designing computer systems.
Availability of services to online clients, authenticity and confidentiality of the services offered by our company is a key point in our success. Being online our data center is therefore under target by competitors and other individuals with malicious indentions. Many companies have been damaged and brought to standstill by attackers who access their companies through the internet. Therefore IT security is very important.
The following are some of the IT security issues that the company faces;
a. Non-existent Security Architecture- there is no secured architecture for the organization access to the internet it is a direct connection using out-of-the-box network appliance with no protection layer.
The mitigation- security architecture needs to be designed by the IT team or hire experts to carry it out. The team are required to assess the situation of security issues in the company and come up with ways in which they can be improved.
b. Un-patched client side software and applications- software being used by the organization are old versions which may have loopholes that can be exploited by the malicious actors.
Mitigation- update all application software and let the IT teams identify loopholes in the new software. Implement a comprehensive patch management program. There is a need to have patches that will protect software applications from any form of attacks that will be directed.
c. Phishing and targeted attacks- emails containing malicious codes can be send to employees within the company. Such mails once opened compromised the security of the computer systems.
Mitigation- professional level enterprise security e-mail software should be put in place.
d. Mobile devices- employees in the company have laptops and smartphones which they use to access information or data center of the company. If they are used away from the company security measures can be compromised. The devices can also be stolen hence compromising integrity of data.
Mitigation- data store on all mobile devices should be encrypted in case of losing such devices data will still is secure.