risks are typical low in nature they should be taken into consideration not

Risks are typical low in nature they should be taken

This preview shows page 8 - 11 out of 13 pages.

risks are typical low in nature, they should be taken into consideration, not only for the protection of the employee, but as well as the protection of the organization. I would suggest theorganization revisit this policy and discontinue allowing personal use of company owned 8 | P a g e
KWM1-Task 3: AEnergy Company Security Policy Updatesproperty. Most all individuals now have personal smartphone/devices that are internet enabled where they are capable of performing the same actions. If the company wants to provide a service to their employees, they may consider installing a guest Wi-Fi network that employees can use their personal devices on. Discontinue use of Flash DriveIt is widely known that flash drives can be very dangerous if misused to an organization. They can allow individuals to save data in an unsecure or unencrypted manner that can be accessed offa secure network. In addition to removing sensitive data from a network, flash drives can also beused to introduce malicious threats into a secure network. A company policy should be developed that bans the use of flash drives. To mitigate the ability to transfer information between one workstation to another, the organization should adopt the use of shared drives and/or SharePoint sites. These sites are securely protected within the companies network, and can be accessed only while on the companies secure network. Phishing ScamsAs previously mentioned phishing emails are very hard to catch. It can often come from what looks like an email address within the organization or a trusted vendor. However, these emails typically contain a letter out of place or misspelled words. Companies often fall victim because an employee was busy and just did not catch the minor error. My suggestion is for the AEnergy Company to purchase email software that stamps all emails coming from outside the organization as EXTERNAL and blocks any external links the email may contain. This will immediately draw the reader’s attentions, thus making them stop and pay careful attention knowing it may be coming from an untrusted source. If the email is deemed trusted by the reader, he/she can mark the email as safe and access any link it may contain. If the email is not 9 | P a g e
KWM1-Task 3: AEnergy Company Security Policy Updatessafe in nature, the reader can click an option that marks it as potential phishing, and automatically reports the incident to the information security department for review. Loss/Theft of Corporate DevicesThe AEnergy Company has many security policies in place to help mitigate and reduce the risk of theft of company owned laptops. However, in light of recent events additional precautions are warranted. Two initiatives the organization should implement is the use of computer security cables, as well as software to disable the PC after multiple incorrect password attempts. Securitycables prevent the removal of a laptop without user consent. The device is tethered to a stable

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture