Table of Contents
Data security has always been an area of concern since the advent of computers and internet technologies. Information and data, which is stored in computer systems, is the bloodline of any organization, thus, implementation of proper measures becomes the need of today to ensure its safety and protection from several threats. As the CISO of the company, I would implement the following security measures not only to make my own machine safe but also all other machines across the company.
Use of Dedicated Firewall
The first step I would do would be to make use of a dedicated firewall to prevent unauthorized access to my computer system. I would use a hardware-based firewall because it facilitates users in flexibility and customization. Sonicwall, Cisco, or Fortinet would be my ideal preferences.
Next, I would use some quality antivirus program for my own machine as well as for my company’s other machines to protect from harmful elements. I would not simply rely on an antivirus that blocks viruses, but on the program that should provide other functions like anti-malware, spam blocker, and anti-spyware. Some examples include BitDefender, McAfee, and Semantic Norton Antivirus programs.
Secure Web Browser
As cyber attacks may come from web browsers, I would enhance the security levels of my web browser and would also enhance the security of all other machines at my company to protect from intrusions. Use of Firefox would be recommended option because of its dedicated security features.
Strong Passwords for Logins
As Choi et al. (2008) state, “unauthorized access to company wireless and wired networks can come from a number of different methods and intents” (78). Hackers usually steal the passwords to gain unauthorized access to computer. Therefore, I would use a mix of characters, numbers, and alphabets to set up strong passwords and would make all users of my company’s systems to change and create strong passwords.
No Unauthorized Emails
I would not check any unauthorized email from the computer system of my company and from the email inbox of my company’s email and would strictly advise my employees to delete every unauthorized email from the inbox without opening it. I would be doing this to protect from spoofing, phishing, keylogger, and brute force attacks.
Improved Wireless Security
Wireless network technology is naturally less secure than wired networks. “Many organizations are currently deploying wireless networks typically to use IEEE 802.11b protocols, but technology used is not secure and still highly susceptible to active attacks and passive intrusions” (Bhatnagar & Birla, 2015, p. 27). To protect my system and the other systems of my company, I would implement the use of latest and most reliable decryption/encryption techniques like hashing, Advanced Encryption Standard, Triple Data Encryption Standard, and Twofish.
Similarly, another thing I would do and would recommend for other systems at my company would be to regularly backup all of my system’s data to be able to retrieve it in case of any mishap to my system. Data is very important for any organization, thus, I would not let my data permanently lost in case of any disaster.
No Unauthorized Software Download
Moreover, I would not allow any of my employees to download any software in their company’s computer systems without the permission of the information technology security manager. The reason is that hackers can program the virus in software applications and when a user downloads such applications, the system is exposed to the virus originating from the downloaded applications.
- Bhatnagar, R., Birla, V. (2015). Wi-Fi Security: A Literature Review of Security in Wireless Network. IMPACT: International Journal of Research in Engineering & Technology, 3(5), 23-30.
- Choi, M., Robles, R., Hong, C., & Kim, T. (2008). Wireless Network Security: Vulnerabilities, Threats and Countermeasures. International Journal of Multimedia and Ubiquitous Engineering, 3(3), 77-86.