Response to discussion

As stated above about the strange situation happening in the company, it is evident that there is some external source trying to get hold of the company’s data or the sensitive information. Receiving calls from anonymous or unidentified caller indicates that some personal information of the receiver who is employee of the company was caught up by the external hackers. Emails requesting for personal information is definitely a sign of phishing. Requesting on information searching for the trash dumpsters for recycling sounds strange and question might arise what if real a recycling agency has the details of the employees irrespective of the department they are related might explain that the contact information of the company has been stolen or hackers might made it available public. Looking upon the above events happening we can have certain recommendations on how to secure the company information and prevent it before anything that might cause a data loss.

Recommendations:

· Every employee when onboard into the company has to undergo a training session on security and policies and the company should make it mandatory. With these sessions Employees will be aware of Email phishing and other situations where there is a possibility of hacking or disclosing their personal details.

· Email phishing is a very common phenomenon many hackers try to do. Employees should read the email carefully and the domain of the sender whether it belongs to the company or not. If there are any mails that are requesting personal details contact the IT security and confirm whether trusted source or not. If any employee finds an email suspicious report them to the concerned security department.

· There might be malware installed in the computer when the employees try to download software from internet. To overcome this situation the company should have a secured online portal to have access the employees so that they can download the software needed. Downloading content should be from a trusted source if not it should be blocked by the IT security.

· Make sure that the computer is protected with anti-virus and is up to date. Update the security updates when it prompts to in order to avoid risks. Enable Firewall always and see it stays active.

· Passwords should be changed on frequent basis and connecting to sensitive data should require a two factor authentication to identify the physical access. Use of hard tokens, soft tokens and biometric identifications will help in securing the system.

· User should have limited access to the programs of data which he/she is confined to; granting access to all might also have a risk of internal hacking.

· Do not use Company Email address for signing up for the websites as they can have a pathway to get personal information. So that they may call and get the required information they need making to fall into trap.

Conclusion:

Prevention is better than cure. So Employees need to be cautious before attempting to do any work with the data or security systems as once lost we can recover but doesn’t mean it is still the same as before.

Zamora, W. (2016, March 28). 10 ways to protect against hackers. Retrieved October 25, 2017, from https://blog.malwarebytes.com/101/2015/10/10-ways-to-protect-against-hackers/