W 1 Response 1 (MS)

From the given scenario we can clearly deduce that it is a case of outsider threat trying to get important information from the organization. These kind of threats relate to Cyber Espionage and Cyber Warfare. The person or group trying to reach the organization is definitely doing a structured breach by trying to know the office infrastructure information from different resources who work in the organization.

The employees must be given training on how to tackle phishing emails and scam calls. According to the Exploring susceptibility to phishing in the workplace article it shows a case study on different kinds of scenarios where employees fall victim to the phishing emails. There is no fool proof way to completely eradicate the risk of phishing, but the employees can be trained in a way to understand what kind of emails, calls they should expect in their line of duty. Anytime an outsider tries to contact the employee he/she should have a valid reason to talk. Either it was a scheduled meeting or the outsider is a trusted contact for the organization.  

If the organization handles data driven applications they should focus on securely building the application. Easiest way for people to get hands on the electronic data could be using SQL Injection. The organization must make sure to build their application to secure the data and do scans regularly to see if there are any breaches in their code.

The employees must be trained on not printing sensitive information related to the organization unless necessary. All the documents that go into trash should be shredded completely. In most of the government organization they always try to shed the trash before it is collected by the garbage trucks. As the access to technology is increasing lot of organization are removing access to print documents to avoid risking privacy breach.

References:

Williams, E. J., Hinds, J., & Joinson, A. N. (2018). Exploring susceptibility to phishing in the workplace. In International Journal of Human-Computer Studies (December 2018 ed., Vol. 120, pp. 1-13). doi:https://doi.org/10.1016/j.ijhcs.2018.06.004 

Thomas, J. E. (2018). Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. International Journal of Business Management, 12(3). 1-23. doi:10.5539/ijbm.v13n6p1