With the ever increasing cases of hackers, spoofs, sniffers or even Phreakers constantly gaining unauthorized access to private accounts, databases and systems, the need for beefed up security for individuals or organizations is eminently pressing, now more than ever before. A recent report by BBC News (2010) documents of a 25 year-old Frenchman hacking into US president Barack Obama’s Twitter account and doing the same into several other accounts owned by celebrities.
So if the most senior person on earth can get his account hacked, then how much more can we be vulnerable? The nature of our uniquely specialized programs makes us a target for many competitors and consequently; it is mandatorily imperative that a comprehensive risk assessment of our security is done to patch any loopholes that might end up costing us dearly.
Stoneburner, Goguen and Feringa (2002) define risk as “A function of the likelihood of a given threat-source’s exercising a particular potential vulnerability and the resulting impact of that adverse event on the organization.” According to them, “the likelihood of a threat can only be determined by assessing potential vulnerabilities against the system that is in place.” If insufficiencies are revealed, positive recommendations are made so as to avoid casualties thereof. After doing all that, it is advisable to conduct a pilot test to ascertain if the security breaches have been noted and solved. From here onwards, full implementation can be done depending on the organizational budgets, man-power and priorities. As a general rule, the riskier the threat, the faster it should be solved.
The world of technology is a highly dynamic arena that requires everyone to stay on toes; and we here are no different. In United States, there are a handful of federal laws that are in place to protect organizations in-terms of their privacy. However, this has not been able to utterly curb unauthorized access of databases or private accounts (Nehf, 2007). If this worrying trend is to stop, it is elementary that each one of us takes a personal initiative of ensuring security. As an organization, we may have the most secure security system. But if the workers here do not take precautions when handling secure and private information about the company, the security system may just be as good as nothing.
It is also fundamental that old worn-out systems and security gadgets are replaced with new ones. This applies to both computer-based programs like firewalls, hardware, software and antivirus as well as physical components like padlocks. By doing this, the company avoids the risks of being easily permeated. However, do not change to a new security measure just because it is new, there are countless times that old systems have proved more secure than the current ones. Choice should therefore be ultimately guided by professional ethics and going for the safest and most secure system (US Department of Commerce, 2001, p. 2).
According to Grippo and Siegel (2001), once a computer is connected to a network used by many people, the risk of subterfuge increases and its security can be easily compromised. In solving this problem, Grippo and Siegel recommend that the individual/organization should use several security layers (both physical and internet-based) i.e. “The more layers, the greater the degree of security.” An ideal multi-layered networking security system, therefore, is one that offers confidentiality, integrity, authenticity, accountability and authority to its legitimate users (Grippo & Siegel, 2001).
By following the aforementioned five precepts by Grippo and Siegel, it becomes relatively easy for an organization to pinpoint security breaches. This is because everyone has a unique responsibility and thus being answerable to what is placed under his/her jurisdiction. In addition to the above, it is equally important that security systems are periodically reviewed by professionals. Without periodical check-ups and reviews, a window of opportunity is opened for infiltration by unauthorized users. As an example, it is greatly detestable for an organization to use the same password over and over again. By doing this, an employee who might have fallen out with the organization can use that information and cause great havoc. This is in fact, the reason why institutions like banks constantly change or review their systems.
The US Department of Commerce (2001, p.9) supports the issue of security review by saying that “For general support systems, reviews should ensure that management, operational, and technical controls are functioning effectively.” It continues by saying that “Security controls may be reviewed by an independent audit or a self-review.” Finally, it recommends that the rigorousness of this practice should be regulated depending on the nature of the organization being dealt with or the department in question.
For those who significantly use the internet, caution should be observed since accessing a file that contains viruses may destroy an entire network or even make the system vulnerable to unauthorized access. Once a system or network is permeable to access by unauthorized users, confidential information may get leaked to the outside world and thus creating cavity for a vista of endless hazardous possibilities.
As an important note, the advancements in the software world have made it quite easy for online users to privatize their use of the internet and thus making them more secure. This helps in protecting them against hackers who prey on unsecure internet users. Such programs include PrivadaProxy, Anonymizer, and Zero-knowledge’s freedom. The use of such programs really boosts the immunity of an organization against illegal users and curbs the in-traffic of unwanted programs that may compromise the security and efficiency of a system (Buchholz and Rosenthal, 2002).
With regards to physical security, a stringent protocol should be observed by everyone gaining access to this organization. Any malicious behavior by anyone that might compromise the safety of the organization should be reported immediately. Security officers, on the other hand, should ensure that they ardently perform their job. Any small spell of laxity can prove very detrimental to this organization and therefore should be avoided at all costs.
In conclusion, it is vital to note that the primary reason for great concern in security is to protect me and you as well as this organization. It is therefore paramount that all of us work collectively so as to ensure our safety and security of the organization which in effect would facilitate the smooth running of things. Grippo and Siegel (2001) note that no organization can ever be 100% secure, but every organization can always strive to ensure tight and rigid security. This does not necessarily connote spending millions of dollars in the name of security; you can as well spend moderately and have a secure system. Just do not forget that for us to get ultimate freedom; there must always be a price that we have to pay!
References
- BBC News. (March 24, 2010). Obama Twitter account ‘hacked by Frenchman.’ Retrieved May 3rd, 2010, from http://news.bbc.co.uk/2/hi/8586269.stm
- Buchholz, R. A., Rosenthal, S.B. (2002). Internet Privacy: Individual Rights and the Common
- Good. SAM Advanced Management Journal. 67(1), 34+. (Questia library)
- Grippo, F., & Siegel, J. S. (October, 2001). Security issues on the internet. The CPA Journal. 71(10). 64+. (Questia library)
- Nehf, J. P. (2007). Shopping for privacy on the internet. Journal of Consumer Affair. 41(2). 351+. (Questia library)