As an employee, you are often required to sign confidentiality agreements when b

Question

As an employee, you are often required to sign confidentiality agreements when beginning work at a new company. You may also be required to sign a contract in which you waive the rights to any systems or products created while working for a company. When you log in to the company’s systems, you may see notices that remind you that the information on the system is proprietary and the legal policies related to the release or dissemination of that information.

For this Assignment, conduct Internet research on a company that has experienced a breach of security of its customers’ information. Then, suppose you are working for a company and have access to confidential information as well as the company’s intellectual property.

Submit by Day 7 a 1,000- to 1,200-word paper addressing the following:

Describe the security breach of customer’s information at the company you researched. Explain how the lessons learned may apply to other companies, both large and small. Put special emphasis on how such a security breach can affect small companies, such as a carwash. In your explanation, be sure to recommend preventive measures that can be taken to avoid such breaches. Justify your recommendations.

Explain the steps/measures you can take to fulfill your role and responsibilities to protect the confidential information of your company. How are these steps/measures unique to IT employees?

Explanation / Answer

Security breach at "Home Depot":

"Home Depot" fell victim to cyberthieves who stole up to 60 million card numbers. The attacks have been going on for five months before they were discovered. In September, the company said that anyone who used a credit card to shop in the U.S. or Canada over a six month period earlier this year could have been a victim.

Cyber criminals stolen the names of customers, credit card numbers, expiration dates using custom-built malware. Stores in Mexico, online shoppers to both HomeDepot.com and HomeDepot.ca, and customers who paid in store by check were not affected by the malware. Personal identification numbers were also not found to have been compromised.

The malware was eventually removed ten days later and it appeared to be unlike any other used in previous attacks, found in the investigation.

How Home Depot can address the breach:

Home Depot is offering free identity protection, including credit monitoring for one year to all customers who may have been affected. Customers aren't held responsible for any fraudulent charges, and the company advises any customer who believes they have been subject to a fraudulent charge to contact their fraud resolution services.

Home Depot says it has also enhanced its payment encryption for US stores via a new security encryption.

Lessons learnt from Home Depot attack:

Home Depot hack is quickly discovered just after five months and just hours after the compromised credit card information was given for sale online. While Target's breach was discovered after just a few weeks, by encryption bug operated which is undetected for more than two years.

Home Depot's cyber-attack continued undetected for more than five months it is actually a bad remark for the company because the ocmpany itself didnt discover the attack but was alerted by third parties.

how security breach affect carwash company:

Consider the scenario of "splash car wash" is warning their customers to check their bank accounts after a security breach compromised the credit card information of up to 30,000 customers, according to company executives. According to Ceo, Splash immediately removed the malware and began using bank-issued card readers. At least 1,400 customers have had their information compromised, but it is expected to grow and could reach up to 30,000. The information was stolen in a fraction of a second after customers swiped their credit cards and before Splash’s system could encrypt the data. The company has sent email alerts to 120,000 customers and urges patrons to check their credit card statements and activity. The Secret Service is investigating along with several credit card companies.

Measures to avoid breaches:

Keep Only Required Information: Minimize the places you store personal data.
Secure Data: Restrict access tothe physical records by employees who need to retrieve private data. Conduct employee background checks and never give access to temporary employees or vendors.
Destroy The Data Before Disposal: Destroy the contents present in CDs, DVDs and other media. Deleting files or reformatting hard drives does not erase data. Instead, use software designed to permanently wipe the drive, or physically destroy it.
Encrypt Data Transmission: Encryption for all data transmissions. Avoid using Wi-Fi networks because they may permit interception of data.

How steps and measures unique to IT employees:

Employee Training: Establish a written policy about privacy and data security and communicate it to all employees. Educate them about what information is sensitive and their responsibilities to protect that data.
Controlling Use of Computers: Restrict employee use of computers to business. Don't permit use of file sharing peer-to-peer websites. Block access to inappropriate websites and prohibit use of unapproved software.
Computer Security:Train employees to never leave laptops unattended and also implement password protection and require re-logon after a period of inactivity.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.