Threat assessment is crucial for any business intending to avoid the existence of vulnerabilities that cause financial losses and destruction of assets. Evaluation of human actions or natural events facilitates proper planning and implementation of a business entity’s strategic goals. Distinction between threats and adversaries helps businesses to concentrate on mitigating conditions that may cause harm to organizational resources. In this regard, decision makers can identify the likelihood of an attack, its nature, tactics and scope of damage, and adopt tools and policies that will ensure resource allocation to the sustenance of safety and security. A threat assessment of Shakers Investment, a medium sized-business entity that offers money transfer services locally, highlights security vulnerabilities that pose threats to the business’s welfare.
Shakers Investment has integrated a wide variety of information systems and network applications aimed at improving customer satisfaction. The company uses laptops and mobile devices to ensure effective communication with clients and swift execution of money transfer requests. Overemphasis on a customer-oriented business approach has caused Shakers Investment to bypass procedures relating to system administration so that employees can access information on transactions quickly. Rather than designating administration privileges to a few individuals responsible for managing transaction data and requiring other employees to seek authorization before accessing sensitive information, the company provides employees with system passwords so that customers do not have to wait through the lengthy process of authorization. The need for passwords that employees can easily remember increases the chances of attackers, using sophisticated password dictionaries, to break into the company’ systems (Kim & Solomon, 2012).
Shakers allow employees to carry home company laptops and mobile devices so that employees can write work reports after working hours. This approach introduces a wide variety of threats on information security since allowing employees to carry home devices that contain company documents and information exposes the company to threats associated with the physical theft of laptops and mobile devices. Apart from physical theft, these devices promote security risks associated with unprotected endpoints. The number of people likely to access a company laptop or mobile device significantly increases away from the work environment. Intentional or accidental leaking of data and introduction of malware into the company’s network provides opportunities for individuals with malicious intents to exploit company assets and resources (Hearnden & Moore, 1999). Laptops and mobile devices increase the likelihood of employees to use unsecure wireless networks, which increases intrusion, and eventual compromising of the company’s sensitive information. Shakers decision to overlook the importance of restricting access to confidential information introduces challenges concerning the protection of customers’ details. Availability of open network points may provide essay access to the company’s network and launch of attacks such as spoofing. The failure to designate responsibilities regarding the protection of sensitive information allows disgruntled employees to sabotage the company’s operations with a minimal probability of identification.
The security threat posed by the use of information systems and tools in the business operations of Shakers Investment requires adoption of policies that ensure sensitive information within the company does not leak out. In the regard, the company should adopt system administration procedures that ensure access to confidential information undergoes an authorization process (Vellani, 2007). The company should ensure appropriate security awareness among employees especially those who take home company laptops and mobile devices so that practices such as access to unsecure networks and endpoints do not expose the company to various threats. Shakes Investment should adopt strategies to backup confidential data so that the company does not suffer huge losses in case of attacks that corrupt databases. When customers realize that their information is no longer confidential with a particular company they will seek the services of accompany that serves them without compromising their details.