Security Awareness Brochure

Security Awareness Brochure
Enterprise cyber security involves a business-focused approach that plays a key role in protecting customer and business data and has become a core business strategy. Protecting the business involves to a larger extent maintaining customer trust, by protecting services, technology, and policies in commercial organizations against electronic attacks that could disrupt business and lead to loss of data (CGI Global, 2016).
Cyber Security and Enterprise Cyber Security. The relationship between cybersecurity and enterprise cybersecurity is purely a diversification of cybersecurity to handle business or commercial-based systems that use data as their currency or commodity and keep it safe, even when it can be accessed via online platforms linked to the business systems (CTI, 2018).
Cyber Threats: Cybersecurity is based on the fundamental concept of an attack in respect to confidentiality, integrity, and availability (CIA) of Data or Systems (Jatin, 2018).
Vulnerabilities: The most common vulnerabilities range from: injection vulnerabilities, buffer overflows, sensitive data exposure, broken authentication, and security misconfiguration (Infosec Institute, n.d.: Lloyds Bank, 2016).
Perpetrators of Attacks: These involve, Organized Criminal Groups (hackers) who have financial motivations to profit from these criminal acts; Hacktivists – political groups interested in sending a political message; and State-Sponsored Groups – these are government-funded attackers who are focused on intellectual property or confidential State information.

Management of Cyber Threats
Education and Awareness of Users: Published policies and procedures in respect to secure and acceptable use of data and information systems of the bank. Create a continuous training programme in order to update users on awareness of cyber threats.
Monitoring: Policies to support monitoring strategies regularly on all IT systems and networks to help evaluate unusual activities that might be incidents of attacks (FDIC, 2016).
Protection Against Malware: Policies on anti-malware defenses applicable to the bank, with ability to scan malwares across all organizational systems.
Management of User Privileges: Installation of account management whereby there will be access control with specific rights and privileges, as well as ability to carry out audits and trails on activities by every user of the systems.
Social Media Policy: Implement policy that educates employees to be careful on job-related information they post online, that could lead to them being targeted through phishing attacks.
Secure Configuration: Creation of a system that defines baseline build for all IT devises. Patches should be applied frequently and maintain secure configuration of IT systems.
Policy on Removable/Mobile Media: A policy controlling use and access to removable media like USB Flash Disks. Policy against use of such devices on organization’s systems, because they could be avenues for bringing in malwares that can infect the systems.
Installation of Anti-Virus Software: Anti-virus systems will be installed in the bank’s systems to prevent, detect, and remove any malicious programs.
Firewalls: Firewalls system need to be installed between the bank’s computers and external networks to prevent any unauthorized access.
Great Care on where one connects to the Internet from: Private Internet access are safer than Public Internet like Internet Cafes or Wifi. Critical for staff not to connect to the bank’s systems via Wireless networks, since most of these areas do not have up-to-date security software and are vulnerable to malware attacks.
Banking by Computer or Device: Extra precaution for logging into financial accounts. This is achieved through use of strong passwords with multiple combination of characters; don’t use same password on different accounts; use separate computer for online banking; log out of account after completion of transactions.
Periodical Checks on Bank accounts for Fraud Detection: Includes deposits, withdrawals, and balances. Frequent checks helps to detect errors and resolve them early enough.
Pre-planned Data Security Policy: List security measures and data security policies, and this helps in critical situations and facilitate quick response to incidents and/or breaches. At the same time, there should be a sense of ownership and responsibilities for everyone who is part of the security plan, including the bank’s employees (GlobalSign, 2017).
Keep Regular Software up to date and Data Backup: Frequent checks and updates of software helps prevent vulnerabilities or security weaknesses, as well as backing up data regularly.
Creation of Security Culture: Emphasize on a culture of security consciousness, whereby staff advised not to share their login information at whatever cost, even with fellow staff; vigilance on use of passwords; and avoid writing passwords together their login details anywhere (Raucher, 2014).
Constant Security Testing and Consulting Experts: Security Threats continue to evolve at a higher rate. Therefore, the bank should subject its networks and systems to constant security tests to detect newer and more superior attacks. At the same time, it is critical to continue consulting security experts regularly to get more advice on more advanced techniques of protection (Gerber, 2016).
Reference
CGI Global (2016). Cyber Security: Securely Enabling Transformation and Change. Retrieved https://www.cgi.com/sites/default/files/brochures/cybersecurity_brochure_global_lowres.pdf
CTI (2018). Enterprise Cybersecurity. Retrieved https://consoltech.com/blog/enterprise-cybersecurity/
FDIC (2016). A Bank Customer’s Guide to Cyber Security.
Gerber, S. (2016). 13 Ways Companies Should Improve their Data Security in the age of IoT. Retrieved https://thenextweb.com/entrepreneur/2016/08/23/13-ways-companies-improve-data-security-age-iot/
GlobalSign (2017). 5 Ways to Enhance Data Security. Retrieved https://www.globalsign.com/en/blog/5-ways-to-enhance-data-security/
Infosec Institute (n.d.). The Top Five Cyber Security Vulnerabilities. Retrieved https://resources.infosecinstitute.com/the-top-five-cyber-security-vulnerabilities-in-terms-of-potential-for-catastrophic-damage/#gref
Jatin, J. (2018). What Are the Basic Concepts of Cyber Security? Retrieved https://www.quora.com/What-are-the-basic-concepts-of-cyber-security
Lloyds Bank (2016). Commercial Banking: Cyber Security Guidance – Helping you protect your business.
Raucher, D. (2014). 4 Steps to Improve Network Security. Retrieved https://www.inc.com/bruce-condit/4-steps-to-improve-network-security.html