There are a lot of issues that can be depicted from this description. There is minimal if not none of security policies that have been implemented in this company. There are a lot of loopholes that intruders can use to get into the system. With the popularity of the Internet which has become one of the popular medium of communication, the case study has a lot in the offing that needs urgent attention by the IT department.
There two categories of precautions and steps that need to be implemented in the company so that the issues of security is taken into consideration. These two are the technical issues that need to be taken into consideration and the people-issues. The technical issues can further be subdivided into two which will comprise of the physical issues and the logical issues in the company. The physical issues include the physical precautions that should be done or bought like buying intelligent routers and building a protection in the company premises. The protection will eradicate the outside world from getting into the premises of the company. The logical issues include things like installing and implementing firewall in the network.
One of the risks that the company stands falling in is that the intruders can get into the system without much struggle. This is because there is no firewall which has been installed in place. The firewall is a logical setup where the network will filter connections that are being made to the network. Only authenticated connections are allowed to the network (Charles, & Shari, 2001). This is a very important precaution which should be implemented soon. The firewall will also help the company to monitor their employees; there are some sites like Facebook which rob the company of work time because many of the employees using the company time. The use of the firewall helps in regulating the use of such sites. Another risk is that of losing the integrity of data. This is because the professionals, whom CSP Company deals with, like the lawyers and the medics have no data privacy. Each Dick, Tom and Mary can access the information and thus the data they deal with loses their integrity.
Another risk is that the data is not well guarded and monitored in the network. If there is a problem that will arise in the network, it will be difficult to diagnose the problem. This is because there is the use of one switch which does the connection to all the nodes in the network. If there is an infection in one of the computers, it will be easy to transmit the viruses to the rest of the network. Company information which is confidential is not guaranteed of their safety. There is some information which should remain with the management alone. With the use of one switch, gaining access to this information will not cost any much effort even for the most amateurish computer user (Charles, & Shari, 2001). Hacking into networks is a reality now than ever before. Having a company with this setup is a ticket for inviting trouble to the company sooner than expected.
There are no clear policies which have been set in place for the usurers to follow. These rules should be imparted to all the employees and will involve the implementation of passwords that should conform to the national or even international standards. The passwords should not be shared with anyone. All employees to the company should be educated to get the importance of authentication in the network. The presence of instances where the employees do not log out of their machines is not good because someone can use somebody else accounted to cause malice and harm to the network. All the users should have a profile in the system of the company so that they can be tracked in the system to look for those engaging in suspicious activities on the network.
Things to do immediately
There should be a firewall in the network that will be used to filter the connection and for administrative configuration purposes. The use of the firewall will make it easy to keep suspicious programs at bay (Charles, & Shari, 2001). . The company should also invest in utility programs like the anti-virus software. They help to detect and heal computer viruses which could have spread in the network.
There should be the buying of many switches so that the network can be segmented. Segmentation of the network has many advantages because there will be autonomy in the network. The section which has administrative purposes can be giving a different subnet from the rest of the network. There should be the use of routers also so that the flow of traffic is intelligent. Traffic should be monitored and should not be allowed to flow anyhow.
Another issue which is equally important is the setting up of security policy within CSP where the users are supposed to be having their own passwords that will be used to authenticate their identity. These employees should log out from the system after they are through with what they were doing. This should be made a rule in the system.
Long term improvements
There should be a remote data center that will be used to store the data in the company. This swill help safeguard the information from the professionals. Remote data backup is becoming the best way of cushioning oneself from unforeseen disasters which can wreck havoc to the company and bring a lot of legal complications.
There should be the use of bidet in the authentication process of the company. This is the use of biological data in the logging in to the e system (Charles, & Shari, 2001). If the current popularity of the Internet is anything to go by, then the company has to invest in the use bio-data to get the authentication process work for most of the people.
The company should also develop a private tunnel where the company network is on its own and is separated from the public domain. This will help eradicate mixture of the public traffic and the private data.
Charles, P. & Shari, L. P. (2001). Security in computing. Prentice Hall