Web Security Issues at Riordan

Web Security Issues at Riordan

Riordan has invested a large amount of money in their computer systems and their network. The data stored on these systems is an asset to the company. When connected to the Internet, you are exposed to many risks that can result in a loss of data, a corruption of the system or its programs, or breaches of access, all of which could be very costly to Riordan. It is imperative that Riordan address the potential threats arising from the Internet and its use. Most internet based risks can be mitigated by a well-developed awareness plan which educates the staff of the risks and how they can be prevented.

Internet Access

Internet access from each of Riordan's plants should be via a company firewall. A firewall is used to block unauthorized access into the company intranet system. It is configured to permit or deny access, encrypt data when needed, and can also be set up to use proxy settings which hides the network addresses on any messages that enter or leave the network. The firewall monitors all traffic in and out of the network. A firewall should be implemented at Riordan for this protection and no employee should be permitted to access the internet by bypassing the firewall. If a router is used at each plant, it can also act as a firewall.

Employees at Riordan who use the internet should be authorized by the company to do so. The computers used by each employee to access the internet should be running the latest approved antivirus software. This software can intercept messages being sent to and from the organization via the internet and scan them for incoming viruses or worms. When employees leave their workstations for the day or for an extended period of time, they should log off of the internet. Each individual program or file that is downloaded and installed from the internet should be scanned for viruses. Third party files should be reviewed by Information Security Personnel to ensure that they contain nothing that can cause harm to the Riordan computer systems.

Internet Email

An Acceptable Use Policy should be implemented at Riordan explaining what is permitted through the company email system. It will describe what the company email system is intended to do and detail what is prohibited. It will address how the company email system is not allowed for personal use; how employees should not open emails from unfamiliar recipients and how employees should not forward email chain letters. Both of these things can expose the company computer systems to incoming viruses and further spread them throughout the organization. In addition, email attachments should not be opened unless the recipient is known because it may contain viruses. Caution should be used when messages are sent via email contains sensitive or company data; the message may be read