Introduction
As a Cyber Security Consultant for IT Assurance Services, I have been assigned to Global Financial Advisers, a small-sized company with five full-time remote employees operating from home. My primary goal in this contingency plan is to evaluate the risks and threats to the organization’s cybersecurity, identify its weaknesses, and propose solutions. As the company serves many clients and collects their personal and financial information, Global Financial Advisers should implement regular automated backups, multi-factor authentication, periodic system assessments, and employee training to identify and prevent cyber threats.
Summary of Business Domain
The service of Global Financial Advisers, based on the domestic operating environment, is financial advisory services on investments, mortgage refinancing, and trust funds dedicated to individuals, not organizations. Their selected systems include Google Workspace for email and drive storage, ensuring immediate information exchange among workers and with clients, and Google Sites for organizing the company’s website and educating clients on the services. An additional system, Google Forms, is necessary for customers’ financial inquiries.
The company contacts clients before they fill out the form, serving external purposes such as gathering customers’ personal information. External usage extends to Google Sites since clients visit websites and Gmail to exchange messages. Meanwhile, Google Drive and Google Meet are used for internal matters such as discussing work-related topics with colleagues and synchronizing the storage to access information. Thus, these platforms fuel interactions among employees and clients, determining their privacy levels.
Analysis of Business Systems
Global Financial Advisers’ operations are built upon five business-critical systems. The primary one is email and communication necessary for contacting clients and cooperating with colleagues. The second is Google Drive for document storage, which gathers customer data and documentation in one reserve. Google Forms collects clients’ personal information and service inquiries, including mortgage documents, bank account or credit card statements, and share-related confidential data. Another is Google Sites, where the company should demonstrate its online presence and capture potential clients’ attention via listing services.
The final one, Google Meet, is used for internal meetings to connect remote employees. In all these cases, Global Financial Advisers gathers and stores customers’ personal and financial information, including demographic data, financial reports, and credit card details. This analysis suggests that employees should comply with data protection guidelines, such as the General Data Protection Regulation (GDPR), which is receiving increasing public attention in a technology-driven world. The company should comply with these legislative requirements, as all business-critical systems involve the collection and storage of personal data.
Examining the risks to data protection at the assigned company reveals several vulnerabilities. The company’s critical software is Google Workspace and Windows 10. The former has the disadvantages of unauthorized access, data breaches, and phishing emails that demand clicking or opening attachments to acquire sensitive data. Meanwhile, the latter has security flaws and ransomware threats if the information remains locked, requiring the employee to pay a ransom.
If any of these vulnerabilities occur, the business will face financial risks, including the cost of compensating customers for data loss, fines for non-compliance with security regulations, and estimates of potential revenue loss. More importantly, the brand of Global Financial Advisers will be destroyed, leading to a loss of customer trust and reputation. The legal risks include lawsuits and fines for failing to protect client data. Hence, the company’s current systems pose financial, reputational, and legal risks.
Evaluation of Threats
The threat analysis indicates an increased risk of data leakage and loss. On the one hand, internal threats include staff negligence or the potential to harm clients. On the other hand, external threats include cyber attacks on Google Space, hacking, phishing, and physical security breaches, as employees use only standard passwords on their laptops. Another issue is external hard drives kept in workers’ laptop bags, which may prompt attempts at theft and damage, thereby decreasing physical security. Since Global Financial Advisers has a reputation for financial advising, the company can face hacking attempts and data breaches.
Another issue is the distinct workspaces of every employee, which leads to downtime during electrical energy transfer and to worn systems at home. More importantly, clients can clearly describe the organization’s issues during denial-of-service attacks, which align with website unavailability risks. Since personal laptops are not equipped with antivirus software, workers can quickly lose data and lose communication if the mobile network is disrupted. These threats justify the company’s enhanced cyber and physical security.
Each threat aligns with short-term and long-term consequences, disturbing performance. The above-mentioned threats are ranked from highest impact and likelihood to lowest, in descending order: virus infections, external sabotage, physical damage, denial-of-service attacks, worn systems, and telecommunications failure. Hence, virus infections and external sabotage are two critical threats that may cause information loss and disrupt operations for a long time.
To resolve the primary concern, the company should install premium antivirus software with regular updates, such as TotalAV or Norton. This initiative has relatively low costs but the highest benefits for preventing data loss. External sabotage should be mitigated by multi-factor authentication on the laptop and Google Sites, in addition to Windows Defender, which has moderate costs but high benefits for preventing hacking.
Meanwhile, physical security should be maintained through locks and alarms in the rooms where laptops are kept, and employees should stop putting external hard drives into their bags, thereby reducing costs while maintaining higher benefits. Once the company implements Denial-of-Service protection services with continuous monitoring and utilizes backup power solutions at a moderate cost, it receives moderate benefits in preventing time-constrained loss of client contact. Since it is the most temporal condition, the final telecommunications issue might be resolved by diversifying service providers or switching to other communication channels with lower costs and lower impacts.
Threat Prevention Strategies
Since Global Financial Advisers has several data loss and breach threats, it should implement prevention strategies. The first one is incorporating regular automated backups to protected cloud storage, which might cost $1199 for ten terabytes, an excessive space for five employees and thousands of clients. This storage is selected because it has 256-bit encryption, meaning only workers can access data with a unique code. Meanwhile, the physical backup option might be an internal hard drive or flash drive stored in a protected environment. These two options minimize downtime and data restoration costs.
Another issue is improving security by implementing multi-factor authentication with the Duo provider and conducting regular vulnerability assessments for $45 monthly. This initiative is justified by generating a second authentication through the personal channel, which only the employee can access, thus limiting credential exploitation. The final suggestion for enhancing cybersecurity awareness is to provide continuous training for 5 employees for $2,000 per year, with an annual partnership. This training ensures staff recognize cyberattacks and respond immediately, without infecting the company’s files. Therefore, these prevention strategies minimize the risks of compromised and lost client information.
These strategies should follow precise patterns to support employees’ adaptability and align with the business recovery. Initially, Global Financial Advisers should purchase an automated backup program within the month and switch to multi-factor authentication in the next two months. Thus, two months will be dedicated to these methods.
The final step requires annual support from the company, including cybersecurity sessions for employees and support for their improvement through online resources. The organization is expected to turn to the final stage in the third month. Among the three recommendations, the first guides the business during its recovery stage by ensuring that its critical data is stored in a secure location that can be quickly restored. This step-by-step plan enhances organizational information protection from loss and data breaches.
Disaster Recovery Plan
The disaster recovery plan should allocate resources to ensure smooth yet effective data recovery. For example, it requires human resources, including an incident response team and trained backup staff, as well as training and consultation costs, for a total of $ 2,000 annually. In contrast, information and communication technologies (ICT) include networks and servers with data encryption and backup systems, with the cost of acquiring these tools averaging $2500. Meanwhile, costs for information resources, such as secure off-site storage of documents and systems, are at their lowest since employees can safeguard this data in their homes.
When a disaster occurs, personnel should establish the delinquency using physical resources, such as surveillance cameras or alarms. Still, the costs will extend to five distinct places in the employees’ homes. Another measure is backup power generators, but their installation costs exceed $9000 per house and are ineffective because employees choose different locations. The final resource is external stakeholders who offer assistance during data loss and legal bodies who report incidents. Their services vary, and the company should allocate $ 5,000 to them. These urgent resources can alleviate the consequences of disaster for Global Financial Advisers.
A recovery plan for the disaster should follow step-by-step guidelines to bring success. Initially, Global Financial Advisers should activate incident response teams to assess the extent of the data breach and establish active communication channels to update members. The organization is responsible for informing all stakeholders, including clients and authorities, and instructing them on password change and security measures.
However, the simultaneous action is documenting all data for forensic investigation and pushing data restoration through backup systems, such as cloud storage and hard drives so that that system rebuilding can finish quickly. A further step is to implement security measures and protocols tailored to the situation and to monitor the newly introduced system for recurring threats. The final post-incident analysis should identify the pitfalls and drive improvements by openly communicating with external experts and customers.
Before initiating this contingency plan, the company should confirm whether a data breach has occurred. Its criteria are suspicious activity, repeated error messages, or denied access to storage. Diagnosing data loss involves continuously scanning network traffic and login frequencies, and using anomaly detection systems that generate alert signals. Moreover, forensic analysis should include risk and threat evaluation, and all confirming methods should comply with regulatory requirements. When problems occur with data backups and system snapshots, the company should start implementing this retrieval project.
Conclusion
Global Financial Advisers operating only on Google Sites, with no additional protection measures, risk losing customers, finances, and reputation due to the threat of a data breach. That is why the company should have a secure web hosting service with encryption, additional communication channels, and cloud storage with data encryption. At the same time, its personnel should be educated on cyber protection protocols in light of external assistance. The recovery and contingency plan should be initiated once employees detect suspicious cyber activity, with the main goal of reporting the incident and learning from it to improve their protection guidelines.