Briefing Presentation:

Law and Order Services

IT Department

Mary Joy Williams

Executive Summary
Currently practices in the IT department pose a
security threat not only to the company but
also to the customer. One employee is solely
responsible for operating each sector of the IT
software and is the only individual with the
necessary information to access data within the
respective section. Furthermore, personal accounts
are being used to access company tools.

These practices jeopardize the effective flow and

security of the company if any of these
individuals are indisposed or if their personal
accounts were hack. While these practices
have not harmed the company thus far, future
changes in employee and company
relationship can cause irreparable damage to the
company’s integrity and reputation.
 Problem #1
Lack of accountability referencing
access to company data

Problem #2
Lack of Oversight: Insider Attack

Problem #3
Use of personal accounts to access
company tools
 Analysis 1
Presently, only Jack manages the log-in credential for the companies database. If Jack were to experience an
emergency in which he will be indisposed, no other individual in the company will be able to complete their duty or
access the database. To exacerbate the situation the local cloud company, CloudSecure, hired to maintain the
companies database has a policy in place limiting accessibility to login and password information to only approved
individual. Currently, Jack is the only approved individual in the company to request these login credentials. This
problem also affects payroll. Payroll records are also kept on CloudSecure; therefore, these records cannot be accessed
if Jack is not available. This will impact company and employee relationship and company financing if salary is
incorrectly dispersed.

This issue is also relevant with the company blog. Currently, Marsha is the only employee with access to the company
WordPress account. The company blog is one of the company’s biggest marketing tools and is solely ran by Marsha.
As mentioned above, this poses an efficiency threat to the company. If Marsha becomes ill or goes on leave, no other
employee will be able to access the company blog. This will be hindering company marketing plan and ability to
garner new clientele.
 Analysis 2
Without oversight in accessing the database, the company is open to insider attack. Insider Attack “is the potential for an
insider to use their authorized access or understanding of an organization to harm that organization” (Cybersecurity and
Infrastructure Security Agency). Insider attack can lead to leaked information, workplace sabotage, or the intentional or
unintentional loss or use of departmental resources or capabilities.
While insider threat may not be a pressing issue in the company currently, based on research conducted by Cybersecurity
Insider, they found that “60% of organizations had more than 20 incidents of insider attacks a year” (IBM, 2020) and that
“61% of companies have had an insider attack in the past year”(Bitglass, 2020). This means that the company can potentially
face an insider attack if current policy is kept in place and new employees are hired.

Furthermore, it was reported that “60% of data breaches are caused by insider threats” (Goldstein, 2020) and “68% of
organizations have observed that insider attacks have become more frequent over the last 12 months” (Cybersecurity Insiders,
2020). This is a large increase since “The number of insider-caused cybersecurity incidents increased by 47% since 2018”
(ObserveIT, 2020) and is projected to “increase by 8% through 2021 “(Shey, 2020).

Rectifying these issues now will prevent our company from being a victim to an insider
attack and provide safeguards to protect both the employee’s and the company.
 Analysis 3
Another problem I observed, is the use of personal accounts to access company tools. Sandra is responsible for
maintaining the company website on WordPress and accesses the software via her own personal email and
password. This is a huge security threat to both the company and to Sandra’s personal information. If Sandra’s
personal account is hacked, it could potentially open the door for the hackers to access the company site and its
stored data. This can also happen reversely, in which the company could be hacked providing access to Sandra’s
personal account.
 Solution #1
Increasing the number of individuals with
access to CloudSecure

Solution #2
Designating and assigning a company
workspace.
 Analysis
The first solution I would like to offer is increasing the number of individuals with access to CloudSecure. Since Jared
relies on CloudSecure to accomplish his job responsibility, having Jared as an approved employee on CloudSource would
provide streamlined accessibility and a back-up employee to Jack. This will alleviate the pressure for Jack to always be
available and provide two entry access to the database when needed. Furthermore, as the main supervisor in the company, I
believe it would be important for you to also have access to the database. This allows you to have access to the company
database to access data need for other aspects of the company. It also allows you to administer oversight and accountability
within the IT department.

On another note, I also suggest designating and assigning a company workspace. This can either be Google suits,
Microsoft 365, or etc. This allows everyone within the company to have a designated login credential upon employment.
This cuts back on the use of personal accounts to access company tools. It also streamlines company communication with
the plethora of resources that accompany these workspaces such as sharing documents, virtual meeting spaces, and email.
 Visual of Current
Company Set-up

Figure 1

Visual of Propose
Company Set-up

Figure 2
 The Company Closing
The issues brought forth posses a huge threat to
company safety and integrity. Fixing these issues
is of utmost importance since it places the
company, the employee’s and clients in a
The Employee’s vulnerable situation. Implementation of both these
solutions will rectify the discussed problems
within the company without large outputs of
money and time. They not only benefit the
company but the employee’s as well without
adding or decreasing company responsibility or
workload.
The Client
Figure 3: Who Is Affected?