Question

Describe what you think are three (3) of the most important risks to a corporate environment and what types of mitigation or remediation could be put in place to prevent each of those risks. Feel free to be creative and fictional when describing the corporate environment (please).

Answer 1

Three important risk and their  mitigation are given bellow......

Risk No. 1: Disgruntled Employees

Internal attacks are one of the biggest threats facing our business .Especially members of the IT team with knowledge of and access to networks, data centers and admin accounts, can cause serious damage.

Solution: The first step in mitigating the risk of privileged account exploitation is to identify all privileged accounts and credentials and immediately terminate those that are no longer in use or are connected to employees that are no longer at the company.

Next, closely monitor, control and manage privileged credentials to prevent exploitation.

Important to use a separate password for each registered site and to change it every 30 to 60 days to be extra safe, “implement multifactor authentication such as One Time Password (OTP) if any change then the company authority notify that.

Risk No. 2: Cyber Security

Cyber Security is one of the top global threats facing all kinds of businesses today. The financial and reputational cost of a data breach can be devastating for any business, which is why it’s so important to have the right cyber security protocols and professionals in place. Despite widespread efforts to quell cyber security threats and major advances in IT security technology and practices, the number of cyber security issues threatening businesses has actually grown.

Solution:

1. Identify the Threats.
2. Beware of Cybercrimes.
3. Keep an Eye on Employees.
4. Use Two-Factor Authentication.
5. Conduct Audits on a Regular Basis.
6. Ensure a Strong Sign-Off Policy.

Risk No. 3: Third-party Service Providers

The potential risk that. arises from financial institutions relying on outside parties to perform services or activities on their behalf.

However, “these third-parties typically use remote access tools to connect to the company’s network, but don’t always follow security best practices,” he says. “For example, they’ll use the same default password to remotely connect to all of their clients. If a hacker guesses that password, he immediately has a foothold into all of those clients’ networks.”

Solution:

Assess the overall potential business impact of each critical third-party tool risk. Evaluate the third-party tools or services with the help of an unbiased resource. Conduct periodic assessments regarding access to authorized and unauthorized resources for third-party tools and services.

Companies need to validate that any third party follows remote access security best practices, such as enforcing multifactor authentication, requiring unique credentials for each user, setting least-privilege permissions and capturing a comprehensive audit trail of all remote access activity.