Channel Selection: Communicating IAS Principles
Many scholarly journal articles addressing the subject of security countermeasures are available in the Capella library. One such piece is the one written by Bays and colleagues in 2015 “virtual network security: threats, countermeasures, and challenges.” This journal article provides some security countermeasures that, if properly implemented, could provide a desired level of protection.
A non-academic source found on ProQuest library is a newspaper article titled “Beat spammers at own game,” which was written by Steve, Tilley, and published by Postmedia Network Inc. in 2007. The author talks about the various methods used to prevent spammers from attacking and stealing users’ personal information from social media platforms.
Communication Channels
Email is the most common communication channel used by most enterprises. However, it can be used by individuals who have bad intentions to phish the organization’s confidential information. This happens when an email that looks like it was sent by a trusted organization and contains a web link that if clicked directs to a malicious website that steals the receiver’s credentials.
The method of security control that could help prevent such an issue from happening is making sure that the enterprise runs its systems on a secured private network. Also, training employees on which emails to trust and open could help with ensuring that they do not accidentally open emails that are intended to phish information. Therefore, training is a form of human countermeasure that in addition to running the systems on a secure private network could help with preventing unsuspicious phishing attacks.
The advantage of using email authentication countermeasure is that most email providers offer a multifactor-authentication process which requires users to provide more details so they can verify their identity before access to their account is granted (Xiujuan et al., 2019). For example, Gmail multifactor-authentication process requires the user not only to provide username and password but also an answer to a security question. If logging in a mobile phone, a security code is sent to the person who registered the email. This way, Gmail ensures high-level security for its users.
The disadvantage of using email as a channel of communication is that if many users use a single account, then the risk of vulnerability could still be high. Users can compromise security measures and leak login credentials to unauthorized individuals. When this happens, unauthorized users could still access the email account or even send malicious emails to that email account.
- Social Media Platforms
Social media platforms such as Facebook, Twitter, Instagram, among others, are currently used by enterprises as effective channels of communications. However, these channels are more prone to attacks. Hackers tend to spoof call to trick individuals into doing things and sharing information they probably should not share about the company’s social media platforms. If an individual/employee falls for it, then the hacker steals that information and uses it to perform illegal activities or even to expose the company’s secrets.
Most social media platforms have an option for verifying login requests and what the registered user needs to do is to go into the platform’s setting and put the enterprise phone number. Every time that unauthorized user tries to log into the account, a login request will be sent to the registered phone number. According to Wilcox & Bhattacharya (2015), enabling verification options in all social media platforms provides the best access control countermeasure for protecting the accounts from being hacked.
The advantage of using this type of countermeasure is because of the aspect of requiring users to verify their login requests. As such, the enterprise could allow only authenticated users to access its social media platforms. The disadvantage is that if an unauthorized user gets access to the devices, for example, a device on which social media platform’s user names and passwords are stored for remembrance, then the countermeasure could be of no use. This is even so because many users tend to allow web browsers to save their login details (user name and password) as a cue for easy access.
- Video Conferencing Channels
Amid Covid-19 virus epidemic, many business enterprises have been using video conferencing channels, for example, the ZOOM app to connect remotely with their employees as well as their customers. As the demand for this app increases, so does its vulnerabilities. A recent article raised some concerns about video conferencing apps such as Zoom, stating that as more people continue to use it, so do hackers are trying to assess its vulnerabilities. For example, just recently, Bloomberg reported that a cybersecurity firm known as Cyble bought 500,000 credentials of Zoom accounts from the dark web. This is a clear indication that most video conferencing channels are not secure, and they still have a lot of work to do to protect user’s personal information. This is one of the critical disadvantages of using video conferencing channels for communication.
The best countermeasure for keeping safe when using such a video conferencing app is to login from a secured private network. Bays et al. (2015) recommend the use of VLANs and VPNs for anonymity purposes. VLAN could help with routing packets to the right server while VPN could ensure that packets or information shared over the network is encrypted and, therefore, not hijacked over the network by intruders. The disadvantage of using this countermeasure with video conferencing applications is that an enterprise risk having its information misused by third parties that offer VPN and VLAN services. However, the same data they are trying to protect could still be exploited by the same corporations providing these services. According to Rash (2019), this is one of the things that enterprises need to understand when using VPA and VLAN services.
References
Bays, L. R., Oliveira, R. R., Barcellos, M. P., Gaspary, L. P., & Madeira, E. R. M. (2015). Virtual network security: threats, countermeasures, and challenges. Journal of Internet Services and Applications, 6(1), 1.
Rash, W. (2019). Businesses Need to Understand the Risk of VPN Services. Retrieved from https://www.pcmag.com/news/businesses-need-to-understand-the-risk-of-vpn-services>
Wilcox, H., & Bhattacharya, M. (2015). Countering social engineering through social media: An enterprise security perspective. In Computational Collective Intelligence (pp. 54-64). Springer, Cham.
Xiujuan, W., Chenxi, Z., Kangfeng, Z., Haoyang, T., & Yuanrui, T. (2019, February). Detecting spear-phishing emails based on authentication. In 2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS) (pp. 450-456). IEEE.