According to my experiences and the information in Ms. Gurchiek’s article, three causes of poor security practices in organizations are a lack of awareness, a lack of procedures and policies, and poor leadership. A lack of awareness is when employees are not made aware of the possible threats to the organization’s security and do not understand why security is important. The lack of procedures and policies means that there are no set guidelines for employees to follow when it comes to cybersecurity. Poor leadership means that human resource information technology leaders are not paying close attention to security issues such as phony chatbots, spear phishing, mobile malware, and internal risks.
Organizations can resolve poor security by creating awareness among employees of the risks associated with not following security protocols. Some common security risks that employees need to be made aware of include social engineering, malicious software, and data theft. Employees need to be educated on how to recognize these threats and what they can do to help protect the organization’s data. Conversely, lack of procedures and policies and poor leadership can be solved by restricting the number of people accessing the sensitive company’s data. The prevention of unauthorized individuals into an organization’s information can be done by setting strong passwords and two-factor authentication.
There are many physical security vulnerabilities in a data center, but three of the most critical ones are its location, natural disasters, and physical access. The location of a data center can be a major vulnerability if it is not friendly to the data gadgets, such as humid and dusty places. This can be mitigated by setting up a proper infrastructure and employing someone to ensure the information gadgets are in good condition. Natural disasters such as floods, earthquakes, and hurricanes can wreak havoc on data centers by destroying the computer hardware, thus making it impossible to access the information or data. Natural disasters can be managed by conducting research before setting up a workstation or a company in a given locality. Physical access refers to theft-related risk, where a thief steals data sources such as laptops, computers, flash disks, and hard disks. Using padlocks, employing security officers, and having stronger structures are some of the best ways to reduce theft insecurities through physical access.