Memorandum

To: All Staff

From:

CC: Other recipients

Subject: Information Security Policy and Two-Factor Authentification

As you are all aware, the company recently experienced a ransomware attack that cost the company $500,000.00. Afterward, the Risk Management Committee held an emergency meeting with the company’s top management and leadership. The meeting comprised the Chief Executive Officer (CEO), a Risk Management Committee member, a Director of Information Security, an IT team, and the Director of Risk Management. The CEO deliberated on the matter and tasked the information security office to create a policy to ensure such an attack would never happen again. This memo will communicate the new policy, effective date, and requirements.

Ransomware Attack

 Ransomware is a digital attack in which the attacker can access the victim’s computer, encrypts all the data, and demands money to decrypt the file (Stanger, 2020). In our case, the attacker accessed one of the computers in the finance department, giving the company no choice but to pay the demanded amount. To contextualize it, a report from IBM (2022) on cyber security and data breaches via phishing increased by 16 percent from 2020, while business email compromises grew by 6 percent from 2020. In addition, this is likely to increase, with risks facing more than 83 percent of companies.

New Policy

 As a result of the above attack and industry-indicative data, this directive is crucial to the organization, and serious care must be taken. Therefore, all employees must adopt the new 2- factor authentication for IT equipment access. 2-factor authentication is a preventive control that neutralizes threats from compromised passwords (Dmitrienko et al., 2014). This applies to all company online services accessed by computers and smartphones. In addition, all staff will also be required to enable this on their computers. The information security department has created a program to train all employees on using the new 2-factor authentication control.

All employees should note that the timeframe for adopting this new directive is 30 days; failure to do so will lead to suspension of access to work emails and company information, services, or data. Employees whose access will be suspended might be unable to perform their work effectively, which could lead to disciplinary action, such as dismissal, based on failure to comply with the company’s policies.

Conclusion

 This policy is meant to safeguard the company’s assets and ensure your safety on the Internet. All employees must adopt the new 2-factor authentication for IT equipment access. Failure to do so within the next 30 days will lead to suspension of access to work emails and company information, services, or data.

References 

Dmitrienko, A., Liebchen, C., Rossow, C., & Sadeghi, A.-R. (2014). On the (in)security of mobile two-factor authentication. In Financial Cryptography and Data Security (pp. 365– 383). Springer Berlin Heidelberg.

IBM. (2022). Cost of a data breach 2022. https://www.ibm.com/reports/data-breach

Stanger, J. (2020, February 21). Ransomware response: Mature cybersecurity must involve data analytics. Default. https://www.comptia.org/blog/mature-cybersecurity-response-to-ransomware

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

You are the Information Security Director for a medium-sized company.

Information Security Policy and Two-Factor Authentification

You recently experienced a ransomware attack that cost the company $500,000.00. After the attack, your CEO held a meeting and informed you and the other IT professionals that it “WILL” not happen again. Write a Directive to the company’s employees summarizing the requirement for all personnel to adopt the new 2-factor authentication for IT equipment access. Include a 30-day adoption timeline and the consequences of not adhering to the new policy.
Instructions:

•    Write a 400-500 word policy using APA format.
•    Your essay should include an introductory paragraph and a conclusion.
•    Follow APA format for structure. Conduct research associated with 2-factor authentication and, at a minimum, cites 3 credible references beyond the course materials. Please note Wikipedia, Investopedia, and similar websites are not credible academic references.