Page 66 - Cyber Defense eMagazine - October 2017
P. 66

level  of  protection.  The  church  also  should  train  the  staff  in  its  entirety.  Any  of  the
               church’s  staff  with  access  to  their  system  computer  system  should  be  trained  for
               security  threats.  This  training  should  be  focused  on  phishing  prevention  and  social
               engineering examples. This vector of attacks has been thriving for a few years and has
               proven  to  be  present  rather  significant  issues  for  the  targets.  If  this  is  not  presently
               being  done,  the  church’s  IT  department  needs  to  have  a  robust  and  timely  patch
               management program in place and being used. Patches should be pushed often. These
               have been coded for a reason. These have been designed to improve the processing,
               fix vulnerabilities, and other options. These are not meant to be an inconvenience, but a
               necessity with most patches.

               The church needs to ensure the back-ups are done and tested to ensure the back-ups
               are done and tested to ensure the back-ups are done and in a retrievable form. This is
               useful in many forms and  reasons. In  the  case  of  ransomware,  the  church  would  be
               able to restore the systems from the back0up with little loss of data. Without the valid,
               viable  back-ups  in  place,  the  circumstances  would  be  drastically  different,  creating
               stress and taking much time to fix. Without this in place and being actively tested, the
               church’s  network  and  system  would  be  susceptible  to  ransomware,  malware,  and
               simple user error. This is relatively simple to implement.

               Spam filters are a valid tool to assist in protecting the system. This is always a good
               idea for the members and staff with email accounts when the email is internal. Spam is
               sent  to  virtually  every  single  email  address  when  operating  for  more  than  two  days.
               These  would  entice  the  users  to  click  on  links,  pictures,  or  to  visit  a  website  selling
               products or services, or informing them of “fantastic” offers. The adequate spam filter
               would remove this issue to a significant level from the users. By extension, this should
               also decrease the level of malware experienced by the church. The church should have
               their  policies  regarding  computer  usage.  There  should  not  be  an  issue  with  this,
               however when this is in a written form, documented for the users, there is a clear line to
               cross. The policies would be read, and reviewed by all users on the system and signing
               a document reflecting this.


               About the Author

               Charles Parker, II began coding in the 1980’s. Presently CP is a
               Cybersecurity  Lab  Engineer  at  a  Tier  One  supplier  to  the
               automobile  industry.  CP  is  presently  completing  the  PhD
               (Information  Assurance  and  Security)  with  completing  the
               dissertation.  CP’s  interests  include  cryptography,  SCADA,
               securing  communication  channels,  and  inorganic  chemistry.  He
               has presented at regional InfoSec conferences. Charles Parker,
               II  can  be  reached  online  at  [email protected]  and
               InfoSecPirate (Twitter).


                    66   Cyber Defense eMagazine – October 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   61   62   63   64   65   66   67   68   69   70   71