1

Assignment #4: Report to Supervisor

Michael Sibley Jr
WRTG 393 6384
September 14, 2024
 2

Memo
To: Mark Carmen
From: Michael Sibley Jr, Assistant Manager
Date: September 14, 2024

Subject: Immediate Action Required on Cybersecurity and Operational Concerns

Mark,
I have evaluated the current operations at Work ‘N Suds, and after doing so, I have identified
several critical issues that need immediate attention. First, and most importantly so, the lack of
security on our open Wi-Fi network and shared computers presents a significant risk. Some of
the main risk in this case include but do not end with data breaches and cyberattacks. At the same
time, I have noticed that there is the use of default passwords for surveillance systems and weak
password management for office computers. If not mitigated, this will certainly pose severe
vulnerabilities in both the short and the long run.
With the aforementioned risks in mind, I therefore recommend implementing password
protection for the Wi-Fi and installing antivirus software on all computers. I also recommend that
there be an update of the surveillance and office system passwords.
If followed well, these steps will mitigate cybersecurity risks and protect our customers' data
while ensuring smooth business operations.

Best regards,
Michael Sibley Jr
Assistant Manager, Work 'N Suds
 3

Executive Summary
Work ‘N Suds has successfully evolved into a popular local business offering remote workspaces
combined with laundry services. That being the case, there are still several operational and
cybersecurity risks that continue to threaten the sustainability and reputation of the business as a
whole. In its lengths, this report highlights the most critical issues and proposes actionable
solutions to safeguard the company’s future.
First, the open Wi-Fi network allows unrestricted access and what this does is it makes it easy for
hackers to infiltrate and compromise customer data. Left unattended to, this can lead to identity
theft, data breaches, and a loss of customer trust.
Second, the shared computers in the workspace lack antivirus software and because of this, they
are left vulnerable to malware and virus infections. The fact that customers frequently access
personal and financial information using said computers means that the risk is increased even
further. Installing antivirus protection and restricting the use of unverified USB devices will
protect the system from harmful threats.
Third, the use of default passwords for surveillance cameras and weak password practices for
office computers storing sensitive customer information create serious privacy and security
vulnerabilities. To deal with this, then strong password management and two-factor
authentication should be enforced to secure access.
Lastly, only one employee has administrative control over the company website. What this does
is it makes it likely for there to be a single point of failure and to avoid this, website management
should be transferred to a company-controlled account, with multiple trained employees able to
maintain the site.
Implementing these changes will significantly reduce operational risks, improve customer trust,
and most importantly protect Work ‘N Suds from potential legal liabilities.
 4

The Problems
Introduction
It is clear that there are in fact some areas where the operations at Work ‘N Suds could be
better. With thee being a number of vulnerabilities spread through cybersecurity and operational
practices, it is only fair to dig deeper into what the problems are. In its lengths, this report will
highlight the most pressing concerns regarding cybersecurity and operational vulnerabilities and
while at it, also provide practical solutions to mitigate these risks before they result in financial
and reputational damage.
Problem 1: Lack of Wi-Fi Security
At the moment, the Wi-Fi network at Work ‘N Suds is open to anyone, as there is no
password required to access it. While this may seem convenient for customers and a way to
attract more patrons, it poses a significant cybersecurity threat. The aforementioned security
threat is further emphasized in a study by Shahin done in 2017, that revealed an open Wi-Fi
network allows anyone within range to connect and potentially infiltrate the systems. With this
happening, malicious agents could access sensitive customer information, including personal and
financial data, through unprotected network connections. Additionally, the shared computers in
the work area are also connected to this insecure Wi-Fi network and without proper encryption or
firewalls, these computers are vulnerable to malware, spyware, and data breaches.
Potential Consequences:
 Unauthorized access to customer banking or personal information, leading to identity
theft.
 Potential data breaches could lead to lawsuits and loss of customer trust.
 Increased chances of malware infecting the system through unsecured connections.
Graphic 1: How Hackers Exploit Open Wi-Fi Networks

The graphic above shows how hackers use open Wi-Fi to access personal data, demonstrating the
need for a secure network.
Problem 2: No Antivirus or Malware Protection on Shared Computers
The importance of antivirus in devices in the day of cyberthreats, can never be
understated. While this is the reality, it is still noticeable that the five shared desktop computers
in the work area do not have any antivirus software installed. This means that customers have to
use these computers to carry out various tasks, while being exposed to a lot of breaches. Simple
 5

tasks like checking emails, accessing online banking, among others, continue to put them at risk
of data theft or even worse. It is also worth pointing out that without antivirus protection, these
computers are vulnerable to malware, which can infect not only the computers but also the entire
network. Furthermore, employees at Work ‘N Suds routinely use customer USB devices and
their personal USB drives on these computers without any screening or security checks. This
practice significantly increases the risk of malware entering the system.
Potential Consequences:
 Viruses could spread through the network, causing data loss, system crashes, and
financial losses.
 Customer privacy may be violated if sensitive information is accessed or stolen by
hackers.
 Malware can compromise customer trust and lead to legal liabilities.
Graphic 2: Impact of Malware on Business Systems

This graphic illustrates how malware can spread through USB devices and affect business
operations.
Problem 3: Weak Password Management for Surveillance Cameras and Office Computers
The surveillance cameras at Work ‘N Suds use the default username and password
provided by the manufacturer. Additionally, the office computer, which stores sensitive customer
information in an Excel file, has a password written on a sticky note next to the computer. Both
practices expose the business to data breaches and security vulnerabilities. Anyone with basic
knowledge of the camera system or access to the office can easily retrieve sensitive customer
data or compromise the security of the premises.
Potential Consequences:
 Unauthorized individuals could gain access to the surveillance system and spy on
customers, violating their privacy.
 Sensitive customer information stored on the office computer could be stolen, leading to
data breaches and legal liabilities (Florackis et al., 2023).
Problem 4: Sole Ownership of Website Management
 6

It is also clear that at the moment, only Janice Goodman has access to the administrative
functions of the Work ‘N Suds website. This also happens to be housed on her personal
WordPress account. In a bit more technical terms, this means that she represents a single point of
failure and this poses a significant risk to the business. In the event that Janice becomes
unavailable or leaves the company, the business could lose access to its website. As expected,
this could impact operations and marketing.
Potential Consequences:
 The website could become stagnant or totally inaccessible if Janice is unavailable.
 Business growth could also be hampered if the website cannot be updated with new
promotions, services, or events.
 7

Solutions
Suggested Solution 1
 Secure the Wi-Fi network by implementing a WPA3 password protection protocol. This
will ensure that only authorized users can access the network. Additionally, using a
firewall will protect the network from unauthorized access and external attacks (Almari,
2019).
Suggested Solution 2
 Install antivirus and malware protection software on all shared computers and the
network. This will ensure that all incoming and outgoing data is scanned for threats
(Reshmi, 2021).
 Implement a strict policy prohibiting the use of personal or customer USB devices
without prior scanning.

Suggested Solution 3
 Change the default username and password on the surveillance cameras and implement
strong, unique passwords that are regularly updated.
 Use a password manager for storing passwords securely rather than relying on sticky
notes.
 Implement two-factor authentication (2FA) for critical systems like the office computer
and customer databases.

Suggested Solution 4
 It is recommended that there be a transfer ownership of the Work ‘N Suds website to a
company-controlled WordPress account. This should then be followed by having more
than one employee who understands how to manage it. Additionally, a business email
should be created to carter for administrative functions to prevent personal accounts from
being tied to critical business operations (Hubbard et al., 2023).
 8

The Conclusion
In nutshell, while Work ‘N Suds has enjoyed significant success with its unique concept,
the current cybersecurity and operational practices expose the business to considerable risks.
This also means that something has to be done promptly, to avoid the risks turning into a disaster
in the longer run. As explained in this report, implementing the suggested solutions, such as
securing the Wi-Fi network, installing antivirus software, strengthening password management,
and expanding website ownership, will help protect the business from potential cybersecurity
threats and operational inefficiencies. It is also important to remember that these changes are not
just improvements but essential steps to safeguarding the future of Work ‘N Suds.
 9

References
Almarri, A. J. (2019). An investigation of the different risks associated with: The public Wi-Fi
and Hotspots (Master's thesis, The British University in Dubai).
Florackis, C., Louca, C., Michaely, R., & Weber, M. (2023). Cybersecurity risk. The Review of
Financial Studies, 36(1), 351-407.
Hubbard, D. W., & Seiersen, R. (2023). How to measure anything in cybersecurity risk. John
Wiley & Sons.
Reshmi, T. R. (2021). Information security breaches due to ransomware attacks-a systematic
literature review. International Journal of Information Management Data Insights, 1(2),
100013.
Shahin, E. (2017). Is wifi worth it: The hidden dangers of public wifi. Catholic University
Journal Of Law And Technology, 25(1), 7.