please read the instructions

INSTRUCTIONS

1. LO#:Instructions: 1) Read the the case study Interserve 113,000 employees accessed and encrypted in cyber attack.pdf 2) Answer two questions in the case study. Using Q & A style, label number of the question and follow with your answer.Formatting Requirements:Please submit a Word document and use the following format to organize and submit all written home work:Font: 12 pointsSpacing: 1.5 linesPages 2-3 pages or Word Count: 500-750Body of text: Do not repeat the case to be analyzed or the synopsis of the given homework. However, you should copy/state each question asked before providing your answer/argument to the question.References: If you quote the work of others, you must provide the citation at the end of your homework. APA format and citation. Somethings I am looking for:Clear reasoning behind your decision making.Think about how you can tie your course readings to the evidence presented in the case study. If you use resources outside the course readings, be sure to explain how they are tied to the case study.Consider using the additional resources in the case study to support your arguments.SafeAssign release statement:By submitting this paper, you agree: (1) that you are submitting your paper to be used and stored as part of the SafeAssign™ services in accordance with the Blackboard Privacy Policy; (2) that your institution may use your paper in accordance with your institution’s policies; and (3) that your use of SafeAssign will be without recourse against Blackboard Inc. and its affiliates.

Interserve 113,000 employees accessed and encrypted in cyber attack
An initial phishing email was sent to an Interserve accounts team mailbox disguised as an
urgent document review which was not quarantined or blocked by Interserve’s system. Whilst
working from home, an Interserve employee forwarded the phishing email to another
employee. After the employee downloaded the contents, malware was installed on their
workstation.
Interserve’s anti-virus software quarantined the malware and sent an alert, but the company
failed to conduct an investigation. The ICO found that if Interserve had investigated the
malware alert they would have realized that the hackers had access to its computer system.
Due to Interserve’s failings to investigate the matter properly, the hackers gained access to 283
different systems and 16 separate accounts allowing them to uninstall the company’s anti-virus
solution.
The personal data of up to 113,000 employees was encrypted and rendered ‘unavailable’. The
data which was compromised spanned 4 HR databases and included details of national
insurance numbers, bank accounts of employees and also employee special category data
including ethnic origin, health data and details of disabilities and sexual orientation. In October
2022, the ICO issued a Penalty Notice under section 155 of the Data Protection Act 2018 setting
out the company’s contraventions from March 2019 to December 2020 where they had failed
to process personal data in a manner that ensured adequate security of the data (which the
Commissioner noted was in contradiction to the company’s own documented standards) and
which ultimately rendered them vulnerable to the 2020 incident.
Questions:
1. Knowing how the firm Interserve responded, what would you have done differently?
2. What are some steps you think the firm could have taken to prevent this incident?