Security Policies and Procedures

The best way for the network administrator to prevent unauthorized access to the company's confidential data is to implement a strong password policy. This will likely include requirements for password length, complexity, and frequency of changes. This measure is critical to improve the security of user accounts and reduce the risk of unauthorized access. Reducing firewall settings or disabling intrusion detection systems would instead weaken network security, which is inappropriate and could lead to further security breaches. Granting all users administrative rights is also not a good strategy as it can result in privilege misuse or abuse, and it increases the number of potential targets for external threats.

The best measure they should implement to protect sensitive financial information from hackers is to 'Install an intrusion prevention system (IPS) to detect and block attacks'. An IPS is a critical part of a robust security posture as it protects a network by inspecting the traffic, and then taking appropriate actions like alerting, blocking, or reporting suspicious activities 'Storing passwords in plaintext documents' is a bad security practice because if a hacker gains access to this document, they would gain immediate access to all the stored passwords in plaintext, compromising all relevant accounts Allowing 'external devices to access the network without authentication' would be inviting security issues as almost anyone could gain access to your network and the sensitive data within. This goes against basic tenets of network security which supports strong authentication 'Disabling encryption for all data' would mean that any data transmitted or stored is easily readable by anyone who gained unauthorized access. Encryption is a basic practice to ensure data confidentiality by making it unreadable to unauthorized parties Thus, the most effective measure among the options provided in safeguarding the company's network would be installing an IPS.

A non-disclosure agreement (NDA) is a legally binding contract between the company and its employees, requiring them to keep sensitive information confidential and not disclose it to unauthorized individuals.