DisasterRecovery OptionsSecondary webhost locations: companies willcommonly rely on a single location to host their back-up information, andalthough unlikely, is at risk of a natural disaster or terrorist attack whichimpacts that single webhost. For this reason, it is suggested that websiteshave multiple locations of backup recovery to rely on, so that if a disaster effectsone location it will have very small impact on the website if at the same timethey were attacked.Efficient employment system: as much as the company, website and back-upsystems are vulnerable attack, so are the employees that work for a company. Ahighly skilled employee who contributes considerably to a team can bekilled/unable to work in a moment’s notice, for this reason it is necessary forthe company to have an efficient employment system which is capable ofinstantly filling the missing link’s place. If a company didn’t have this kindof procedure in place, they risk running at a less than optimal rate, and ifthe employee that is lost is an expert at troubleshooting the company will riskoperating with unresolved bugs.Back-up systems: an obvious must-have for a company which is atrisk of disaster recovery.
A company must make regular back-ups, the morefrequent the better, as the longer the time period between each back up, themore data lost if the company faces a disaster they must recover from. A hotsite is also a tool which can benefit a company facing a disaster, as they canuse it as a temporary back-up server to instantly swap to if the initial sitegoes down; this means that there is hardly any downtime.Whole system replacement: an absolute disaster which means that allcurrently used data is destroyed, accommodation lost, telecommunications lostand essentially all valuable data has been lost. This essentially leaves acompany starting from the beginning, or having to rely on secure back up whichholds critical mission-information. From this point on recovery will be in theform of building from the ground up, notifying current users of the issue andproviding a deadline for the sites replenishment. In this time the company willneed to find new accommodation for their website, employees would have to workfrom home as people replenish the lost buildings.
Mirror software would have tobe restored as to keep up the mainframe of the site. The reconstruction of theoriginal building will probably take a year or more, employees would stay athome or at a new temporary office whilst this construction is underway.Updatingof security proceduresPasswords: although passwords act as a strong wall in between a hacker and systemaccess, they require to be updated regularly to be of any use.
By havingconstant weekly updates of employee’s passwords, there will be hardly any timein which a hacker can decrypt and use a password to gain access. Thisadditionally means that if a password is seized, it will become redundant inthe next few days, meaning that hackers will have to act within a limited timeperiod, making them easier to catch. There are issues present however, as if acompany enforces too strict a password rotation, people will begin to writedown their passwords in obvious places, mostly commonly on a sticky notenearby. This makes gaining the passwords an extremely simple job which can bedone in no time at all.Other: although the most common security procedure that needs to be updated ispasswords, it is crucial that a company performs constant procedural check-upson their security systems.
Commonly, virus protection and other such softwarewill be updated by its manufacturer many times a month, and will therefore needto be updated for each of these as to make sure that the security is working atits optimum standard. To simplify this process, many of these softwarecompanies offer an automatic update service, which will install any updatesimmediately on to the machine; this will then pose an issue of making sure allstaff members comply with these updates however, as many will delay as to notlose any progress, or through irritation of not wanting to wait for an update. Schedulingof security auditsSecurity audits are evaluationsof a company’s system security. These will commonly be made by well-knownsecurity companies that will test how well your company’s security isconforming under a certain criteria. Routine scheduling of security audits isimportant, as the audits can show you where your security is lacking, and alsooffer alternatives/improvements to any outdated or faulty equipment. Monthly issuggested, but the procedure is commonly expensive, so this should be theabsolute minimum of time between each audits. Codesof conduct – email and internet usage policies There must bea strict email and internet usage policy set in place to restrict the abilityfor employees to accidentally bring about malicious damage on any of thecomputers.
Employees should be instructed to:- Not click any malicious link- Ignore any page advertisements- Never disable adblocker- When faced with a red flagged website, employees should contact a superiorfor further permission to access if entirely necessary- Emails within the junk category should be deleted procedurally, maliciousemails should be flagged for warning- The internet should be accessed and used responsibly, without any intentof procrastination or wasting time, search safely and don’t attempt to installany malicious content. If something has been downloaded to the machineimmediately delete it unless it is a scheduled update.BudgetSettingA budget will need tobe put in place as to regulate and keep track of how much money the company isspending on certain areas compared to others.
By setting a certain budget itallows for much better management of capital and resources that the companyown. It also allows comparison between previous budgets and payments to bemade, as to make sure there is no additional fees that have been added to previousdeals. A budget will be required to pay for software updates, upkeep of a backupsystem and continuity of any contracts owned.