Have you reviewed your software, systems and data?
Can you
recover your systems should a disaster affect your business?
If the answer is
NO then you need to put in place a
Disaster Recovery Plan, a plan that is
tested at least once a year and is understood by your senior management team to
ensure your data is protected. Keeping your systems updated and operating
correctly is very important for the functioning of your company. Today more
businesses are requesting IT Disaster Recovery Plans from their supply chain as
there are multiple system threats, so why should your company not have one?
We
believe your business ought to have a Disaster Recovery plan that has a
solid foundation with full IT management practices, setting out how your
business would recover if a technology failure should occur.
These
processes should include the following:
-
IT Disaster Recovery Strategy and Road
Map - this will be based around technology and staff and
will ensure your business is fully aligned to your IT requirements
-
Disaster Recovery Testing - we
can verify, validate and troubleshoot your DR procedures to improve the
quality of the plan
We
can not stress the importance of complete review planning enough; we can act as
a true independent consultant and work in synergy with your chosen IT
partner.
All businesses should consider and check they
have covered the basics below:
Firewalls
-
Configure so only the necessary
ports are open.
-
Ensure there are no default
admin passwords in place
-
Make sure fully patched with
the latest firmware
Users and
DR planning
-
Make sure the current users
exist within Active Directory.
-
All administrators have two
logins - one as a standard user and another with admin rights. Your IT supplier
must not use the Administrator account remotely.
-
Passwords are set to complex
with 60-day life, or use two factor
-
Staff training and security
awareness
-
Full document and tested DR
business planning, including document and tested data backup plan
Secure configuration
-
Disable auto-run on all devices
through Group Policy.
-
A list of applications will be
developed so all other applications present can be removed
Patching
-
Make sure all workstations and
laptops are set to automatically update their operating systems and other
software where possible (i.e. Office and Anti-malware.)
- Consider a dedicated
patch management server.
-
Establish a routine so all
server operating systems are patched within 14 days of release, ensure your
supplier emails you in writing when this has been completed
-
Establish a routine to update
firmware within 14 days of release for other devices.
Anti-malware
-
Daily scan setting
-
All email attachments should be
scanned upon opening.
As aforementioned, this is a very
basic overview of what you should be carrying out as part of your network IT
strategy.
