There is no question that technology today forms the core of business. In their role of facilitating transactions and storing sensitive data—the data of both the staff of the company and the stored data of the clients—the systems and networks of companies are increasingly under siege. This makes data both the most precious asset to the corporation, and the most vulnerable. Losing it may cause irrevocable damage to the reputation of a business, and thereby also the trust of shareholders. Logically, then, network security should be a key focal point in the disaster recovery plan of any business that wishes to stay afloat.
How, then, do we prepare our businesses to deal with threats to network security?
1. Train your staff in network security.
This isn’t a “one time only” event. Staff should be trained in an ongoing manner about network security, as new threats arise all the time. Emailing a daily security tip to staff is another good practice to keep them up to date, and to keep them thinking about the relevance of network security as a whole. Train staff not only how to avoid a security emergency, but also how to respond to one. Train staff on why security is so vital and keep your security system as user-friendly as possible, so that the concept and usage of network security does not seem abstract.
2. Be aware of all possible security measures.
Keep a checklist of all the security measures your business needs, and make sure each item on the list is adequately installed, maintained, and prepared to deal with the latest security threats. Every business should have the following in place:
– A firewall
– A virtual private network (VPN)
– An intrusion prevention system
– Content security measures protecting your network from viruses, spam, spyware, etc.
– A secure wireless network
– An identity management system
– Compliance validation, ensuring any device accessing the network meets security requirements
3. Have a password policy in place and review it often.
Businesses should have a policy instructing their staff on password creation and usage. It should cover essential points like how to make a strong enough password, and the importance of changing one’s password every few months.
4. Run test scenarios.
The only way to truly plan for what will happen in the event of a disaster is to simulate disaster, so every business’s disaster recovery plan should include a regular assessment of security, and the security system should be subjected to test scenarios. Tests should include drills running through possible security intrusions, and the closer a test is to simulating a real-life incident, the more effective it will be (though it will also be more inconvenient and potentially risky). Repeated tests function like rehearsals, ensuring staff is ready to automatically do the right thing in the event of a real emergency. It is also advisable to have independent reviewers/observers with business continuity or disaster recovery experience on hand to help with testing and improving network security.