Computer Doctor - specialists in IT Security, internet, networking & trouble shooting

IT Security

Information Technology (IT) is as powerful yet brutally singleminded as a Pit Bull: Don't respect it and it may bite you hard. Take care of it so if the worst does happen, it will side with you and take care of your business.

The biggest loss that your business can sustain is the loss of data. You can buy a new computer, a new server or a new software program, but when your hard drive crashes and data is lost -- that can't be replaced easily. A Disaster Preparation Plan, or DPP, should be put in place so that your business can recover. While environments vary in different organizations, there are five elements to consider when creating a comprehensive plan. They are:

Hardware protection
Maintaining business operations during a disaster period
A sound data backup strategy
Proactive defense against hackers and other intruders
Effective DPP management

Hardware protection
The hardware devices on your business (CPU’s, drives, monitors) are susceptible to unstable electrical power damage. Protecting them using Uninterruptible Power Supplies (UPS) or at least surge protectors is a must. If you do not have these items in place, you should consider installing them. The initial investment could be justified many times over in the event of disaster. Also, consider relocating your most important computer, the server, in a safer location such as a room specifically designed to house it or at least a properly ventilated closet. This will keep the server away from unathorized and/or curious hands.

Also, protecting your computers against viruses and worms can also prevent many problems. These parasites can destroy data just as easily as a hard drive crash can. And remember, the fact that you installed an anti virus program in, say, 1999, forgot about it and expecting to remain protected is a much wishful thinking as getting a flu shot that same year and expecting to remain protected right now. Update your anti virus definition files often.

Maintaining business operations during a disaster period
Make sure proper precautions are taken by everyone to implement plans for network interruptions. For example, the phone lines in the sales department won’t stop ringing because the server is down, so orders may have to be handwritten until the server is up again. Each department should work out strategies for such occurrences. If the proper precautions are taken, the server can be rebuilt quickly and operations can still continue.

A sound backup strategy
A well designed media rotation scheme plays a key role in quickly restoring your file server. Also, it is imperative that at leat one backup tape be moved off-site regularly. This ensures that if your company experiences a fire, flood, theft or any other disaster, all your backups are going to be safe.

Proactive defense against hackers and other intruders
Protect your business against hackers with a hardware firewall. Many Internet and off-the-shelve routers and gateways have firewall protection built in though it's rarely very strong. Businesses should take the extra step in getting a Stateful Packet Inspection (SPI) firewall, a type of firewall that inspects incoming data packets to make sure they correspond to an outgoing request. Unsolicited—and possibly harmful—packets are rejected.

Also, if your business has a wireless network be sure to protect it against unauthorized intruders. Wireless networks broadcast and receive signals indiscriminately. If you install your wireless equipment with the default settings any person with a wireless-ready laptop and within range of your wireless signal can detect it and use it. A combination of data encryption (WEP) and wireless network card access restriction (MAC Filtering) -both features available in your wireless network equipment- can very much keep intruders and hackers from accessing your computers, printers, Internet, etc.

Effective DPP management.
The last element – and possibly the most important – is the proper management of your DPP strategy. A person or group of people should be charged with constantly supervising your organization’s disaster preparation efforts. Someone should install and maintain hardware protection devices, make sure all departments have a plan if the server goes down temporarily and make sure that backups are made and rotated off-site regularly. Also, it is a good idea to document your DPP for reference purposes.