One of the first things I would suggest to secure this network would to be enforce a Acceptable Use Policy and password policy and annual security awareness training. The Acceptable Use Policy would set the ground rules for what is authorized and unauthorized use of the computers and network. Password protection is the first line of defense at a host computer. Unprotected computers can be easily compromised when left unattended and unsecure. The password policy would include requirements for password length and complexity. Additionally, the policy should include a length of time the passwords are good for before expiring, and new passwords should not be any of the previous three passwords. Passwords should be kept secured and not shared. Security awareness …show more content…
The disaster recovery plan would include having a backup server in case the first server should fail, theft, endure physical damage, or the business is hit with ransomware. This server should also be stored in a secure offsite location away from the business. The disaster recovery plan should also have a written plan of what is to happen if an event occurs. The plan should include what needs to be done, who needs to do it, and who needs to be contacted about the event. The backup plan should include a scheduled routine backup of all computers and configurations. Backups should have copies stored in a secure location offsite at least