Businesses should have plans for operations, security strategy, computer security incident responses, continuity, and a disaster recovery plan. In addition, also have onsite and offsite backups of system configurations and data, emergency power, and automated fail-over systems:
IT staff should enable computer and network audit logging. If unusual activity is found, have someone research it and take necessary steps to prevent malicious activity. Implement business procedures that keep client/customer data separate from other business records and from your website server. Limit access to client/customer personal data to those who need it.
Follow and implement the regulations, standards, and procedures from recognized national and international institutions such as: