Many computer security incidents impacting businesses could be avoided if System Administrators and End-Users would follow some basic rules.
1. Install Anti-Virus software and have it update daily on your servers.
Sounds like a no-brainer right? Well, I've actually seen companies with Internet-facing servers with extremely outdated virus definitions.
2. Use the management tools that come with the Anti-virus software to verify that the updates have taken place on each server. If it hasn't, fix it! It may just need another push of the virus definitions.
3. Keep current on OS security patches. Both servers and end-user PCs need to be updated. Make sure to test, then apply the patches as soon as possible once they are released. I've seen articles stating System Administrators should set up Automatic Updates, but that can't always be done. Many companies have scheduled windows of time when work can be performed. Any changes, including necessary security patches, need to go through Change Management processes to verify and approve any system outages. And some patches can break various applications. That's why testing is important.
4. Don't open email attachments if you don't know what they are or who they are from. There are SO many viruses that spread via email. If you receive an email with an attachment and you don't know the person that sent you the email, definitely DO NOT OPEN IT. Even if you know the name in the From: field, if the email seems a bit strange or out of character for the person, don't open it. Many of the viruses which spread through email "spoof" the sender or pretend to be from someone you know.
For those of you familiar with comany-wide computer security, the things I've listed above may seem so simple, but believe me, I've seen companies who did not follow through on these very simple steps and they paid for it dearly. Files have been lost, networks get so bogged down that work nearly comes to a standstill. Be careful and safe computing!
