I’ll give you my Top 3 here, which by the way are not their top five but do appear in their top 10 list.
Catch the patch batch: Make sure that all OS and applications are up to date, and while this seems like a simple thing it’s something that more often than not, does not get done.
Don’t be a pirate: We all know we can download all the software we want from the net. We all know where to go. We all think “we can trust” the colored icons. Well, we can’t. All computers connected to the network (via wireless and rj-45) should only have real/authentic non-pirate software.
Do you need administrative privileges: Not everyone is an administrator; these rights should only be given to IT people and no one else. That is right the CFO, does not need to be administrator on the system. It’s a hard rule I know but well worth it.
Antivirus isn’t total security: Your employees are the first line of defense not any software. Train them not to rely on antivirus software to catch everything, I’ll tell you right now it won’t. Quarterly updates to them on what they should know and more importantly what they should not do, should be standard practice.
Be wireless, not careless: Wireless is a great thing and most people love their laptops and feel naked when they don’t have a wifi connection. But don’t accept/join networks that you don’t know. There is no such thing as a free lunch or free wifi. At best they monitor the sites you go to, at worst they steal your information or take over your system.
These points are nothing new under the sun (so few things are), but they are things that Portals, Admins and Users, all fail to do. As they say an ounce of prevention……