Educate users on security

Even with the best firewalls, antivirus products and other security hardware and software in place, no network or computer is 100% secure. Sadly, the weakest link in the security chain for corporate networks is often the users themselves. Ensuring that users have a basic understanding of information security and a little common sense can yield much higher dividends than the latest whiz-bang application.

Below are the top 10 tips administrators should share with users to help make the whole network more secure.

• Strong passwords: Users hear it constantly, but many still aren't listening.
  User tip: Passwords should contain a mix of uppercase and lowercase letters as well as numbers or special symbols (like % or $).
  User tip: Passwords should never be something simple like the name of your son or your birth date.

• Avoid phishing scams:
  User tip: No reputable company or tech support department will ask you to provide your username, password, social security number or other sensitive information in an e-mail. Also, never click on Web links within unsolicited e-mail.

• Protect your workspace: At any given moment, your desk may have memos or documents that contain sensitive or confidential information or you might have classified information displayed on your computer monitor.
  User tip: Be aware of who is nearby, and secure information assets by locking your PC before you leave your desk.

• It's probably a hoax: Any e-mail message from a friend or family member claiming to be urgent news that you should distribute around the world is almost definitely a hoax. To verify, you can check the information on a site like www.snopes.com. However, even if it is legitimate, you should not use corporate resources to forward spam messages on to your friends and family.
  User tip: Don't use corporate resources to forward spam.

• Don't open attachments:
  User tip: Unless you are 100% sure of whom the e-mail came from and what the attachment contains, do not open or execute an e-mail file attachment.

• Keep your virus detection device turned on: Antivirus scanning is only effective if it is turned on.
  User tip: Do not disable or deactivate your antivirus scanning engine.

• Do not install unapproved software: Even if software is free, it is not always free for use on corporate machines. Downloading software from the Internet is a primary source of viruses, spyware and Trojans, and even legitimate software may not be compatible with other software on your computer and could cause conflicts.
  User tip: Don't install unapproved software.

• Beware of instant messaging: Instant messaging can be a great communication tool, but it can also be a way to transfer viruses and other malware or initiate phishing attacks. Use instant messaging responsibly.
  User tip: Do not click on links sent from unknown instant messaging users.

• When in doubt, call for support: It is better to contact the pros to check it out than to be the root cause of a virus infection that takes down the corporate network.
  User tip: If you are suspicious of something or something just seems weird, contact tech support.

About the author: Tony Bradley is a consultant and writer with a focus on network security and antivirus and incident response. He is the About.com guide for Internet/Network Security, providing a broad range of security tips, advice, reviews and information. Bradley also contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.