Even with the best firewalls, antivirus products and other security hardware and software in place, no network or computer is 100% secure. Sadly, the weakest link in the security chain for corporate networks is often the users themselves. Ensuring that users have a basic understanding of information security best practices and a little common sense can yield much higher dividends than the latest whiz-bang application.
Below are the top 10 information security best practices administrators should share with users to help make the whole network more secure.
Strong passwords: Users hear it constantly, but many still aren't listening.
User tip: Passwords should contain a mix of uppercase and lowercase letters as well as numbers or special symbols (like % or $).
User tip: Passwords should never be something simple like the name of your son or your birth date.
Avoid phishing scams.
User tip: No reputable company or tech support department will ask you to provide your username, password, Social Security number or other sensitive information in an email. Also, never click on Web links within unsolicited email.
Protect your workspace: At any given moment, your desk may have memos or documents that contain sensitive or confidential information or you might have classified information displayed on your computer monitor.
User tip: Be aware of who is nearby, and secure information assets by locking your PC before you leave your desk.
It's probably a hoax: Any email message from a friend or family member claiming to be urgent news that you should distribute around the world is almost definitely a hoax. To verify, you can check the information on a site like Snopes.com. However, even if it is legitimate, you should not use corporate resources to forward spam messages on to your friends and family.
User tip: Don't use corporate resources to forward spam.
Don't open attachments.
User tip: Unless you are 100% sure of whom the email came from and what the attachment contains, do not open or execute an email file attachment.
Keep your virus detection device turned on: Antivirus scanning is only effective if it is turned on.
User tip: Do not disable or deactivate your antivirus scanning engine.
Do not install unapproved software: Even if software is free, it is not always free for use on corporate machines. Downloading software from the Internet is a primary source of viruses, spyware and Trojans, and even legitimate software may not be compatible with other software on your computer and could cause conflicts.
User tip: Don't install unapproved software.
Beware of instant messaging: Instant messaging can be a great communication tool, but it can also be a way to transfer viruses and other malware or initiate phishing attacks. Use instant messaging responsibly.
User tip: Do not click on links sent from unknown instant messaging users.
When in doubt, call for support: It is better to contact the pros to check it out than to be the root cause of a virus infection that takes down the corporate network.
User tip: If you are suspicious of something or something just seems weird, contact tech support.
Tony Bradley is a consultant and writer with a focus on network security and antivirus and incident response. He is the About.com guide for Internet/Network Security, providing a broad range of security tips, advice, reviews and information. Bradley also contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.