Employ Strong Passwords.
As simple as this sounds, it is one of the most overlooked methods of keeping systems safe. There are a number of freely available tools that 'guess' passwords -- a very common technique referred to as 'brute force cracking.' These programs work by repeatedly attempting to log in as a known user and supplying different passwords until successful. Many of these cracking algorithms are very sophisticated and supply the most commonly used passwords first, then start going through dictionary words. Passwords should always be in mixed case and contain at least one number and one special character.
Disable Unnecessary Applications and Services.
Malicious users often gain access to systems at unexpected entry points. One common technique is to scan a system for all active applications or ports and use vulnerable applications as an entry point. These applications may not be necessary to the system's operation. In order to minimize the threat against any system, a prudent user should disable all unnecessary applications or services.
Keep Software up to Date.
This is important on all systems. As malicious users discover vulnerabilities in different operating system components or applications, software vendors release patches to these components which mitigate or eliminate these threats. All systems should be regularly updated with vendor patches in order to maintain security. There are a number of services that offer continual update alerts via email.
Beware of Mail Attachments.
This is one of the most common methods of causing damage. Many email applications today allow for the execution of code in email attachments. Many 'worms' have been released in this manner over the past few years, with effects ranging from relatively harmless propagation of the worm to massive file damage. Users should disable features of their mail application that allow for indiscriminate execution of active code attachments and use a reliable virus scanner that understands email attachments.
Engage Anti-Virus Software.
This software has the ability to scan files on a local computer and, in some cases, to monitor inbound and outbound traffic from applications such as email attachments. This software requires constant updating in order to be effective, and the best applications will automatically download updated virus definition files at predetermined intervals.
Maintain Proper Browser Security Settings.
Today's dynamic Web sites offer rich web experiences, but they have also introduced vulnerabilities. Modern Internet browsers allow the capability to download active programs to local computers for local execution. With improper security settings applied to the local computer browser, some of this code has the potential to investigate or alter the local computer system -- without the knowledge of the user. Users should adopt the most stringent browser security policy possible on their browsers and be wary of visiting some Internet Web sites.
Build Strong Firewalls.
A good firewall system can protect networks from many of the above vulnerabilities -- even when the other best practices are not followed. Firewalls now exist for personal or single-system use as well as the traditional network appliance. These personal firewalls provide a great deal of protection for mobile users or users who do not operate their systems behind an adequate corporate firewall system.
Weigh the Importance of Convenience vs. Security.
There are always compromises made among functionality, convenience and security. It is important to find the right balance and the right technologies to meet the overall goal. Let users get the job done in the most convenient way possible while still implementing strong and effective security practices. Educate all users to the threat of cyberattack, and establish minimum requirements for your organization. Regularly audit security practices and periodically release security awareness statements to keep users aware of the constant threat.
Enact and enforce strong policy.
Staff members with access to or control over critical information should undergo rigorous background checks and should comply with strong security policy. Verifying users via strong authentication practices and making sure that all activity is logged are keys to prevention and accurate forensics in the event of an attack.
Identify most critical information and host it in the safest possible manner.
Not every database or server needs the ultimate level of security. Evaluate the consequences of a breach on a system-by-system basis. Consider outsourcing your most critical systems to a trusted third-party secure hosting company. When considering this option look at network security, physical security and policy security. All three components should be the best of breed to ensure ultimate protection.