Securing Your Systems From the Inside Out . . .

• Commit to practicing security and create information security awareness for
  yourself and your company. Take the time to do security right.
  Budget for security. Educate users on security and its importance.

• Add information security guidelines and rules to your official policy manual
  and assure they are taken seriously. Include a policy to prohibit sending and receiving of joke emails, or other non-company email correspondence
  that have executable attachments

• A hacker’s favorite ruse is to gain information via telephone.
  Be aware that the person on the other end of the computer or telephone can be anyone no matter what they tell you or how nice they appear to be. Never disclose a password by telephone unless you know clearly who the person on the other end is.

• Run Microsoft Windows 2000™ only. Do NOT run Windows 95/98/ME.
  Use Access Control to ALL key files, auditing and other built in features.
  Make sure all current vendor security patches are correctly installed.
  Subscribe to vendor security notification email to keep current.

• Configure Word/Excel/Outlook NOT to run macros unless they are signed and come

from a well-known vendor. Even better, disallow ALL documents containing macros.

• If you are unwilling or unable to assure information security,
  do NOT host your own web sites at home or work

• Remove File Shares when you are done with them.
  Protect ALL File Shares while using them

• Use a Firewall, Anti-Virus Software and continually
  set the proper security settings on ALL your software
  

• Run QuickInspector for the Web or Enterprise Security Advisor / Auditor

• Keep in mind that Only the [Professionally] Paranoid Survive!

Source: Mark Shavlik of Shavlik Technologies, Inc. at www.shavlik.com

SESA TOP 10 SECURITY GUIDELINES.htm