10- Keeping Tabs on your Data
While most are the direct result of criminal intent, there are many situations where people unintentionally exposed proprietary and personal data simply by taking files and laptops home. So it’s not just the unauthorized electronic packets moving in and out of your network that can cost you business, keep an eye on what’s walking in and out of your office doors.
9- Your first line of defense!Firewalls
One thing that comes up on a monthly basis is that we often encounter customers that do not have a physical firewall or ACL rules on their primary routers. We’ve even encountered customers that have their SQL servers on public IP addresses and are basically asking for trouble!
8- Abc123 is not a password! And neither is qwerty!
Institute a strict password policy that forces users to a) use a complex structure requiring longer passwords (or passphrases), including upper and lowercase characters and symbols, and b) change them periodically. Which would you rather deal with: the few who grumble about the inconvenience, or the multitudes who will scream about their undeliverable messages?
7- Didn’t Mom always say to look BOTH ways before crossing the street? The same goes for spam.
It is just as crucial to scan outbound mail for spam and viruses as inbound. You cannot trust that your own users will send only legitimate messages, especially when malware is specifically designed to spoof and abuse addresses.
6- Be wary of Popups. If it looks too good to be true, it probably is!
Be sure to read all pop-up messages carefully to prevent clicking the wrong thing and causing harm. If a pop-up advertises a program or manufacturer that is unknown to you, leave it alone.
5- Don’t be so transparent!
Legitimate ‘Free WiFi,’ available in most coffee shops, is usually unencrypted. The guy sitting next to the guy drinking his coffee is virtually on the same network as you, with nothing between you and him to protect your privacy. And, most of these free services don’t use either WPA or WEP security (which can be hacked in minutes anyway).
So, be careful when using HotSpots. At least financial transactions are usually done using HTTPS, so your information is a bit more complicated to grab. But if the hacker gets access to your email, username and password, and spot a connection to your bank site, all he has to do is click the password reminder link on the site and monitor your Inbox to get some nice information
4- Primary Domain? Secondary? Same Difference, right?
When deploying an Email anti-spam or anti-virus solution, administrators commonly make the mistake of placing the gateway as the primary MX for their domain(s), and the backend mail server (protected by this gateway) as the secondary MX, in case the gateway fails. At face value, this seems like a good idea. In fact, it isn’t. Why? Spammers habitually target the secondary MX address on the assumption that it is likely to be the main mail server. They may also do this to avoid Nolisting. The end result is that your anti-spam gateway is completely bypassed.
Recommendation: you should only have a single MX for your Email domain(s).
3- Keep your guard up!
Always be wary of the source of the email and its content, especially if you have friends who are constantly getting infected with viruses. Resist the urge to open any attachments that might come from them, and don’t click any links within the message. If you think an attachment might be legit, try communicating with your friend the old fashioned way first: pick up the phone and ask what the contents are before opening.
2- It looks tempting.. but don’t take the bait!
Typical phishing messages purport to originate from various financial institutions, delivery services, Facebook, and so on, all with the aim of getting you to click the enclosed link and disclose some personal information that can be abused. The latest variants target American Express2 and other credit card companies.
This bogus Visa message claims that your card was supposedly used elsewhere in the world but that the transaction was refused. You’re politely invited to ‘carefully review electronic report for your VISA card,’ but in this case don’t bother RSVP-ing!
1- Don’t trust yourself!
Do NOT trust or whitelist your own IPs or domain name(s), or allow your users to trust their own email addresses / domain names. If a spammer spoofs a local address and begins broadcasting through your server, everyone on your system could suffer the consequences.