Protect Systems and Data from Malware

Below are twelve key steps to get some information security fundamentals in place:

  1. Backup systems and data, including an off-site backup
  2. Update key software, particularly operating systems and productivity software
  3. Update security software
  4. Take caution with unexpected or suspicious emails
  5. Ensure that user accounts do not have higher privelege than really needed (particularly 'administrator' level)
  6. Ensure strong passwords are used, and that passwords are never revealed to anyone else
  7. Take care with certain file types (e.g. .exe) and ensure known sources (e.g. Google Play Store for Android)
  8. Prevent unwanted code from running (e.g. disabling macros) and ensure antivirus software is scanning in real time
  9. Ignore instructions in emails or files to disable any security software or enable features (e.g. macros)
  10. Ensure wireless networks use WPA2 and wired networks are segmented
  11. Provide security awareness and data protection training to staff on a regular basis
  12. Take time to develop plans in advance (including a 'business continuity and disaster recovery' plan)