The most common mistakes:
- Not using a Firewall.
- No Anti-virus software installed
- No up to date virus definitions
- Too many Admin permissions are granted and Admin users don’t have the appropriate rights (prevents users from downloading and installing software)
- Not upgrading OS patches, as and when they are issued
- Security fixes from other genuine software vendors aren’t applied. e.g MS Office patches
- No Popup blocker installed
- Regular back-ups of data are not carried out
- No Procedures in place: issue strict instructions NOT to open spam emails or attachments to emails. Encourage users to ask if it is safe to do so before opening any unsolicited attachments
- No designated IT member. This designated member should, keep on top of and, issue warnings to all staff about known threats
- Hidden file extensions not shown. Malware is often associated with PDF or DOC files
- Email software is not configured to block .EXE files or emails containing them (if your email software allows this)
- The ability to run files from the App Data or Local App Data folders are still enabled
Although seemingly obvious, these easy steps will ensure that you are on your way to being hack-safe.