Following on from yesterday’s post regarding Client Side Attacks, today we go into more detail around antivirus and passwords.
You would think in this day and age everyone would have an antivirus product! Some do…but a lot are out of date. It’s imperative that EVERY machine has AV, is up to date, and is scanned regularly.
For businesses I highly recommend Trend Worry Free/Office Scan or Webroot SecureAnywhere. I’ve had personal experience cleaning up numerous virus outbreaks in organisations and Trend and Webroot have been able to completely clean the network every time.
For home use, ensure your product has malware spyware protection as well as a firewall, even if you have a hardware firewall in your ADSL router, a defense in-depth strategy is always best. I personally use Zone Alarm’s Internet Security suite, and I have not come across a virus or infestation on any of my machines that it couldn’t block and eradicate in the 5 years I’ve used it.
Passwords & Password policies
We touched on this under Client Side Attacks, but DO NOT set your IE to save passwords or store information.
Use a minimum of 8-10 (preferably 12) character passwords, that are complex in nature, contain a mix of upper case, lower case, special characters and symbols (@~)*^ space). There is a plethora of sites out there to help you with this.
If you struggle to remember passwords, use a password database like keepass.
Change your passwords frequently, I recommend every 30-60 days for most users but the more regular the better.
Do not use the same password for all sites and systems, or have similar passwords.
And finally a quick note for Admins: Do not use usernames for users that are the same as their email addresses!
In the next post of this series we’ll cover off Encryption and Mobile Devices.