What would you recommend as best practices for a small business to defend their personal computer systems to security threats while connected to the Internet?
I think the top threats are untrained users and uncaring management -- that's how things become vulnerable in the first place. Beyond that, it's the typical malware, malicious internal user, outside hackers, etc. In a nutshell, upper management needs to understand the threats/vulnerabilities, create (or at least support the creation of) policies and allow a reasonable budget for technology purchases to enforce those policies. The technologies and processes would include antivirus and anti-spyware protection, firewall, personal firewall software, automated Windows Updates, strong passwords for each users and data backups that are tested and kept offsite.
This was first published in August 2004