The very first action you should take is to install anti-virus software on your networkand keep it up to date. Then seriously consider these steps:
- Don't allow your users to install unauthorized software. This is especially difficult on laptops, PDAs, and other types of mobile devices. Keep in mind that these machines are the most vulnerable and the most capable of carrying a virus, Trojan, or worm inside a firewall perimeter.
- If possible, let your enterprise be a heterogeneous environment. The combination of Linux, UNIX, Macintosh, and Windows in the enterprise makes it less likely that any virus will be able to attack all of your systems, and in some cases an attack may leave a signature that can make it easier to detect and track.
- Protect internal assets by using proxy servers and firewalls that are capable of stateful packet inspection and content checking. Set email filters to use anti-virus software and filter on regular expressions as well as rejecting emails with virus-type signatures from unknown mail transport systems.
Finally, as in almost every corrective action suggested in this series, educate your staff on how viruses, Trojans, and worms work and what the different types and hybrids are. A good place to point them is Ontrack's Virus Tutorial.