- Why Do End Users Persist in Bad Practices?
- If Technology Alone Doesn't Work, What's the Answer?
- Best Practices for End Users
- Key Points To Remember
Best Practices for End Users
Best practices for small/medium enterprises and large enterprises are too many and varied to be considered here (too many variables combined with lack of a firm consensus). I'll simply say that the more a business uses the Internet, the more damage it can do, and the more that can be reasonably expected from that business to protect the public.
For end users, however, there are some definite best practices that must be followed:
Antivirus software installed, running, and up to date.
Currently updated PC firewall.
NOT clicking unexpected file attachments from unknown users.
Spyware scanning software installed and running.
Patching would not required by this law because, with the right choice of application and security software, it is possible to keep a workstation virus/spambot free without patching. However, evidence that patching has been done can be included as part of a "best practices" defense.