SIDEBAR: Pre-emptive Strikes in Virus War

Eight tips to bolster your defences

• Cover all bases. Remember to update antivirus software on desktops and servers regularly. More than 500 viruses crop up monthly. Don't forget remote users. And use different types of antivirus software. They don't all catch everything.
• Surf secure. Make sure employee Web browsers are at the right security level to prevent breaches.
• Ship it out. Consider outsourcing the filtering of your corporate e-mail to catch spam and viruses before they get on your network.
• Publish policies. Tell employees to never open e-mail attachments from people they don't know. Some viruses spread by mailing themselves to contacts in an infected computer's address book.
• Get alerts. Subscribe to get the latest virus news and warnings on e-mail at sites like McAfee (www.dispatch.mcaffee.com) and Sophos (www.sophos.com/virusinfo).
• Grade it. Rank applications and systems according to how critical they are to your business. When a virus hits, determine which systems are most important to protect. Rate patches so that all IT staffers are on the same page: A low rating means patch it when you have a minute; high means do it now.
• Assign a staff member to take charge when a bad virus hits. This person leads conference calls and meetings, and coordinates the response and clean-up.
• Back Up! Create group pages among IT staff to use as a backup if a virus takes the company e-mail down.

SOURCES: Microsoft, IBM, McAfee, Sophos, PricewaterhouseCoopers, CIO reporting

SIDEBAR: Spam Battle Gear

Six suggestions for fighting the unsolicited e-mail menace

• Write it down! Send a policy on e-mail use to every employee. Define what's appropriate to send from work. Ban the forwarding of chain e-mail.
• Don't be obvious. Avoid assigning all employees obvious e-mail addresses such as name@company.com. A random number in an address can trip up spammers.
• Use a filter. Use a whitelist or verification filter like DigiPortal Software's ChoiceMail, a tool for Microsoft Windows, or TMDA (tagged messenger delivery agent), an open-source tool. A whitelist filter makes sure that mail only from approved recipients makes it to the inbox. Other messages generate a challenge that is returned to sender.
• Know the rules. Try rules-based spam filtering with a tool like SpamAssassin, which evaluates scores of e-mail patterns against an incoming message. If an incoming message exceeds a minimum score, it's bounced as spam.
• Be demanding. Make it policy that when an employee uses newsgroups, signs up for newsletters or makes online purchases that they use a personal e-mail address.
• Keep your staff informed. Tell employees to never respond to spam - even if the e-mail asks if they want to be removed from their list. A response just confirms the accuracy of an e-mail address. Teach them to delete e-mails and attachments instead of opening or forwarding them. Tell them to never send personal information in an e-mail.

SOURCES: IBM, Gnosis Software, Symantec, Sophos