Re: Best practices for preventing malware in a small business environment?

[gold flake <ptinstructor () gmail com>]

Have to agree with the general view here that user education and
awareness is the only long-term solution.  However most employees feel
threatened/insulted if you lecture them about what they have been
doing is causing harm to the company.

What is needed in your awareness/education sessions is the feeling
that the security controls that have been put in place do not imply
that the employees are not trusted.  Rather these controls have been
put in place to enable them to do their jobs in a safe and secure
manner.  Examples of employees loosing their jobs because the company
went under because they lost customer data are fairly effective.

Otherwise whips have been known to have worked since they were
building pyramids ;-)


> I'm concerned with my company's employees contracting rootkits via normal websurfing and wanted to find out if 
> there's a good way to prevent this from happening.  Antivirus software on the PC's help a little, but they still 
> don't catch everything.  Is there something else that can be implemented on my network to help prevent malware being 
> installed through websurfing?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------