> Enterprise > Security Response > Internet Security Threat Report > View the Report > Best Practices

Best Practices

Best Practice Guidelines for Businesses | Best Practice Guidelines for Consumers

Best Practice Guidelines for Consumers

1. Protect yourself: Use a modern Internet security solution that includes the following capabilities for maximum protection against malicious code and other threats:
  • Antivirus (file and heuristic based) and malware behavioral prevention can prevents unknown malicious threats from executing;
  • Bidirectional firewalls will block malware from exploiting potentially vulnerable applications and services running on your computer;
  • Intrusion prevention to protection against Web-attack toolkits, unpatched vulnerabilities, and social engineering attacks;
  • Browser protection to protect against obfuscated Web-based attacks;
  • Reputation-based tools that check the reputation and trust of a file and Web site before downloading; URL reputation and safety ratings for Web sites found through search engines.
  • Consider options for implementing cross-platform parental controls, such as Norton Online Familyxlii.
2. Keep up to date: Keep virus definitions and security content updated at least daily if not hourly. By deploying the latest virus definitions, you can protect your computer against the latest viruses and malware known to be spreading in the wild. Update your operating system, Web browser, browser plug-ins, and applications to the latest updated versions using the automatic updating capability of your programs, if available. Running out-of-date versions can put you at risk from being exploited by Web-based attacks.
3. Know what you are doing: Be aware that malware or applications that try to trick you into thinking your computer is infected can be automatically installed on computers with the installation of file-sharing programs, free downloads, and freeware and shareware versions of software.
  • Downloading “free,” “cracked” or “pirated” versions of software can also contain malware or include social engineering attacks that include programs that try to trick you into thinking your computer is infected and getting you to pay money to have it removed.
  • Be careful which Web sites you visit on the Web. While malware can still come from mainstream Web sites, it can easily come from less reputable Web sites sharing pornography, gambling and stolen software.
  • Read end-user license agreements (EULAs) carefully and understand all terms before agreeing to them as some security risks can be installed after an end user has accepted the EULA or because of that acceptance.
4. Use an effective password policy: Ensure that passwords are a mix of letters and numbers, and change them often. Passwords should not consist of words from the dictionary. Do not use the same password for multiple applications or Web sites. Use complex passwords (upper/lowercase and punctuation) or passphrases.
5. Think before you click: Never view, open, or execute any email attachment unless you expect it and trust the sender. Even from trusted users, be suspicious.
  • Be cautious when clicking on URLs in emails, social media programs even when coming from trusted sources and friends. Do not blindly click on shortened URLs without expanding them first using previews or plug-ins.
  • Do not click on links in social media applications with catchy titles or phrases even from friends. If you do click on the URL, you may end up “liking it” and sending it to all of your friends even by clicking anywhere on the page. Close or quit your browser instead.
  • Use a Web browser URL reputation solution that shows the reputation and safety rating of Web sites from searches. Be suspicious of search engine results; only click through to trusted sources when conducting searches, especially on topics that are hot in the media.
  • Be suspicious of warnings that pop-up asking you to install media players, document viewers and security updates; only download software directly from the vendor’s Web site
6. Guard your personal data: Limit the amount of personal information you make publicly available on the Internet (including and especially via social networks) as it may be harvested and used in malicious activities such as targeted attacks and phishing scams.
  • Never disclose any confidential personal or financial information unless and until you can confirm that any request for such information is legitimate.
  • Review your bank, credit card, and credit information frequently for irregular activity. Avoid banking or shopping online from public computers (such as libraries, Internet cafes, etc.) or from unencrypted Wi-Fi connections.
  • Use HTTPS when connecting via Wi-Fi networks to your email, social media and sharing Web sites. Check the settings and preferences of the applications and Web sites you are using.
  • Look for the green browser address bar, HTTPS, and recognizable trust marks when you visit websites where you login or share any personal information.
  • Configure your home Wi-Fi network for strong authentication and always require a unique password for access to it.