1. Keep your systems patched and up to date.

Keeping systems fully up to date—including the operating system, web browsers, browser plugins, media players, PDF readers and other applications—can be a tedious, annoying and time-consuming ongoing task. Unfortunately, hackers are counting on most people to fall far short of what’s needed to keep their systems up to date.

2. Standardize your web software.

If you’ve just read point number 1, you’re probably still thinking that keeping systems fully patched and up to date is an onerous task. What makes this worse is if you don’t know what software is running on your network or you have a variety of individuals using different browsers, plugins and media players.

3. Secure your browsers.

You must familiarize yourself with the plethora of security, privacy and content settings that all browsers have in order to understand the tradeoffs. Some security settings will merely increase the level of prompting—annoying users without adding any tangible security—while others can be important to limiting exploits and threats.

4. Enforce a strong password policy.

The purpose of a password policy should be obvious: If you don’t want everyone to have access to something, you set up passwords to permit access only to authorized users. The purpose of an effective password policy is to keep passwords from being easily guessed or cracked by hackers. Despite this enormous vulnerability in every system, many organizations fail to take this threat seriously.

5. Use an effective web security solution.

A proper web security solution is a vital component of an overall strategy for safeguarding your organization from modern web threats. It will reduce your threat exposure by limiting users’ surfing activity to website categories relevant to their work, or at least help them avoid the dirty dozen categories (adult, gambling, etc.) that are a breeding ground for malware. It will also protect you from trusted sites that you visit daily that may become hijacked at any time to silently spread malware to unsuspecting visitors. Finally, it will also help protect your internet resources from abuse as a result of the exchange of illegal content or bandwidth-sapping streaming media.