Problem solve Get help with specific problems with your technologies, process and projects.

Educate users about security awareness

User education is one of the hardest security layers for administrators to implement. This article by contributor Tony Bradley provides the top ten things users should know about information security.

Even with the best firewalls, antivirus products and other security hardware and software in place, no network...

or computer is 100% secure. Sadly, the weakest link in the security chain for corporate networks is often the users themselves. Ensuring that users have a basic understanding of information security and a little common sense can yield much higher dividends than the latest whiz-bang application.

Below are the top 10 tips administrators should share with users to help make the whole network more secure.

  • Strong passwords: Users hear it constantly, but many still aren't listening.
    1. User tip: Passwords should contain a mix of uppercase and lowercase letters as well as numbers or special symbols (like % or $).
    2. User tip: Passwords should never be something simple like the name of your son or your birth date.
  • Avoid phishing scams:
    1. User tip: No reputable company or tech support department will ask you to provide your username, password, social security number or other sensitive information in an e-mail. Also, never click on Web links within unsolicited e-mail.
  • Protect your workspace: At any given moment, your desk may have memos or documents that contain sensitive or confidential information or you might have classified information displayed on your computer monitor.
    More Information

    Check out this tip for easy ways to provide this hints to users

    Learn how to use defense-in-depth to create an (almost) invulnerable computing environment

    Learn how to educate your employees about threats -- like spyware.

    Create a corporate security culture with these tips

    1. User tip: Be aware of who is nearby, and secure information assets by locking your PC before you leave your desk.
  • It's probably a hoax: Any e-mail message from a friend or family member claiming to be urgent news that you should distribute around the world is almost definitely a hoax. To verify, you can check the information on a site like However, even if it is legitimate, you should not use corporate resources to forward spam messages on to your friends and family.
    1. User tip: Don't use corporate resources to forward spam.
  • Don't open attachments:
    1. User tip: Unless you are 100% sure of whom the e-mail came from and what the attachment contains, do not open or execute an e-mail file attachment.
  • Keep your virus detection device turned on: Antivirus scanning is only effective if it is turned on.
    1. User tip: Do not disable or deactivate your antivirus scanning engine.
  • Do not install unapproved software: Even if software is free, it is not always free for use on corporate machines. Downloading software from the Internet is a primary source of viruses, spyware and Trojans, and even legitimate software may not be compatible with other software on your computer and could cause conflicts.
    1. User tip: Don't install unapproved software.
  • Beware of instant messaging: Instant messaging can be a great communication tool, but it can also be a way to transfer viruses and other malware or initiate phishing attacks. Use instant messaging responsibly.
    1. User tip: Do not click on links sent from unknown instant messaging users.
  • When in doubt, call for support: It is better to contact the pros to check it out than to be the root cause of a virus infection that takes down the corporate network.
    1. User tip: If you are suspicious of something or something just seems weird, contact tech support.

About the author: Tony Bradley is a consultant and writer with a focus on network security and antivirus and incident response. He is the guide for Internet/Network Security, providing a broad range of security tips, advice, reviews and information. Bradley also contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.

This tip originally appeared on

This was last published in November 2005

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)