-Maintain up-to-date antivirus signatures and engines.
-Keep operating system patches up-to-date.
-Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
-Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
-Enforce a strong password policy and implement regular password changes.
-Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
-Enable a personal firewall on workstations, configured to deny unsolicited connection requests.
-Disable unnecessary services on workstations and servers.
-Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
-Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
-Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
-Scan all software downloaded from the Internet prior to executing.
-Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).