Major threats to the IT infrastructure of any business are from malicious software and viruses. Regardless of whether it’s a Mom & Pop business with one or two workstations or a Fortune 500 firm, each can be affected and steps should be taken to ensure protection. Because this mischief starts from within or outside the network, to ensure that systems are protected from damage, a holistic approach starting at the desktop and end user and working outwards to the Internet is implemented.
Firstly, protection is not technology related, it's primarily cultural. Depending upon the size of the firm, it may consist of a simple outline of what users should and shouldn't do with their business computer. With larger clients, the company advocates for an Acceptable Use Policy (AUP) be formally implemented if one doesn't exist; it provides guidelines that put the firm at risk for both users and management. Not only will the AUP mitigate unauthorized usage, it can also reduce the likelihood of inappropriate use.
Next, the technology is addressed. Workstations and servers are secured with centrally managed security and an anti-virus scanner which cannot be disabled. Email servers are configured with anti-spam software as well as anti-virus attachment scanning. If Web usage is allowed from individual workstations, systems that scan and validate visited websites are installed to ascertain appropriateness.
Finally, a business grade firewall, which acts as the first line of defense against attacks from external sources is installed, which prevents infrastructure compromises.