http://www.staysafeonline.org/
http://www.microsoft.com/security/resources/default.aspx#Free-materials
In many cases, the first line of defense against a digital security breach is not your antivirus or firewall, but your employees. Your employees play a vital role in dealing with and preventing potential security breaches. It is my strong belief that every computer user should be taught how to be safe when using a computer on the internet and to know what to look for in order to avoid potential risk. I am going to discuss some basic issues that your employees should know in order to be safe on-line, based on my experiences and tips from the security industry.
Frequently, I find that many small businesses have no way to manage software updates and ensure updates are done on every computer. This lack of update management leaves the task of regularly updating the computer to the user. It is important for users to allow their computer to update when updates are available. A better option is to set Windows and any other software that is capable of automatic updates to update on a schedule without user intervention. If scheduled automatic updates are not possible, it is important for each user to be trained to update software on a regular basis.
I also find that most employees know very little about their computers outside of the applications they use every day. This lack of knowledge and familiarity with other software running on the machine has resulted in users blindly trusting fake antivirus alerts, as well as other Trojan style attacks such as fake updates and hard drive crash messages. There are a number of viruses out today that pretend to be Microsoft Antivirus updates or claim that your hard drive is crashing and if you download the tool from Microsoft and pay a small fee it can be fixed. These are all scams, and it is important to be familiar with antivirus and other software on your machine and how they communicate problems to you.
Research online and recreational browsing at work can lead users to all kinds of information on the web. Try to avoid sites that use pop-ups. Many sites allow advertisers to run ads that pop up in new windows. These ads can be dangerous because they can contain code that is designed to take advantage of security flaws on your computer’s software. Check your browser settings to make sure the pop-up blocker is turned on; and if you do encounter a site that still pops up ads, you should close the ad and leave the site to avoid any more potential risk.
Be aware of other types of scams called “phishing.” Email and websites will try to lure you into giving them information about yourself such as passwords or credit card information to verify who you are or your eligibility for some reward. Reputable companies will never ask you for this kind of information.
It is in a company’s best interest to make sure that their employees know how to safely use their computers and navigate the internet. A little time spent now could save a lot of money and headache later. At the beginning of this article I have included two links to sites that can help you understand how to develop a training program for your employees. I also recommend working with a computer or IT Security professional to help you develop and deliver this information to your employees.