Symantec Global internet Security threat report
Symantec also advises that users never view, open, or execute any email attachment unless the attachment is expected and comes from a known and trusted source, and unless the purpose of the attachment is known. By creating and enforcing policies that identify and restrict applications that can access the network, organizations can minimize the effect of malicious activity, and hence, minimize the effect on day-to-day operations. in addition, administrators should limit privileges on systems for users that do not require such access and they should restrict unauthorized devices such as external portable hard-drives and other removable media.
to reduce the likelihood of identity theft, organizations that store personal information should take the necessary steps to protect data transmitted over the internet or stored on their computers. this should include the development, implementation, and enforcement of a secure policy requiring that all sensitive data be encrypted. Organizations should implement a data loss protection (DLp) solution that not only serves to prevent data breaches but that can also mitigate potential data leaks from within an organization. Access to sensitive information should be restricted and organizations should enforce compliance to information storage and transmission standards such as the payment Card industry (pCi) standard.88 policies that ensure that computers containing sensitive information are kept in secure locations and are accessed only by authorized individuals should be put in place and enforced. Sensitive data should not be stored on mobile devices that could be easily misplaced or stolen. this step should be part of a broader security policy that organizations should develop and implement in order to ensure that any sensitive data is protected from unauthorized access. this would ensure that even if the computer or medium on which the data were stored, lost, or stolen, the data would not be accessible. this step should be part of a broader security policy that organizations should develop and implement in order to ensure that any sensitive data is protected from unauthorized access.