I'm giving a presentation later this week to the staff at the company where I work. The goal of the presentation is to serve as a refresher/remidner of good practices that can help keep our network secure. The audience is made up of both programmers and non-technical staff, so the presentation is geared for non-technical users.

I want part of this presentation to be a top list of "tips". The list needs to be short (to encourage memory) and be specific and relevant to the user.

I have the following five items so far:

• Never open an attachment you didn't expect
• Only download software from a trusted source, like download.com
• Do not distribute passwords when requested via phone or email
• Be wary of social engineering
• Do not store sensitive data on an FTP server

I have two questions:

1. Do you suggest any additional items?
2. Do you suggest any changes to existing items?