I'm giving a presentation later this week to the staff at the company where I work. The goal of the presentation is to serve as a refresher/remidner of good practices that can help keep our network secure. The audience is made up of both programmers and non-technical staff, so the presentation is geared for non-technical users.

I want part of this presentation to be a top list of "tips". The list needs to be short (to encourage memory) and be specific and relevant to the user.

I have the following five items so far:

• Never open an attachment you didn't expect
• Only download software from a trusted source, like download.com
• Do not distribute passwords when requested via phone or email
• Be wary of social engineering
• Do not store sensitive data on an FTP server

Some clarifications:

• This is for our work network
• These need to be "best practices" tips for the end-user, not IT policy
• We have backups, OS patches, firewall, AV, etc, all centrally managed
• This is for a small business (less than 25 people)

I have two questions:

1. Do you suggest any additional items?
2. Do you suggest any changes to existing items?