I'm giving a presentation later this week to the staff at the company where I work. The goal of the presentation is to serve as a refresher/remidner of good practices that can help keep our network secure. The audience is made up of both programmers and non-technical staff, so the presentation is geared for non-technical users.
I want part of this presentation to be a top list of "tips". The list needs to be short (to encourage memory) and be specific and relevant to the user.
I have the following five items so far:
Never open an attachment you didn't expect
Only download software from a trusted source, like download.com
Do not distribute passwords when requested via phone or email
Be wary of social engineering
Do not store sensitive data on an FTP server
Some clarifications:
This is for our work network
These need to be "best practices" tips for the end-user, not IT policy
We have backups, OS patches, firewall, AV, etc, all centrally managed
This is for a small business (less than 25 people)
I have two questions:
Do you suggest any additional items?
Do you suggest any changes to existing items?