Airgap Everything.

Or don't. Today we spent about 15 person-hours troubleshooting a virus-laden computer. Granted, most of the heavy lifting was being done by ClamAV and Symantec, but it's after 23:00, and someone is still babysitting a computer so that it's owner can get back to work tomorrow. He'll be getting "back" to work. We'll still be there. Obviously you can't really airgap everything. The internet has become, well, important to most people's daily work. It's also become a festering cesspool of viruses, spyware, and assorted other badness. If you use Windows (which you very likely do), you're in the most trouble of all. But a good quality antivirus solution buys a heck of a lot of security. A good, centrally managed antivirus solution is even better. One of our favorites is Symantec Antivirus Corporate Edition (SAVCE to us geeks). In nearly 10 years of use, I've never had a single virus infection on any machine running a properly configured and updating installation of SAVCE. I don't just mean on my personal machines either--I mean not one single infection on any machine under my care running this software. At any one time, that's a few hundred desktops, laptops, and servers.

We've heard lots of excuses over the years, from cost, to performance concerns, to inconvenience.... The most recent excuse takes the cake though: "But we have antivirus installed on our proxy server!" Making excuses leads to paying tech consultants lots of overtime digging your data out of meltdown. Instead, a little bit of preventative medicine can very effectively keep you safe. You can license the latest SAVCE or Symantec Endpoint protection for about $30 per computer per year. If you're a nonprofit organization, you can get a 75 pack of licenses for a one-time fee of about $200. With that, you get centralized management of antivirus protection, which means that you can control how often each of the machines on your network updates itself, check on virus definitions, push or withhold specific patches, and browse quarantined files on any of the protected machines. In less than 5 minutes, without leaving your desk, you can confirm the protection of your entire organization.

There are other top-notch antivirus solutions out there, and you don't have to take our word for it. SAVCE happens to have been good to us, and we can recommend without reservation. (No, we aren't being paid to write this.) The important thing is that you take a few minutes today to make sure that your org is protected. Don't rely on your firewall or proxy server, don't pretend it can't happen to you, don't rely on the 30-90 day free trial of such-and-such you got with your new computer, and for Pete's sake, don't wait until after the next virulent outbreak to start protecting yourself.