<div dir="ltr">On 24 October 2013 11:27, Pinkerton, Eric (AU Sydney) <span dir="ltr"><<a href="mailto:Eric.Pinkerton@baesystemsdetica.com" target="_blank">Eric.Pinkerton@baesystemsdetica.com</a>></span> wrote:<br><div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
IMHO, The 'best' policy is a combination of many things starting with training your end users to spot dodgy looking links, filtering egress traffic, patching patching and more patching, not using XP with IE6, monitoring your logs, changing your default password from 'password' and giving people permissions in line with their requirements (ie not making everyone a domain admin) etc etc.</blockquote>
<div><br></div><div>Unfortunately, much of that relies on educating users, and if educating users was going to work, it'd have done so already. :(<br></div></div></div></div>