In Casino Royale, Bond chooses a password to protect a multi-million pound money transfer. What does he choose? His girlfriend's name - doh! Why bother torturing him when you could just guess his cunning plans? We can all do better than that. For most situations a password should be 8 characters long and be a mixture of letters, numbers and other characters and it should conform to company policy. It should not be a word you would find in a dictionary, the name of your spouse, partner, child, pet, favorite band or any of these followed by a single digit. Use common sense - Razorlight1 isn't a good choice if you have a poster of the band behind your desk.

Keep asking Why should I believe that? It is important to remember that you can't trust the "from" address on e-mail from outside the organization, as it is often faked by fraudsters and viruses. If you didn't expect a message, link, or attachment from someone, ask yourself why you should trust that it really came from the apparent sender, and that it's safe. When in doubt, it's a good idea to call and verify that they sent you the message.

Foreign languages are no longer as difficult to understand as they once were, thanks to improvements in web translation services, which instantly translate words and web pages. The website translator plug-in can expand your global world with an amazing and effortless approach by automatically recognizing foreign-language identifiers.

1. If you find a USB token in the wild, don't plug it into your USB port as it could autoinstall software if your system is set to autoplay CDROMs.
2. Though many organizations' standards call for disabling autoplay of CDROMs, you should check and set yours. To disable autoplay follow these instructions (for WinXP):
3. Open My Computer
4. Right click on your cdrom drive selecting "Properties"
5. Select Autoplay page and set each menu option to "Select an Action to Perform" = "Take no action"
6. Click Apply (you must apply each setting change one at a time!)
7. Repeat for each item in the list (alternatively ensure that all are set to "Prompt me for action"

In July 2007, when iPhones were scarce and strongly in demand, Botnet herders put software on already infected computers that redirected users browsing for iPhones to phony websites. The malware caused pop-ups and banner advertisements on infected computers; clicking on the provided links took users to the phony sites. People who attempted to buy iPhones from the sites were actually providing the Bad Guys with their personal and financial information. You can expect to see something similar for any fad that comes along. When your heart is tempted by the latest hot fad, don't throw caution to the wind.

A common fraud, called "phishing", sends messages that appear to be from a bank, shop or auction, giving a link to a fake website and asking you to follow that link and confirm your account details. The fraudsters then use your account details to buy stuff or transfer money out of the account. These fake sites can be hard to spot, so no reputable organization will send a message requesting your confidential information.

To secure your data and reduce SPAM sent to your business as well as to your private email account, get a dedicated address for internet postings. Never use your business email address for posting guestbook entries, votes, or questions and answers in forums and surveys. It's good to be reachable in these situations, but best to be anonymous.

Here are some things you should do.

1. Contact the three major credit bureaus and have them place a fraud alert on your credit report.
2. If a credit card was involved, contact the credit card company and close the account.
3. Contact your local law enforcement agency and file a report.
4. File a complaint with the Federal Trade Commission.
5. Document all conversations so you know whom you spoke to and when.

How do attackers exploit the absence of this control?

Many criminal groups and nation-states deploy systems that continuously scan address spaces of target organizations, waiting for new and unprotected systems to be attached to the network. The attackers also look for laptops not up to date with patches because they are not frequently connected to the network. One common attack takes advantage of new hardware that is installed on the network one evening and not configured and patched with appropriate security updates until the following day.