Not all malware requires user interaction. Many variants of malware automatically scan for vulnerabilities in accessible systems, like the ones hosting your websites, VPN, email and other external facing systems and find their way in.
From there it can be a short hop into other systems. See your network the way the attackers do by performing regular vulnerability scans of all your systems, from both the inside and from outside your network.
Consider it the captain of the guard checking all the posts to be sure they are secure.
Most vulnerabilities come from problems in the code, which once discovered should be patched. The more systems you have, the harder it will be to patch every system by hand. You're sure to miss something and that leaves a chink in your armour or a crack in your wall.
Use a patch management system to help automate and verify that each and every one of your workstations and servers are fully patched at all times, for both operating system and application issues. It's proper castle maintenance after all.
User awareness and education
And never forget that your last line of defence is made up of the men and women who use your network.
When all else fails, their decision to click or not to click is all that stands between your healthy network and an outbreak, so take the time to ensure your users are fully trained on safe computing practices, well aware of the threats and completely understand the need for absolute diligence.
There is no such thing as 100% secure but by taking a defence-in-depth approach to network security you are making it extremely hard for the bad guys to get in.
Network security is a combination of education, technology, common sense and regular audits.
With millions of pieces of malware out there, you cannot afford to put the faith of your network in a single solution or measure.
By David Kelleher, Director of Communications, GFI Software