You can never have too much security, but SMBs are often very surprised at how much they can do with what they already have. This is especially true if you're running Exchange Server 2003 with recent Windows clients.
A thorough understanding of Group Policy can totally transform the network computing experience, and bring peace and calm to an otherwise chaotic network.
1. Making sure that My Documents, and its brothers and sisters, all point to network shares means that irreplaceable documents dumped on the desktop will actually be backed up properly.
2. Does everyone really need to be in the Administrator role in the company? Indeed, is anyone running in such a role as a day-to-day norm? If so, it really is time to lock things down.
3. You can also do much to mitigate against either wilful or careless network browsing by carefully and selectively locking down firewalls and turning computers from being general-purpose devices into task-oriented machines.
For example, does the computer running the accounts package really need to have full internet browsing capabilities?
Why not lock it down, both locally and on the main firewall, to help prevent accidental incursion of malware or other nasties? A little planning here, coupled with clear thinking and a structured logical approach, can do wonders to improve the network security profile.
4. Finally, if you run a desktop antivirus package, then make sure it has a single point of updating, and that all the desktops are kept tightly in sync.
Discovering that a dusty unloved computer in the corner is actually a hotbed of malware isn't the sort of thing you want to experience on a busy Friday morning.
