Because virus authors are constantly changing their tactics, prevention planning can be very difficult. At a bare minimum, you need to make sure you have anti-virus software installed on all of your workstations. As an added layer of defense, you may also want to make sure that you have anti-virus software installed on your e-mail and file servers as well. Anti-virus software should be a basic part of your workstation configuration, as important-if not more important-as application software.

Make sure that you schedule your anti-virus software to update itself on a regular basis. Outdated anti-virus software is worse than not having anti-virus software at all because it lulls you into a false sense of security.

Ensure that your anti-virus software scans your workstation in the background. Although this may place a drag on system performance, it will allow the anti-virus software to immediately squash a virus if it encounters one. You should also schedule the anti-virus software to do a complete system scan on a regular basis, preferably during off hours. This will catch any viruses that may have snuck past the background scan.

Because many worms take advantage of open ports on workstations and servers, a good firewall is as important as anti-virus software in today’s networking environment. You should provide firewall protection in-depth as well, placing a firewall not only between your network and the Internet, but also between your workstations and the network.

Often overlooked in IT environments is anti-spyware software. Viruses get all of the attention because they do damage, but having software that defends against spyware as well as viruses is also important. Like anti-virus software, good spyware programs can run in the background and protect against spyware on the fly. You need to make sure you keep it up to date as well, as new versions of spyware crop up almost as fast as viruses.

One important part of planning goes beyond simple technology. You should have a clear Internet policy for your organization that spells out how to avoid spyware and viruses. Educate your users on how viruses and spyware are spread, and how to identify suspected infections. You may want to create a notification system to warn users when critical outbreaks happen.

Don’t forget to also warn users about the existence of hoaxes. Just because their aunt e-mails them about the “newest” virus, it doesn’t mean that the virus is real. You want your users to be aware of legitimate threats.