Hire or appoint a dedicated security resource on staff and establish an emergency response team.

Create, communicate, and update a comprehensive, company-wide set of security policies. These policies should address everything from appropriate use of company resources to treatment and handling of confidential data. For information about recommended security policies and procedures, see http://www.microsoft.com/technet/security/guidance/avdind_3.mspx#EBAA.

Perform a vulnerability assessment, and, based on that assessment, establish a business continuity and disaster recovery plan. For information about incidence response and recovery, see http://www.microsoft.com/technet/security/guidance/avdind_4.mspx

Monitor malware alert sites for early warnings of malware attacks. Good sites include:

Antivirus Information Exchange Network (AVIEN) at http://www.avien.org.

Microsoft Security Antivirus Information at http://www.microsoft.com/security/antivirus/.

Enable automatic updates for all operating systems, software, and hardware in your infrastructure, or schedule regular updates where automatic updates are not available.

Review and update your vulnerability assessment, security policies, and disaster recovery plan on a regular basis.

Installing antivirus software at all levels: desktop, servers, gateways, and the perimeter.

Employing generic virus protections where possible: filtering, blocking, and stripping attachments.

Employing complementary security programs such as host-based or personal firewalls, host-based and network-based intrusion detection, and prevention.