Hackers like to find and exploit bugs and loopholes in popular software products. Some do it for money, some to make a statement, some simply to cause trouble. And they can cause trouble, exposing confidential public data such as credit card numbers on a Web site, or stealing passwords in a computer. The impact on your organization and the public can be devastating.

When Microsoft or another company discovers a bug in its software, it typically releases an update that can be downloaded over the Internet. The update patches the loophole or bug to keep hackers from causing trouble. Over time, however, software products have become more security enhanced. Windows XP Professional, for instance, is inherently more security enhanced than Windows 95. And Windows XP Professional with Service Pack 2 (SP2) provides even stronger security enhancements that help defend against hackers, viruses, and worms. But that doesn't negate the importance of downloading and installing patches as soon as they are released.

Windows XP Professional: Go to the Microsoft Update Web site, click Scan for Updates, and the Web site automatically analyses your PC and determines what updates you need. You can then download and install the patches. You can also make this happen automatically by enabling the Automatic Update feature in Windows XP. When important updates such as SP2 are released, you receive them automatically.

Windows 2000: If you're running Windows 2000 as part of a domain or as a standalone computer, visit the Microsoft Update Web site where you can find the latest service packs, device drivers, application compatibility, and system security updates.

Windows 95 and Windows 98: If you are running one of the older versions of Windows, you should know they have much less security enhancements than newer versions of the operating system, such as Windows XP. Microsoft strongly encourages upgrading to help ensure the highest level of desktop security features. Go to the Windows XP Web site for details.

Keep current with security patches for Microsoft Office programs, which are available with other downloadable add-ins at the Microsoft Office Online Web site.

Viruses (as well as worms and Trojan horses) are malicious programs that run on your computer. Some viruses delete or change files. Others consume computer resources. Some allow outsiders to access your files. One of the more ominous characteristics of viruses is that they can replicate (or copy) themselves. A virus can grab e-mail addresses from a contact list and send itself to those addresses. Virus-infected computers can spread throughout your organization and cause serious downtime and data loss. You also risk infecting computers of the constituents, stakeholders, and citizens that you communicate with via e-mail messages.

2. Never open suspicious files. Make sure all staff members understand that they should delete (without opening) any files attached to an e-mail message from an unknown, suspicious, or untrustworthy source.

3. Use e-mail security enhancement features. Both Microsoft Office Outlook 2003 and Microsoft Office Outlook Express 6.0 have settings that help detect and reduce potentially infected e-mail messages. Look into upgrading these programs if you don't use them already.

If you have an always-on broadband connection, chances are your organization’s computer network is randomly probed by criminal hackers. Once they stumble on a valid computer address, they try to exploit bugs in software or decipher passwords to gain access to your network, and, ultimately, individual computers and everything on them.