If you're in charge of securing end-user systems at your organization, print out this security checklist and put it on standby In this emerging age of cloud computing, it’s easy to remain focused on the server side of the security equation. However, with crafty cyber criminals running rampant and the continued rise of APTs (advanced peristent threats), securing end-user systems remains critical. Hackers and other troublemakers have a variety of ways by which to turn a PC a perfect access point for wreaking havoc, be it via an outsider exploiting an unpatched vulnerability or an insider taking advantage of unncecessarily elevated privileges to swipe valuable information.For an IT admin, it can be easy to overlook a critical step in making PCs, workstations, and laptops safe. Using this checklist as a guide should prove helpful in tackling the task.[ Master your security with InfoWorld’s interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]Are strong password policies used (at least 10 character minimums, maximum of 90-day changes, forced complexity, and so on)? Is a password-protected screensaver enabled with a reasonable inactivity timeout set? Are weak password hashes and weak authentication protocols, such as LAN Manager and NTLM Version 1.0, disabled? Are secure file and folder permissions used? Does the end-user log on with a least-privilege account when not performing admin-level tasks? Are group memberships set to least privilege? Is unnecessary software removed? Is unnecessary autorun software prevented from autostarting? Are unneeded services/daemons stopped or removed? Are insecure programs (for example, TFTP) removed? Is the browser securely configured? Is all software — including the OS and all applications — fully patched? Is up-to-date antimalware (antivirus, host-based firewall, antispam, and more) installed? If firewall is used, are rules appropriately set (that is, deny by default, allow by exception)? If wireless is used, are strong wireless protocols such as WPA2, EAP-TLS, and so on enforced? If using cloud-based email, is it connected using HTTPS? When connecting to cloud service, is HTTPS or other secure means used to communicate authentication? Is there a secure email method being used to ensure that confidential information sent via email remains confidential? Is logging turned on, reviewed, and used to generate alerts for anomalous events? Is DNS resolution performed by secure DNS servers? Is DNS hosts file correctly configured? If the system is a mobile computer, is data encrypted? If removable media is used, is it encrypted? Are your end-user education documents up to date and cover the most likely attack vectors, including client-side threats, HTTP-based malware, and crimeware?While there may not be any guaranteed protection against PC security threats today, taking the time to cover this checklist will save you many hours of future troubleshooting headaches. This story, “Your handy PC security checklist,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe