Think about it for a minute — what could you lose? Pictures? Music? Financial files? Credit card data? Identity theft elements like social security numbers and passwords?

Online threats and cyber attacks are very real, and they’re not only aimed at the government or large corporations. Small businesses and personal computers have just as much incentive to lock up and set the alarm system. The threats are real, and the more information we blindly trust the government or companies like Google or Yahoo to protect, the more we stand to lose. This is the reality going forward in this fully wired (isn’t it wonderful?) world in which we live.

So let’s establish a set of minimum security requirements for any computer — not just those guarding submarine secrets or product R&D.

1. Seek Out Firewalls, Antivirus and Anti-Spyware Software

A lot of people are getting paid a lot of money to come up with ways to fend off cyber attacks. Invest in a serious system if you’re able, but free solutions like ZoneAlarm and AVG can also do wonders for your security.

2. Pump Up Your Passwords

Never, ever settle for something “admin” or “12345.” Studies show that people tend to be unbelievably lax with their most basic security capabilities — their passwords. According to a (particularly well-titled) post by Lifehacker – How I’d Hack Your Weak Passwords:

If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
The last 4 digits of your social security number.
123 or 1234 or 123456.
“password”
Your city, or college, football team name.
Date of birth – yours, your partner’s or your child’s.
“god”
“letmein”
“money”
“love”
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

[...] Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

3. Develop Common Sense (and a System)

As we mentioned a week ago, if an email pops up in your inbox with an offer that seems too good to be true — say, something about a Cameroonian prince asking to borrow your mattress for his large sums of money — it probably is. But develop a system to verify the legitimacy of emails before opening them, anyway.

4. … As Well as a Healthy Dose of Skepticism

The last thing you want to think about while pulling that snazzy new computer out of the box is its potential flaws. But there’s no reason to just assume its system will be attack-proof. Do your due dilligance about security concerns with your new toy, and learn about what solutions are available to plug its potential leaks. Similarly, explore the risks involved with anything you’re uploading into “the cloud” — stuff like email and online backups that are stored on a company’s server somewhere rather than your own computer.

5. Maximize Your Computer’s Capabilities

The default settings of most computers and network hardware like wifi routers usually try to strike a balance between ease-of-use and security. Consider tightening up, and fully employing built-in resources like firewalls.

Let’s say spam email is allowed to flow into your employees’ inboxes unchecked. Let’s say they’re never even once fooled into opening them. Let’s just say that email grabs their attention, and that it takes them five or ten seconds to scan the subject line, delete it, and get back to work.

Let’s say your employees get 200 of these every day—that’s 15 to 30 minutes wasted per day. It adds up.

The rise of spam email makes sense. If direct snail mail (or “junk mail”) pays off for companies despite the attached postage costs, spam emailing at the price of a couple hours in an internet café somewhere makes for an incredibly low-overhead, high-reward system.

At its most benign, spam carries harmless, but annoying and sometimes obscene ads and get-rich-quick schemes that cost you nothing beyond your valuable time. But spam can also provide a gateway for catastrophic viruses, malicious scripts, and scamming opportunities. Often, clicking on one spam email opens the door for thousands more.

Incredibly, businesses can spend thousands of dollars each year dealing with this. Spam can drain your company of time, Internet bandwidth, server space, and employee productivity.

There are a bunch of ways to keep your email address from falling into the hands of spammers in the first place—tricky email addresses, using extreme caution in giving out your address online—but spammers are smart and relentless, and in all likelihood will at least limitedly find ways around your preventative measures.

So how can you fight this?

Code and Filters

Any web design company worth its website knows how to build in a series of filters, contact forms, and encryption methods that can help plug the spam leaks. Additionally, programs like Microsoft Outlook contain their own anti-spam filters, as well as reputable free email providers like Google and Yahoo. There are loads of additional spam filtering software available online (many of them free) as well.

Still, some emails are going to snake their way through, and some will be a little bit more deceptive than ads for sexual enhancement drugs and escort services. What happens if you actually do a significant amount of business with a company in Nigeria, and need to keep your filter loose? What happens when some of the spam your employees receive seems plausible?

Recognize and Avoid

The best thing to do is simply avoid letting the spam do its intended damage. Here’s a common email we’ve gotten questions about from some of our clients:

Dear Manager:

We are a Domain Name registration service company, which is a professional Internet Domain Name Registration and dispute resolution organization in China.
On April.27th,2010, We received HAITONG Investment company’s application that they are registering the name ” dallaswidgets ” as their Internet Keyword and ” dallaswidgets .cn “、” dallaswidgets .com.cn ” 、” dallaswidgets .asia ” 、” dallaswidgets .hk “domain names etc..,It is China and ASIA and HongKong domain names.But after auditing we found the brand name been used by your company. As the domain name registrar in China, it is our duty to notice you, so I am sending you this Email to check.According to the principle in China,your company is the owner of the trademark,In our auditing time we can keep the domain names safe for you firstly, but our audit period is limited, if you object the third party application these domain names and need to protect the brand in china and Asia by yourself, please let the responsible officer contact us as soon as possible. Thank you!

Best regards,

John

John seems nice. And this would be an issue you’d want to monitor if it were real. So to find out if it’s legitimate and worth exploring further:

1. Google it.

Highlight the first couple sentences or so. Google the passage in quotes, and see what comes up. Almost always, you’ll see several results like this:

If those same few sentences pull up something like 39,000 results, as seen above, you’re obviously not the only one getting the email. Spamming is an industry that loathes SEO (Search Engine Optimization). Avoid it.

2. Email us.

We’ll help you decide whether or not it’s worth opening.