Consumers have been led to believe that hacker attacks and social engineering outbreaks will be on the increase over the holiday period, but the chances are that not many users have prepared a checklist to go through to make sure they're secure.

Security firm Perimeter eSecurity claims that users should take six key steps to ensure the maximum possible computer and network security as New Year's Eve approaches in an era rife with data theft, record levels of spam and increasingly innovative computer fraud.

"It doesn't take very long to enhance the security of a computer or its network," said Andrew Greenawalt, founder of Perimeter eSecurity.

"Whether you have a small business network or a vast business enterprise, these seven steps are imperatives to optimise your security as the New Year approaches."
Step One - Change every password you can find before New Year's Eve
Every online commerce site visited, every computer, and any other password-protected device or website will be security enhanced with this simple, time efficient move. Avoid easily discovered passwords such as names or numeric series, and resolve to change your passwords at least quarterly in 2007.

Step Two - Download patches and updates
Even the least expensive computer security programs offer downloadable updates or patches that can detect the latest viruses, close backdoors that hackers have discovered, or otherwise enhance network protection. Network owners with less thorough security programs should resolve to check and update patches on a monthly basis.

Step Three - Hire a hacker
Network owners should use the holiday lull to conduct a penetration test to identify weaknesses in network security. Instead of attacking databases and ne twork tools, these scans report back on specific vulnerabilities and recommend ways to solve the problems they identify.

Step Four - Conduct regular check-ups and keep your network safe by scheduling ongoing risk assessments
Automated monthly remote risk assessments can be conducted for less than the cost of a single onsite review and can help ensure that confidential customer and financial data is as secure as possible from external attack. Waiting a full year between risk assessments in today's internet is no longer a viable option.

Step Five - Communicate and review your data security policy
Write a memo to all staff members stressing the importance of protecting critical confidential customer data such as social security, bank account or credit card numbers. State an explicit policy on how and when, if ever, these should be included in unsecured email correspondence with customers and others.

Step Six - Keep the network virus free
With the increasing amount of entry points for viruses to penetrate the network, such as email attachments, shared files, infected websites and downloads, a full evaluation of the network is critical to ensure that safeguards are in place to protect all these entry points and minimise infection. Simply installing antivirus software is not enough. The antivirus system still needs to be monitored to ensure that the most recent definition files are updated on all devices and that you are alerted when a device is not up-to-date.