From the National Ifrastructure Protection Center:
1. Use strong passwords. Choose passwords that are difficult or impossible to guess. Give different passwords to all accounts.
2. Make regular backups of critical data. Backups must be made at least once each day. Larger organizations should perform a full backup weekly and incremental backups every day. At least once a month the backup media should be verified.
3. Use virus protection software. That means three things: having it on your computer in the first place, checking daily for new virus signature updates, and then actually scanning all the files on your computer periodically.
4. Use a firewall as a gatekeeper between your computer and the Internet. Firewalls are usually software products. They are essential for those who keep their computers online through the popular DSL and cable modem connections but they are also valuable for those who still dial in.
5. Do not keep computers online when not in use. Either shut them off or physically disconnect them from Internet connection.
6. Do not open e-mail attachments from strangers, regardless of how enticing the Subject Line or attachment may be. Be suspicious of any unexpected e-mail attachment from someone you do know because it may have been sent without that person’s knowledge from an infected machine.
7. Regularly download security patches from your software vendors.