Other Threats
Threats can come from inside as well as outside.  A well rounded security policy needs to address all these hazards, as well as the more obvious ones

Critical Updates
Nobody can be unaware of the problems and vulnerabilities in Microsoft (and others') software.  Control of critical updates, patches and service packs is essential for both security and performance.  Automatic updates give a partial answer but allow no control over which updates are installed and when.  For business networks we recommend installation on a SUS (software update server) server to allow the Manager complete control over updates.

Physical Security
The physical security of equipment is often overlooked.  One of our customers arrived at work to find the file server and half the workstations had been stolen!  A physical asset security review should be carried out at regular intervals.   Fortunately, our client had taken a full inventory of the systems software and hardware, and was back on his feet quickly. 

Data theft
Data theft is an increasing problem.  Today's removable storage devices make it very easy to copy large amounts of data onto very small portable storage devices.  This is actually a very difficult area to police and again needs to be considered in the overall review of security. Read more on this threat now!

Internet Access Controls & Monitoring
Do employees access dubious or illegal websites?  Or are they just wasting company time surfing the web?  Internet access control and monitoring is available to limit time wasting and illegal activities.

Passwords
Passwords can be a nightmare to manage.  Nobody wants to remember a fourteen character random password (and few can) but some form of password policy is essential to protect access to the company's network and data.  Biometric access devices are becoming more common and lower in price.  These could offer a solution for some companies.