Best practices for a security-enhanced environment
The following table lists some best practices for enhancing the security of the computing environment in your organization.
Educate and train users about the security settings that are available to protect their documents.
There are no administrative settings that allow you to enforce security preferences that you specify. Even if you set and deploy security preferences, users can change these preferences at a later time. Therefore, if you are deploying security settings as part of your organization's policy, you must educate your users about the risks associated with changing default settings.
Install all available updates.
Turn on AutoUpdate to receive security patches or updates. To check for software updates automatically, on the Help menu in any Office 2011 application, click Check for Updates, and then click Automatically.
For information about deploying updates to user computers, see Deploy Office for Mac 2011 updates.
Preset security preferences.
You can preset security preferences and deploy these settings.
For more information about the security preferences that you can configure, see the following topics in the Security in Office for Mac 2011 section:
For more information about how to deploy your security preferences, see Deploy Office for Mac 2011 security preferences in the Office for Mac 2011 Security section.
Download files only from trusted sources.
When you download a file from a Web site, make sure that you know the source. When in doubt, don't download the file.
Install software only from authentic CDs/DVDs.
For example, all Microsoft CDs/DVDs have holograms to prove their authenticity. In general, installing software from authentic, commercially distributed CDs/DVDs is the safest method.
Don't open suspicious e-mail messages or files.
Even though the Outlook junk e-mail filter helps protect your Inbox from spam and phishing messages, it is a good idea to avoid opening any attachment in a message that you did not expect to receive, especially if the message is from an unknown source.
Reduce the access of external network connections to open ports on your local network.
Knowing which ports are open can help you assess the security of your system or troubleshoot any connection issues. You should close the ports that you do not use.
For more information about the ports that are used by Outlook for Mac, see Default ports for Outlook for Mac 2011 in the Office for Mac 2011 Planning section.
Implement password-controlled access to the network.
For more information about security in Mac OS X, see the following topics in the Office for Mac 2011 Security section:
Use the password protection features in Office for Mac 2011 to control access to documents.
Word 2011 and Excel 2011 provide password protection features.
For more information about how to use the password protection features in Word 2011 and Excel 2011, see Configure document protection settings in Office for Mac 2011 in the Office for Mac 2011 Security section.
Use Information Rights Management (IRM) to define access rights on your documents.
IRM helps protect valuable digital information — such as financial reports, product specifications, customer data, and e-mail messages — from unauthorized users. By using IRM, users can choose from different permission policies to define who can open, change, print, forward, and take other actions with the information.
For more information about IRM, download the guide from Information Rights Management in Office for Mac 2011 Deployment Guide
Use executable files with valid signatures.
Executable files purchased from software manufacturers should always have a valid digital signature as part of a certificate obtained from a certification authority. If a product does not have a valid certificate of trust, we recommend that you do not install it. However, if that is not an option, evaluate the product before you distribute it to users to make sure that it performs only as expected and does not intentionally or unintentionally distribute a virus.