The current crop of viruses is as nasty as I've seen for some time. Its potential to cause damage is staggeringly high and, for some reason, the message that viruses are a huge threat is not getting across to everyone. Often, the people supposed to be in charge of controlling the problem are part of the problem.

As ICT coordinator of Stoke College in Suffolk, I view the gamut of computing skills, from the first steps of Reception/Year 1, to the advanced techniques of those studying for GCSEs in ICT - plus the range of skills displayed by adults - teachers and administrators. It is as important to educate staff about the dangers in the computing world as it is to educate the next generation, and that means virus education.

Some of today's email viruses aren't immediately obvious. If you receive all the email addressed to a school's office, for example, why wouldn't you open an email with a subject line of "Undeliverable email report", especially if it seemed to come from someone with whom the school had regular correspondence?

Education is how. And if you are not educating your staff, you are leaving your school or business open to attack. You should never open attachments unless you know they are coming, you know the file names, and you are certain they have come from the right person. If in doubt, ring up and ask.

Our school, like most, is bombarded with email viruses. That we have yet to succumb is not just because we run as effective an anti-virus solution as we can, but because the people working here wouldn't contemplate opening an attachment when the provenance was in doubt.

Our defence strategy also includes constant checking for virus signature updates from Sophos, our anti-virus solution provider, and constant checking for critical updates and patches chez Microsoft, our operating system and application software provider.

Being a school, we strive to remain within our budget. That means we constantly seek out the most costeffective method of ensuring we are as protected as possible, and as up-to-date as possible.

Keeping anti-virus identity files up to date means I get to write scripts to download the latest files from the Sophos website, rather than employ the services of programs that would do that for me. To ensure we have the latest critical updates, patches and service packs installed, I use the excellent Microsoft Software Update Services (SUS) Server package.

Whatever size school or business you run, SUS should be an indispensable part of your armoury. It is free, it is relatively easy to set up, and will save you much angst.

Put simply, you install the server part of the software, download all the patches from Microsoft, and after manipulating a few Domain Group Policy entries, you simply choose which of the downloaded items you wish to make available to your systems. Click on the Approve button, and when you return in the morning, all your systems will be updated.

The trick is to set it up right in the first place, and that includes installing a client program on systems that are running antiquated versions of Windows. But setting things up just got easier thanks to a push launched by Microsoft to get educational establishments to use this server technology. The latest documentation is at www.microsoft.com/uk/education/solutions/patches.

It's not perfect. The 27-page document that forms the backbone of Microsoft's drive is understandable by experienced network administrators, but much of the language could be simplified. If Microsoft added a bit more plain English, it would help those who are less experienced in network lore. It is also a little terse, and needs far more in-depth, and better illustrated, explanations of what is actually happening in some areas. However, it is a vast improvement on what was available. It also contains references to other security tools such as the Microsoft Baseline Security Analyser (MBSA), which many schools might not yet be familiar with.

It is our responsibility to ensure the systems under our control are as patched and as secure as possible. Microsoft's SUS server will go a long way towards taking the headache out of that area. Regular checks for updates to anti-virus software will cover other potential holes. But clear education for users on how to handle email and attachments is just as important, because some viruses will get through.

Defeating the wave of viruses sweeping the world requires a higher degree of education for all users than has been needed before, and a much higher level of vigilance. The anti-virus vendors can only do so much to knock out the viruses once they appear and, in this case, prevention is better than cure.