Klez has been crowned king of worms for 2002, according to two security companies.

Sophos, the U.K.-based developers of anti-virus software, said the Klez worm accounted for almost a quarter of reports to the company’s customer-support department during 2002.

Klez topped Sophos’s monthly chart for seven months in succession – officially making it 2002’s most prolific virus.

The second most common virus was the Bugbear worm, which makes the No. 2 position even though it was only detected in October 2002. In third place came Badtrans, the password-stealing worm that was first detected in November 2001.

Toronto-based 800onemail Inc., an e-mail service provider specializing in secure messaging and remote access for businesses, said 2002 brought twice the number of e-mail virus attacks than was seen in 2001.

For 2003, 800onemail recommends businesses toughen their e-mail security in 2003 by making these resolutions.

* Evaluate all pre-2000 messaging systems; many companies have not upgraded their systems since Y2K, leaving themselves exposed to security risks.

* Formalize a message-security policy that outlines acceptable use of corporate e-mail, who owns e-mail communications, and keep users informed on the policies with regular communication and updates.

* Secure access to corporate e-mail by implementing strict password policies, with an eight-digit minimum, non-renewable password, and make sure it’s changed frequently. Even better, use 2-factor authentication.

* Layer e-mail security by using a combination of desktop anti-virus, multiple server antivirus and content filtering applications. One anti-virus is no longer enough. Tackle spam with a centrally managed anti-spam solution customized for your business and users.

* Encrypt e-mail connections with Virtual Private Networks (VPN) and/or SSL. Never leave corporate e-mail systems open to the public Internet despite the temptation of its convenience.

* Secure the road warriors; make sure wireless and remote users have the same level of security as desktop users without compromising their access. Desktop antivirus, managed personal firewalls and a managed VPN should be standard.

* Monitor e-mail systems and support users 24 hours a day. Ensure administrators are subscribed to multiple security forums and alerts to keep up-to-date on security incidents and vulnerabilities.

* Evaluate the expertise and security model of any outsourcer or e-mail systems product your company is considering.

Ask about anti-virus and anti-spam systems, infrastructure, redundancy and encryption.