I look after many users at separate locations. Each office generally has between 3 and 25 users, mostly all working from a workgroup with 1 machine acting as a file share.
All the machines currently run Microsoft Security Essentials as they allow this to be installed for business use for more users than the other free offerings (as far as I am aware)
The machines are a mixture older low spec XP machines which can't cope with bloat AV software and then mostly Windows 7 newer machines and then a few windows 8 machines.
We had a nasty virus at one office in october which still managed to get based the MSE and then yesterday we were hit at a smaller 7 user office with the crypto locker virus.
Thankfully I had a Usb attached backup drive which at this location had only 1 backup but it was fine and I restored ok.
The other offers have some with a single usb drive attached and larger offices swap Usb drives out daily for better backup solutions.
After this scare I have asked for the daily offsite drives to be implemented at the smaller sites too, but my concern lies with virus prevention.
The company like most is struggling with the economy and so to suggest paid, subscription AV on all the machines isn't an option right now.
MSE seems to be OK, but this one virus got through and I think that was mostly because the user had managed to remove the AV software.
So I'm wondering how to keep these machines all reasonably safe from the odd user that clicks the links in the emails for UPS etc :P
Any suggestions welcome for a good strategy that isn't going to break the bank.
As they are workgroups I can't easily implement workgroup policies etc, so the machines ar mostly out of the box configurations with mapped drives.
How should I get this all ship-shape and as safe as possible?