I disagree on the issue of updates. I am reluctant to install updates without doing some research first. That's the benefit of going with external IT. They keep up on things that are quite time consuming. For instance, I know a lot of people that run SBS Standard stopped updating them due to updates bringing them down. That's one major reason Microsoft is scrapping SBS Standard. The update roll ups are notorious for bringing down servers. I always test them in my test bed before applying them to any client servers.
Even on Windows 7, updates can bring down a computer. It's unrealistic to expect someone doing their own IT, while practicing medicine, to keep track of all the Windows updates. There are several examples of this as well. Hey, look there is one from today:
http://nakedsecurity.sophos.com/2013/04/12/patch-tuesday-fatal-system-error/Training employees to practice safe browsing habits with protect you from more malware than any antivirus product ever could or you can lock everything down. E.g. using Firefox with Adblock, NoScript, etc. or blocking all sites and programs except those that are necessary.
.png "ACUF Donor I")
