The software and hardware that make up the computer networks are essential resources for (organization). They aid staff in carrying out their everyday duties and without these important communication systems would not exist. Computer viruses pose considerable risks to these systems. They can cause them to run erratically, cause loss of information, and information to become corrupted, with the consequential loss of productivity for the (organization).

This policy is designed to give guidance and direction on minimizing the risk of a virus infection, and what to do if they are encountered.

This policy applies to:

• All employees whilst using (organization)’s equipment and accessing the (organization)’s Network at any location, on any computer or Internet connection.
• Other persons working for the (organization), persons engaged on business or persons using equipment and networks of the organization.
• Anyone granted access to the network.

1. 1. 1. Always run (organization) anti-virus standard, supported anti-virus software is available from (e.g. the corporate download site). Download and run the current version; download and install anti-virus software updates as they become available.

      2. NEVER open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then “double delete” them by emptying your Trash.

      3. Delete spam, chain, and other junk email without forwarding.

      4. Never download files from unknown or suspicious sources.

      5. Avoid direct disk sharing with read/write access unless there is absolutely a business requirement to do so.

      6. Always scan a portable storage media from an unknown source for viruses before using it.

      7. Back-up critical data and system configurations on a regular basis and store the data in a safe place.

      8. Users must not undertake any activities with the intention to create and/or distribute malicious programs (e.g. viruses, worms, Trojans, e-mail bombs, etc) into (organization) network(s) or system(s).

      9. Users MUST inform the IT Service Desk immediately if a virus is detected on their system.

      10. IT system(s) infected with a malware/virus that the anti-virus software has not been able to deal with MUST be disconnected/quarantined from (organization) network until virus free.

      11. If a user suspects the system may be infected, the following actions must be taken

• • • • Inform the IT service desk immediately.

      • Switch off the machine.

      • Ensure no-one uses the machine.

      • Be prepared to inform IT of any actions taken which may have caused the infection.

1. 1. 1. Approved Anti-virus software MUST be made readily available for all employees and the IT department personnel MUST exclusively correctly install and configure it on all supported endpoints and servers across all the (organization)’s IT systems.
      2. Anti-virus software updates MUST be deployed across the network automatically following their receipt from the vendor and it must be configured to check for these updates every 60 minutes daily.
      3. Virus and malware signature updates MUST be deployed across the network automatically following their receipt from the vendor and it must be configured to check for signature updates every 10 minutes daily. All the endpoints must be configured with the secondary anti-virus update server so if a device is not checked in on the corporate network then updates will be installed from the secondary server.
      4. Anti-virus software MUST be configured for real time scanning and regular scheduled scans.
      5. On-access scanning MUST be configured within Anti-virus software for removable media and websites.
      6. Anti-virus server MUST be monitored on a daily basis by a nominated staff within IT department’s team for virus alerts and any issues which cannot be resolved remotely via centralized management console must be escalated to the IT Service Desk where an incident will be raised, and a technician assigned to immediately investigate.
      7. In the event of a virus infection which infects multiple devices (more than 3 devices) at the same time. A root cause analysis report should be completed by the technician for (organization) Cyber Security Senior Staff.
      8. Semiannual Anti-Virus compliance reports MUST be provided to (organization) Cyber Security Senior Staff, Branch Manager (if any) and IT Strategy & Planning Team by a preset date.
      9. Tamper protection MUST be enabled to prevent end users or malware altering the anti-virus software’s configuration or disabling the protection.
      10. If a user suspects the system may be infected and inform the IT service desk, The IT Team will:

• • • • Check the infected PC and any media.
      • Rebuild the PC if the infection is severe (e.g. Dridex, Ransomware).
      • Check any servers that may have been accessed from the infected system.
      • Attempt to determine the source of the infection.
      • Ensure the incident is logged.