Properly protecting our information system against virus threats is extremely important. Even though user awareness and education is a key factor in reducing the incidence of virus outbreaks, a systematic Computer Virus Protection and controls should be complemented at the infrastructure level.
See also the management of information security.
Why Computer virus protection system is important? Hundreds or maybe thousands of new viruses and worms are introduced into the ‘wild’ every week. The ‘wild’ refers to the period of time it takes once new virus or worm is sent out across the internet:
- To the time it is discovered,
- An antidote released, and
- Added to the antivirus product on your computer
How long can this take?
This process on average can take anything up to 24 hours, sometimes longer. It’s during this time that your computer virus protection is vulnerable to all the tricks the virus writer uses to get you to open the email, open the attachment and or click on the URL link in the email.
The antidote of computer virus protection sometimes can not be fast enough to respond to block the virus spread. Basically there are tricks the virus uses to get unsuspecting victims to run a virus or worm.
Education and Awareness
Properly deployment of the Computer virus protection system will not be perfect and successful without the education and awareness of all the users. In business and enterprise networks, the IT specialist department should be familiar with the escalation procedures relating to virus outbreaks and that they have adequate training on security measures, virus prevention measures, and safe recovery procedures.
Besides properly computer virus protection system, establishing the user awareness programs focusing on security measures and good practice to prevent virus outbreaks should also be in place. Educating the users how to report virus infection and actions to take at the desktop level should be established too.
See also security risks assessment and sample of risk assessment.
Anti-Virus Management
There should be Computer virus protection management system on a centralized server and all the computer clients installed with the antivirus software which will download the current signatures to the server. Only the server will regularly download the current anti-virus updates daily from the internet and will automatically distributed to the clients on the network. This way you will avoid the clients download direct to the internet avoiding the bandwidth bottleneck.
The computer virus protection on the mail servers should be capable of scanning the mail attachments for viruses to prevent propagation of viruses both inbound and outbound. The majority of viruses introduced to enterprise systems are done so via email attachments, in particular by those viruses, which exploit the propagation capability of the email system to transmit large numbers of infected messages to Global Address List recipients.
See also the guideline in email usage and also guideline in internet usage.
Virus Infection
Computer virus protection system must be updated in the earliest when the updates from the vendor have been introduced. Generally the system will automatically detect the updates as soon as released by the vendor such as BitDefender Corporate total security system. But when it happened that the system is infected by the virus, prevention any spread of damage virus infection should be established by taking the following actions:
- Stop using the infected system and inform all users
- Isolate the infected machine by disconnecting from the network
- For major outbreaks, consider disconnecting the Exchange server link to the corporate network
- Identify virus and the scope of infection.
- Virus infections propagated via email system must be immediately reported through the appropriate channels as per the escalation procedure you have.
- Work on the recovery of the infected system(s) only after a safe recovery plan has been established.
- Business continuity plans may need to be activated in the event of a major outbreak.
A thorough analysis of the incident should be carried out once the virus infection has been controlled and removed and if necessary the additional preventive measures probably need to be implemented.
Suggested readings:
Recent Comments