Continuing our EstesCloud IT Security blog series on the importance of cyber security, which began with why you should write a security policy, we continue with our next edition about malware.
A server malware protection policy is designed to protect your systems from cyberattacks. Malware is software with the intention to damage or disable computers or computer systems. It can be code, spyware, cookies, viruses, worms, Trojan horses, and more that compromise your PC and possibly your whole network! They can be very expensive to correct, not just in lost productivity, but also in equipment restoration or replacement.
Malicious software typically enters in 6 ways:
- E-mail attachments
- E-mail links to suspicious websites
- Website surfing to problematic websites
- Website links to malicious sites
- Exploiting vulnerabilities in the hosts, communication networks or perimeter systems.
- Convincing a user to install infected software/apps
How to create a server malware protection policy
Why a malware policy?
Just as with any policy, you will begin with the “Why”. Why are you creating the policy? Presumably it’s to minimize the likelihood and the subsequent impact of an infection.
Who does it apply to?
Define and clarify the scope of the policy. What equipment is included?
What are we talking about?
Create some definitions about the vocabulary being used such as:
What is malware?
What damage can it cause?
What is an anti-virus program?
What is filtering software?
How is the malware policy activated?
Where do we go for additional resources?
The malware policy itself:
State what the policy is. Suggestions include:
- What the anti-virus program is, who installs it and what devices require installation.
- What to do in case of new devices, suspected infection, suspicious or problematic software links.
- How and when scans should be run and if they are manual or automatically scheduled.
- How the software should be monitored, updated and management of the required updates
- Rules about installing applications, downloading information, updating software, and opening attachments.
- The use of filtering programs such as website blockers and e-mail scanning.
- Rules about spam, junk mail, chain e-mails, social sites and any other applicable areas of potential risk.
A malware policy response plan
Sometimes all the policies, plans and procedures can’t stop a cyberattack, in which case you may consider a malware response plan. This response plan should be included as part of the malware policy.
The malware policy back up plan kicks into action when there is an infection or a threat. It is typically a flow chart of action steps to mitigate as much damage as possible.
Determine if there is a threat and how significant it is.
Isolate the problem. The solution may require blocking internet services or shutting down a server or workstation to prevent further infection.
Remove the problem. This is what the anti-virus programs are designed for. It may simply be a scan, repair, re-installing the OS from original disks, or even replacement of equipment.
Recovery. Once the problem has been isolated and eliminated, check the systems for any other problems. Depending on the depth of infection, you might consider the venerable “format C:” to remove most (but not all!) infections. Be careful you don’t re-infect your system as you restore data, and make sure you close the attack vector so you don’t get re-infected! It is absolutely essential that your backup and disaster recovery plan be 100%, as some infections (like CryptoWall) cannot be removed!
Communication. Talk about the malware was able to cause damage. Talk about the situation with users and make any needed adjustments with the IT company to avoid it happening again in the future.
The bulk of information involved in a malware policy is in the communication to users about what it is, how it can be prevented and what to do in case there is an infection.
See SANS for a sample malware policy at https://www.sans.org/security-resources/policies/retired#server-malware-protection-policy
CompleteCare: Maintaining your own IT infrastructure is expensive and frustrating. EstesCloud CompleteCare combines the benefits of our ServerCare and ClientCare programs into one comprehensive program that protects your entire IT infrastructure at a predictable fixed cost. Let the EstesCloud team become your Trusted IT Advisor, so you can get back to growing your business.
Let’s start the conversation!
ServerCare: A proactive approach to IT that includes regular scheduled maintenance and monitoring is essential to maintaining a healthy network and a productive staff.
EstesCloud ServerCare will give you peace of mind knowing that our team is continually watching and caring for your servers.
Discover the Benefits of ServerCare.
ClientCare: Proactive support for your desktops, laptops, and mobile devices. We provide all of the monitoring, patching, and security tools for your systems, plus full access to our help desk services 24/7/365.
EstesCloud ClientCare will ensure your valuable data is secure whenever and wherever it is needed.
Take control of your systems today.
ComplianceCare: Are you a medical provider under HIPAA or HITECH regulatory compliance? Are government auditors keeping you up at night? Our HIPPA IT Management Service will ensure you are HIPPA compliant.
For the health of your IT Enterprise.