|
|
òðééï ùì ú÷éðä The ISO17799 Newsletter - Issue 5ìäìï çì÷ îúåëï ä -
"E-MAIL: VIRUS CONTROL ======================
In today's business environment, it is almost obligatory for companies to be easily accessible via e-mail communication. However, our familiarity with this method of communication, and the speed with which we can both send and receive messages, means that it is all too easy to be caught off guard by e-mails containing destructive viruses. A recent survey by anti-virus specialists MessageLabs indicated that although the use of e-mail continues to flourish and there is an increased awareness of the possibility of virus attacks, it is still not being matched by a proportional rise in effective virus protection.
We offer the following guidelines, which stress the need for an adequate information security policy, not only in terms of maintaining up-to-date virus protection, but also ensuring that staff remain constantly vigilant in their use of e-mail:
·Purchase suitable anti-virus software from a well-established vendor, ensuring that the license is sufficient for all your organization's computers, including laptops. For optimum deployment, install on both servers and workstations. -Ensure that your anti-virus protection is updated regularly, preferably on a weekly basis, or possibly even a daily basis for critical systems. Updates can usually be downloaded from your chosen supplier via the Internet. - If you do not have an Information Security Officer, consider appointing a person to take responsibility for Virus Control, and to ensure that if a virus incident should occur, it is rapidly dealt with to minimize any impact. · Staff awareness of Information Security issues can fade unless continually reinforced. Ensure that all staff, whether permanent or temporary, are fully aware of the risks involved in opening unsolicited e-mails, and provide regular, on-going Information Security awareness training/messages to reinforce key messages. · Assess the e-mail security awareness of all new staff, and provide any necessary induction training before they are given access to systems."
Useful Resources: RUsecure Information Security Policies: http://www.information-security-policies.com E-Aware Email Security Awareness: http://www.induction.to/email-security/
|
|
|
|
|
|