Antivirus Policy

This policy applies to all computers that are connected to the Fewzion network via a standard network connection, wireless connection, modem connection, or virtual private network connection. This includes both company-owned computers and personally-owned computers attached to the Fewzion network. The definition of computers includes desktop workstations, laptop computers, handheld computing devices, and servers. 

This document is effective from 04/05/17.

Definitions

Virus – a piece of potentially malicious programming code that will cause some unexpected or undesirable event

Antivirus – a software designed to detect and destroy computer viruses

Background

A virus is a piece of potentially malicious programming code that will cause some unexpected or undesirable event. Viruses can be transmitted via e-mail or instant messaging attachments, downloadable Internet files, diskettes, and CDs. Viruses are usually disguised as something else, and so their presence is not always obvious to the computer user. A virus infection can be very costly to Fewzion in terms of lost data, lost staff productivity, and/or lost reputation.

As a result, one of the goals of Fewzion is to provide a computing network that is virus free. The purpose of this policy is to provide instructions on measures that must be taken by Fewzion employees to help achieve effective virus detection and prevention.

Policy

1. Currently, Fewzion standard antivirus for Windows OS clients and servers is based on Bitdefender antivirus solution (http://www.bitdefender.com.au). Bitdefender agents are licensed with every newly purchased Windows OS system. Licensed copies of Bitdfefender antivirus can be purchased separately online. The most current available version of the antivirus software package will be taken as the default standard.

2. All computers attached to the Fewzion network must have standard, supported antivirus software installed. This software must be active, be scheduled to perform virus checks at regular intervals, and have its virus definition files kept up to date.

3. Any activities with the intention to create and/or distribute malicious programs onto the Fewzion network (e.g. viruses, worms, Trojan horses, e-mail bombs, etc.) are strictly prohibited.

4. If an employee receives what he/she believes to be a virus, or suspects that a computer is infected with a virus, it must be reported to the IT department immediately by emailing [email protected] Report the following information (if known): virus name, extent of infection, source of virus, and potential recipients of infected material.

5. No employee should attempt to destroy or remove a virus, or any evidence of that virus, without direction from the IT department.

6. Any virus infected computer will be removed from the network until it is verified as virus free.

Best Practices for Virus Prevention

1. Always run the standard antivirus software provided by Fewzion.

2. Never open any files or macros attached to an e-mail from an unknown, suspicious, or untrustworthy source.

3. Never open any files or macros attached to an e-mail from a known source (even a co-worker) if you were not expecting a specific attachment from that source.

4. Be suspicious of e-mail messages containing links to unknown Web sites. It is possible that the link is a malicious executable (.exe) file disguised as a link. Do not click on a link sent to you if you were not expecting a specific link.

5. Fewzion mail system scans all attachments for virus infections and blocks any trapped virus from being transmitted to client systems. Bitdefender antivirus-shield on the client machine scans all email attachments for virus infections. Also, and by default Fewzion e-mail client, Gmail, blocks attachments with critical file extensions.
Fewzion users should not alter the default email client configuration to override the security setup and send/receive banned extensions. A workaround to send/receive such business critical files is to compress the file using a file compression utility.

6. Never copy, download, or install files from unknown, suspicious, or untrustworthy sources or removable media.

7. Avoid direct disk sharing with read/write access. Always scan a flash drive, external hard drive for viruses before using it.

8. If instructed to delete e-mail messages believed to contain a virus, be sure to also delete the message from your Deleted Items or Trash folder.

9. Back up critical data and systems configurations on a regular basis and store backups in a safe place.

10. Regularly update virus protection on personally-owned home computers that are used for business purposes. This includes installing recommended security patches for the operating system and other applications that are in use.

IT Department Responsibilities

1. The IT department is responsible for maintaining and updating this Antivirus Policy. Copies of this policy will be posted on the Fewzion Help Center.

2. The IT department will keep the antivirus products it provides up-to-date in terms of both virus definitions and software version in use. Fewzion Bitdefender GravityZone service is scheduled to check for the update every one hour and to auto update both the virus definition file and the software version on servers. The Bitdefender client configuration is set to check on a daily basis for updates and to auto update and report success and failures. The IT department will invest adequate efforts to identify clients who did not attempt to update their virus definitions file for more than 3 months and will take appropriate remedial actions.

3. The IT department will apply any updates to the services it provides that are required to defend against threats from viruses.

4. The IT department will install antivirus software on all Fewzion owned and installed desktop workstations, laptops, and servers.

5. The IT department will assist employees in installing antivirus software according to standards on personally-owned computers that will be used for business purposes. The IT department will provide the Windows Defender antivirus software (for Windows) in these cases.

6. The IT department will take appropriate action to contain, remove, and assist in recovery from virus infections. In order to do so, the IT department may be required to disconnect a suspect computer from the network or disconnect an entire segment of the network.

7. The IT department will perform regular antivirus sweeps on all Fewzion managed and active computers every first Tuesday of the month.

8. The IT department will check the logs on a daily basis for detected viruses that are not quarantines by Bitdefender antivirus software and take appropriate remedial actions.

9. The IT department will attempt to notify users of Fewzion systems of any credible virus threats via e-mail. Virus reports will not be acted upon until validated. Employees should not forward these or any virus warning messages in order to keep network traffic to a minimum.

Fewzion and Individual Responsibilities

1. Fewzion must ensure that all computers have virus protection that is in keeping with the standards set out in this policy.

2. Employees, who use personally-owned computers for business purposes must implement virus protection processes and procedures that are in keeping with the standards set out in this policy.

3. All employees are responsible for taking reasonable measures to protect against virus infection.

4. Employees must not attempt to either alter or disable antivirus software installed on any computer attached to the Fewzion network without the express consent of the IT department and for a strictly -limited period not to exceed in any case one working day.

Enforcement

Any employee who is found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.