Virus and malware protection for small businesses
So-called computer viruses are mini software programs which spread from computer to computer without the permission of the authorised computer administrator. They may be harmless pranks which can be easily disabled and removed, malicious attacks designed to damage or disrupt a particular system or data, sheer blind vandalism, or attempts to steal information which could be used commercially, politically or criminally. Particular types of viruses are also called ‘worms’, which after receipt by email work their way through a network using shared drives and files, and ‘trojans’ which hide inside other software applications.
Everyone with a computer should be concerned about viruses even if their computers are not connected to the telephone network or the Internet. For example, viruses can be introduced through infected floppy discs or CDs.
There are legal implications of sending a virus to customer, supplier or other contact. To have any defence against such a claim, and to get insurance cover, you must at least have put in place a policy and procedures which attempt to prevent these occurrences. Computer viruses can disable systems and destroy or steal data. The disruption or damage to a business could be considerable.
The solution is a series of measures, some managerial or administrative and some technical, designed to exclude viruses (as far as is possible) in the first place, but also to monitor and restrict unauthorised transactions, limit the damage and restore systems to pre-virus affected conditions if the worst happens.
Anyone who has access to the organisation's computers should be trained in IT security awareness, policy, regulations and procedures to the extent reasonably expected of their work activity.
The awareness training should explain the risks to the business of not following the policy, regulations and procedures, which only need to be outlined to the extent required by the individual.
The policy should cover who is authorised to do what with each computer terminal or network device.
The regulations should guide or prohibit those people with authorised access as to what are considered to be unacceptably risky practices.
These might include:
- not inserting discs into computers, connecting to the Internet or the telephone network, nor accepting connections from the telephone network at all - which might be too commercially restrictive for the organisation
- only loading discs and accepting or downloading data from listed trusted sources
- using automatically or manually invoked virus scanning programs to check file transfers and downloads
The procedures should detail the technical and administrative processes which need to be continuously in place or regularly carried out (and by whom) in order to check for and remove viruses, check for and restrict unauthorised activity, and back-up and restore data and system configurations.
Useful sources of information on viruses
Reviewed January 2011
last updated : 21/01/2011
See also our UK ICT Directory for supplier lists and links
copyright 2000 - 2012 crucible multimedia ltd; all rights reserved - disclaimer