LEADx Anti-Malware Policy

Purpose

The purpose of this policy is to protect LEADx technology resources and data against intrusion by viruses and other malware.

Statement

As outlined in LEADx Appropriate Use Policy, LEADx actively monitors the traffic on the LEADx network and devices connected to the LEADx network in order to maintain the integrity, reliability and performance of LEADx systems. This includes (but is not limited to) monitoring for computer viruses and other malware, attempts to access LEADx systems without appropriate authorization, systems performance, and compliance with LEADx policies.

LEADx reserves the right to intercept and/or quarantine any networking traffic or computing resources that may pose a threat to LEADx infrastructure, systems or data. This includes but is not limited to files, messages, network traffic and devices.

Policy

  • Any device that connects to the LEADx network must have a current antivirus installed and running at all times. The antivirus software must be configured to automatically clean and remove an infected file or to quarantine the infected file if automatic cleaning is not possible. The antivirus software must be configured to automatically update itself on a regular basis. Scans for viruses on the device must occur without user intervention on a regular basis. On systems where this is not possible, users are responsible for regularly initiating the scan and updating the software to protect against the latest threats.
  • All LEADx-issued computers must use the antivirus software installed and configured by IT Services. Users are prohibited from disabling or tampering with the installed antivirus software unless authorized by LEADx IT Services.
  • LEADx IT Services manages most of the servers and network equipment for the South Orange campus, and is responsible for managing the antivirus systems on that equipment. It is a violation of the LEADx's appropriate use policy to bypass, tamper with or disable the security and antivirus systems on equipment managed by LEADx IT Services. Some servers and network equipment are managed by systems administrators outside of LEADx IT Services, usually with a formal Service Level Agreement (SLA) with LEADx IT Services. Whether or not there is a formal SLA in place with LEADx IT Services, all servers and network equipment managed by systems administrators outside of LEADx IT Services must have appropriate and up-to-date antivirus systems in place and is free of viruses and malware. In order to protect the integrity and reliability of the campus network, any servers or network equipment managed by a system administrator outside of LEADx IT Services that does not have appropriate and up-to-date antivirus systems in place will be removed from the campus network until the system is remediated.
  • When a computer system is determined to be infected with a virus or other malicious software that system may be blocked and removed from the LEADx network until a PC Technician or Systems Administrator has verified that the system is virus-free.
  • All e-mail inbound to the LEADx is scanned for viruses, malware and spam. E-mail that poses a risk to the LEADx community is blocked. No security software is 100% effective, however, so users must exercise appropriate caution when opening e-mails or attachments.
  • External Web sites that are known sources of computer viruses and malware are blocked. No security software is 100% effective, however, so users should exercise appropriate caution when accessing external Web sites.
  • When an enterprise-wide virus or malware attack is in progress, LEADx IT Services will notify the LEADx community via Broadcast e-mail and through social media channels. If deemed necessary, LEADx IT Services, will initiate a scan of all LEADx systems immediately using the newest virus definitions available. At times, it may be necessary that a manual intervention will be necessary and those affected will be required to visit PC Support Services in LEADx to have their machine cleaned.

Additional Information

All LEADx employees must take responsibility to ensure the risks of their desktop system of infecting other systems or shared files on a server are minimized. Despite the best measures, however, systems can still be at risk due to the rapid proliferation of malicious code via e-mail, shared files and other methods. Therefore, in addition to maintaining up to date antivirus software.

  • Never open any files or macros attached to an e-mail from an unknown, suspicious or untrustworthy source or if you receive an attachment from someone you know unexpectedly. Delete these attachments immediately.
  • Delete Spam, chain, and other junk e-mail¬†without¬†forwarding it.
  • Never download files from unknown or suspicious sources.

 

Date Last Revised: 5/1/2020
Date Established: 5/1/2020
Revision History: