Centrally select and install malware detection and repair programs and update them regularly for preventive or regular scanning of computers and media.
Programs should check at least the following:
Malware protection systems automatically check for and install updates at desired intervals and also run the desired scans at the selected frequency without needed user actions.
The organization has defined policies that regularly collect up-to-date and reliable information about malware. Such can be e.g. mailing lists, magazines, blogs from security software vendors, or security news sites.
The purpose of the data sources is to verify the information on malware, to distinguish the scams from real malware and to ensure that the warnings received are truthful and informative.
The data systems (and their content) that support critical business processes are regularly reviewed to locate malware. All unauthorized files and changes will be formally investigated.
The organization must identify the types of websites that staff should and should not have access to.
The organization must consider blocking access to the following types of sites (either automatically or by other means):
The organization regularly trains staff on the use of utilized malware protection, reporting malware attacks, and recovering from malware attacks.
Ensuring staff security awareness is an important part of protection against malware. Because of this, staff are regularly informed of new types of malware that may threaten them.
Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs.
We always use malware systems from multiple vendors to improve the likelihood of detecting malware.
Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs on mobile devices (e.g. smartphones, tablets).