Policies and Procedures
  • Kredit Policies and Procedures
  • Human Resources Policies
    • Background Screening Policy
    • Hiring Policy
    • Training Policy
  • Information Security Policies
    • Acceptable Use Policy
    • Access Control Policy
    • Anti-Virus & Malware Guidelines
    • Asset Inventory and Management Policy
    • Business Continuity and Disaster Recovery Plan
    • Data Governance & Classification Guidelines
    • End User Encryption Key & Storage Guidelines
    • Firewall Guidelines and Policy
    • Internal Use of Email Policy
    • Incident Response Plan
    • Information Security Policy
    • Password Construction & Security Policy
    • Password Protection Policy
    • System & Network Monitoring and Filtering Policy
    • Vulnerability and Threat Management Policy Policy
    • Large Language Model Policy
  • Operations Policies
    • Inquiry Handling Policy and Procedure
    • Operations Security Policy
  • Regulatory Policies
    • Anti-Money Laundering & Know Your Customer Screening Policy & Procedure
    • Electronic Fund Transfer Act, Regulation E, Nacha Operating Rules, & E-Sign Act Policy & Procedure
    • Electronic Communications Policy
    • Equal Credit Opportunity Act and UDAAP Policy & Procedure
    • Fair Credit Reporting Act Permissible Purpose Policy
    • Fraud Monitoring Policy
    • Gramm-Leach Bliley Act – Safeguards Rule Policy
    • Web Content Accessibility Guidelines Policy
  • Vendor Management Policies
    • Service Provider Oversight Policy
Powered by GitBook
On this page
  • ANTI-VIRUS & MALWARE GUIDELINES
  • OVERVIEW
  • PURPOSE
  • POLICY
  • SCOPE
  • ROLES AND RESPONSIBILITIES
  • PROCEDURE
  • COMMUNICATION
  • VIOLATIONS
  • CHANGE SUMMARY

Was this helpful?

Export as PDF
  1. Information Security Policies

Anti-Virus & Malware Guidelines

ANTI-VIRUS & MALWARE GUIDELINES

OVERVIEW

The number of computer security incidents related to malware and viruses and the resulting cost of business disruption and service restoration continue to escalate. Implementing antimalware and antivirus systems, blocking unnecessary access to networks and computers, improving user security awareness, and early detection and mitigation of security incidents are best practice actions that must be taken to reduce risks. Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software runs on either a server or workstation and monitors network connections looking for malicious software. Malicious software is any type of computer code that infects a machine and performs a malicious action. Antivirus software is generally reactive, meaning a signature file must be developed for each new virus discovered and these virus definition files must be sent to the software in order for the software to find the malicious code. Virus definition files are periodic files provided by vendors to update the antivirus software to recognize and deal with newly discovered malicious software.

PURPOSE

The purpose of this policy is to describe requirements for preventing and addressing computer virus, worm, spyware, malware, and other types of malicious software.

POLICY

It is the policy of Kredit Financial Inc. (Kredit) to ensure up-to-date anti-virus and anti-malware software is installed on all network resources.

SCOPE

This Policy is applicable to all computer devices connected to the Kredit network.

ROLES AND RESPONSIBILITIES

Kredit’s Chief Technology Officer (CTO) is responsible for ensuring that up-to-date anti-virus and anti-malware software is installed on all network resources.

Kredit’s Chief Compliance Officer (CCO) is responsible for this Policy is communicated to all employees and made available to all employees in the organization. The CCO is also responsible for reviewing this Policy on an annual basis.

PROCEDURE

It is the responsibility of all network users to take reasonable steps to prevent virus outbreaks. Some examples of reasonable steps include (but are limited to):

  • All computer devices connected to the Kredit network shall have antivirus software installed and configured so that the virus definition files are current, routinely, and automatically updated, and the antivirus software must be actively running on these devices.

  • Always run the Corporate standard, supported anti-virus software is available from the corporate download site. Download and run the current version; download and install anti-virus software updates as they become available.

  • NEVER open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then "double delete" them by emptying your Trash.

  • Delete spam, chain, and other junk email without forwarding, in with Kredit's Acceptable Use Policy.

  • Never download files from unknown or suspicious sources.

  • Avoid direct disk sharing with read/write access unless there is absolutely a business requirement to do so.

  • Always scan a floppy diskette from an unknown source for viruses before using it.

  • Back-up critical data and system configurations on a regular basis and store the data in a safe place.

  • If lab testing conflicts with anti-virus software, run the anti-virus utility to ensure a clean machine, disable the software, then run the lab test. After the lab test, enable the anti-virus software. When the anti-virus software is disabled, do not run any applications that could transfer a virus, e.g., email or file sharing.

RESPONDING TO POSSIBLE VIRUS OR MALWARE INFECTIONS

If you suspect a virus has infected your workstation, IMMEDIATELY POWER OFF the workstation by unplugging the power cable and notify the CTO immediately.

COMMUNICATION

This Policy shall be communicated to all affected employees via email and maintained in the Internal Policy Repository folder on Google Drive for reference purposes.

VIOLATIONS

Failure to comply with this policy and procedure may result in the Kredit network being infected by a virus or malware.

CHANGE SUMMARY

Purpose: Internal Policy

Category: Information Security

Policy Name: Anti-Virus & Malware Guidelines

Event
Event Date
Event By
Date Reviewed
Reviewed By
Version

Creation and Implementation

01/10/2022

Dave Hanrahan, CEO

1.0

Updated Violations

05/14/2022

Colene McNinch, CCO

05/14/2022

Kenny Lai, CTO

1.1

PreviousAccess Control PolicyNextAsset Inventory and Management Policy

Last updated 2 years ago

Was this helpful?