ANTI-VIRUS & MALWARE GUIDELINES

OVERVIEW

The number of computer security incidents related to malware and viruses and the resulting cost of business disruption and service restoration continue to escalate. Implementing antimalware and antivirus systems, blocking unnecessary access to networks and computers, improving user security awareness, and early detection and mitigation of security incidents are best practice actions that must be taken to reduce risks. Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software runs on either a server or workstation and monitors network connections looking for malicious software. Malicious software is any type of computer code that infects a machine and performs a malicious action. Antivirus software is generally reactive, meaning a signature file must be developed for each new virus discovered and these virus definition files must be sent to the software in order for the software to find the malicious code. Virus definition files are periodic files provided by vendors to update the antivirus software to recognize and deal with newly discovered malicious software.

PURPOSE

The purpose of this policy is to describe requirements for preventing and addressing computer virus, worm, spyware, malware, and other types of malicious software.

POLICY

It is the policy of Kredit Financial Inc. (Kredit) to ensure up-to-date anti-virus and anti-malware software is installed on all network resources.

SCOPE

This Policy is applicable to all computer devices connected to the Kredit network.

ROLES AND RESPONSIBILITIES

Kredit’s Chief Technology Officer (CTO) is responsible for ensuring that up-to-date anti-virus and anti-malware software is installed on all network resources.

Kredit’s Chief Compliance Officer (CCO) is responsible for this Policy is communicated to all employees and made available to all employees in the organization. The CCO is also responsible for reviewing this Policy on an annual basis.

PROCEDURE

It is the responsibility of all network users to take reasonable steps to prevent virus outbreaks. Some examples of reasonable steps include (but are limited to):

• All computer devices connected to the Kredit network shall have antivirus software installed and configured so that the virus definition files are current, routinely, and automatically updated, and the antivirus software must be actively running on these devices.

• Always run the Corporate standard, supported anti-virus software is available from the corporate download site. Download and run the current version; download and install anti-virus software updates as they become available.

• NEVER open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then "double delete" them by emptying your Trash.

• Delete spam, chain, and other junk email without forwarding, in with Kredit's Acceptable Use Policy.

• Never download files from unknown or suspicious sources.

• Avoid direct disk sharing with read/write access unless there is absolutely a business requirement to do so.

• Always scan a floppy diskette from an unknown source for viruses before using it.

• Back-up critical data and system configurations on a regular basis and store the data in a safe place.

• If lab testing conflicts with anti-virus software, run the anti-virus utility to ensure a clean machine, disable the software, then run the lab test. After the lab test, enable the anti-virus software. When the anti-virus software is disabled, do not run any applications that could transfer a virus, e.g., email or file sharing.

RESPONDING TO POSSIBLE VIRUS OR MALWARE INFECTIONS

If you suspect a virus has infected your workstation, IMMEDIATELY POWER OFF the workstation by unplugging the power cable and notify the CTO immediately.

COMMUNICATION

This Policy shall be communicated to all affected employees via email and maintained in the Internal Policy Repository folder on Google Drive for reference purposes.

VIOLATIONS

Failure to comply with this policy and procedure may result in the Kredit network being infected by a virus or malware.

CHANGE SUMMARY

Purpose: Internal Policy

Category: Information Security

Policy Name: Anti-Virus & Malware Guidelines