Welcome to this, the fifth edition of the ISO17799 newsletter, designed to keep you abreast of news and developments with respect to ISO 17799 and information security.
The information contained is free to our subscribers and provides guidance on a range of practical issues, plus commentary on recent Information Security incidents.
In this issue we focus specifically on the dangers of security complacency with everyday devices and technology. Included are the following topics:
E-MAIL: VIRUS CONTROL
In today's business environment, it is almost obligatory for companies to be easily accessible via e-mail communication. However, our familiarity with this method of communication and the speed with which we can both send and receive messages means that it is all too easy to be caught off guard by e-mails containing destructive viruses.
A recent survey by anti-virus specialists MessageLabs indicated that although the use of e-mail continues to flourish and there is an increased awareness of the possibility of virus attacks, it is still not being matched by a proportional rise in effective virus protection.
We therefore offer the following guidelines, which stress the need for an adequate information security policy, not only in terms of maintaining up-to-date virus protection, but also ensuring that staff remain constantly vigilant in their use of e-mail:
- Purchase suitable anti-virus software from a well-established vendor, ensuring that the license is sufficient for all your organization's computers, including laptops. For optimum deployment, install on both servers and workstations.
- Assess the e-mail security awareness of all new staff, and provide any necessary induction training before they are given access to systems.
- Ensure that your anti-virus protection is updated regularly, preferably on a weekly basis, or possibly even a daily basis for critical systems. Updates can usually be downloaded from your chosen supplier via the Internet.
- If you do not have an Information Security Officer, consider appointing a a person to take responsibility for Virus Control, and to ensure that if a virus incident should occur, it is rapidly dealt with to minimize any impact.
- Staff awareness of Information Security issues can fade unless continually reinforced. Ensure that all staff, whether permanent or temporary, are fully aware of the risks involved in opening unsolicited e-mails, and provide regular, on-going Information Security awareness training/messages to reinforce key messages.
RUsecure Information Security Policies: www.information-security-policies.com
E-Aware Email Security Awareness: www.induction.to/email-security/