Answer by Andy Zavoina:
Apply updates to the systems, keep the virus definitions and engines current and apply filters as possible so that an employee won't be tempted to open that contaminated e-mail. Train employees on safe computing.
Regularly test your systems.
Answer by Paul Reymann:
This is a great question! It shows you are focused on a prudent risk management strategy - dynamic maintenance of your security measures.
Since threats against your network are continuously emerging and changing, you should continuously monitor and update your security measures. These security measures include virus protection and many other layers of an effective security program such as firewalls, intrusion detection systems, event monitoring, and other network performance and usage information. In short, you should be following on a routine basis numerous prudent steps.
The FTC recently offered guidance that addressed this point specifically. A few example steps include:
- Using anti-virus software that updates automatically.
- Maintaining up-to-date firewalls.
- Centralizing the management of your security tools.
- Regular monitoring of your network events, performance, and usage.
- Ensuring key personnel are updated on any new security risks or breaches.
- Performing daily back ups of key data.
- Provide annual training to staff to ensure they understand their roles and responsibilities under your information security program.
First published on BankersOnline.com 11/18/02