Anti Virus and Malware Policy | Introduction and Policy Scope | Key Areas and Responsibilities | Template for FCA Applications and Authorised Firms

INTRODUCTION

This policy helps Hirett (hereinafter referred to as the “Company”) to define how it protects the devices, people and information under its remit through the use of malware and ant-virus software and applications.  The Company installs malware and anti-virus protections on all devices that can access external networks and ensure through secure configuration that risks and threats are minimised.

We recognise our obligations to protect not only the intellectual property of the Company, but also any personal or confidential information relating to our customers and employees. Users are made aware that they are not allowed to access the malware or anti-virus applications and are bound by the objectives and content of this policy.

WHY THIS POLICY EXISTS

The purpose of this policy is to define the Company standards for installing and configuring malware and anti-virus software on all of its devices [and employee’s personal devices where they are used for business purposes]. The Company understands the threat posed by viruses and malicious software and have strict measures and controls for minimising the risk of its devices being infected or affected.

This Policy sets out the responsibilities of all users to ensure that they adhere to this policy and take every reasonable precaution when accessing, using or opening websites, emails, files, USB or other removable media or other systems that may pose a risk or threat to the Company’s information systems.

POLICY SCOPE

This policy applies to all staff within the Company (meaning permanent, fixed term, and temporary staff, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with the Company in the Spain or overseas). Adherence to this policy is mandatory and non-compliance could lead to disciplinary action.

 KEY AREAS

• The Company recognises that virus or malware infections are extremely damaging in multiple ways. There is both a monetary and reputational cost when a device or network is infected, and the Company has an obligation to ensure that every reasonable measure is taken to reduce the risk of such infections happening.
• As viruses and malicious software is constantly evolving, so are the Company’s controls and approach to protecting our devices and networks. We have a number of objectives in place to ensure that our business, information, employees and customers are protected from virus and/or malware infections, including:
• Install anti-virus and malware applications or software on all devices that are connected to (or can be connected to) external systems and the internet
• Regularly update malware and anti-virus software and ensure that where applicable, automatic updates are enabled
• Known malicious sites or email addresses (spam) must be blacklisted where possible to prevent unauthorised access
• All devices and servers used by the Company utilise a supported operating system version with the latest patches and updates installed and applied
•  Any personal devices (i.e. smartphones, laptops) that are utilised for business purposes are to be given to the IT Team to ensure that effective, adequate and up to date anti-virus and malware software has been installed and correctly configured
• Configure malware and anti-virus software to effectively scan devices and files daily and additionally when:
  •  the device is accessed
  • removable storage media is attached
  • email attachments
  • downloading and/or opening files from external sources
  • webpage scanning
• Ensure that any new applications installed on a device are approved by the IT Team and all approved applications are documented
• Prevent users from installing unauthorised applications directly onto their devices
• Ensure that all employees are aware not to open email attachments or website files unless they have been authorised to do so or they are received from authorised senders

 RESPONSIBILITIES     

It is the responsibility of the IT Team to oversee; implement; configure; monitor and maintain all anti-virus and malware software applications. However, all users are expected to understand the importance of preventing access to devices from malicious sites or email attachments and are responsible for following the objectives in this policy.