FDIC Guidance on Developing an Effective Computer Virus Protection Program
The FDIC issued guidance to banks on developing an effective computer virus protection program. FIL 62-2004 on June 7, 2004 emphasizes the importance many banks have on using technology and using it to communicate with customers. Email was emphasized, but we see with Scob (JS.Scob.Trojan) that banks should look further. Some considerations the FDIC mentions include:
- virus protection should be a part of your information security program
- installation and maintenance/updates are critical and should be addressed at desktops, laptops, servers and gateways
- employees should be trained on how to protect their systems and about email attachments
- maintain the operating systems with updated patches and releases
- consider what attachments should be allowed based on their extension and possibility of carrying a virus
- scan programs prior to uploading
- perform periodic audits to test your anti-virus program
- provide multiple layers of protection
Use an alert service so you know when an attack is beginning. Anti-virus programs cannot stop an attack until they know what is there. So those initial systems infected by a new virus have no protection, but lead to the development of the protection. Early notification raises your awareness level to be additionally cautious and to update your programs as soon as a release is out.
First published on BankersOnline.com 06/29/04
print
share