OIT OPERATIONAL PROCEDURE
ANTI-VIRUS AND ANTI-SPAM POLICY
Computer malware and spam impact productivity, increase support costs, and can result in the compromise or loss of data and reputation. Malware can originate from a range of sources, spread rapidly, and require a comprehensive approach to ensure the risk it poses is effectively managed. This comprehensive approach requires the full co-operation of all Hillsborough Community College Staff, Faculty, and Students.
This document is the College's Anti-Virus and Anti-spam Policy and outlines the overall approach adopted by the college as well as individual responsibilities.
Anti-virus – a software product that detects and removes malicious email attachments, content within email or other documents. It may be on a local PC, a server or both
Anti-spam – a software product that detects and deletes spam using an analytical process that determines the validity of an incoming or outgoing email by its content
Spam – Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups; any junk e-mail.
Malware - Software that is written and distributed for malicious purposes, such as impairing or destroying computer systems, or sending personal data about the user to unauthorized parties over the Internet. Computer viruses or worms are considered to be malware.
This policy applies to all College staff, faculty, students or third parties using devices connected to or interacting with the College Network. Unauthorized use of college email and technology services in connection with the transmission of unsolicited e-mail and/or malware, including the transmission of e-mail and/or malware in violation of this policy, may result in civil, criminal, or administrative penalties against the sender and those assisting the sender.
Third parties are defined as any individual, group contractor, vendor or agent not registered as a College staff member, faculty member or student. Third party Access is defined as all local or remote access (including sending email) to the College Network or devices attached to the College Network for any purpose by any individual, group contractor, vendor or agent not registered as a College staff member, faculty member or student.
All Hillsborough Community College network users have a responsibility to protect any device they use to connect to the College network by ensuring that the correct anti-virus product is installed and that it is up to date. This relates to all College-owned hardware and authorized private hardware. All users are required to protect their systems from malware infection and follow the guidelines on spam email as outlined below.
Anti-Virus Protection for Users of College-Owned and authorized private Computers
Intentional or careless interference with or disruption of computer systems and networks and related services is not allowed. This includes but is not limited to the propagation of computer "worms," "viruses" and "Trojan Horses" and other activities that could have a negative impact on the HCC computing environment in the judgment of the Vice President of Information Technology or designee
Unapproved anti-virus products may not be installed on college-owned computers. Users may not attempt to alter the configuration or disable the existing anti-virus product.
When requested by The Office of Information Technology, users must install software designed to prevent or monitor malware infections. This software may not be disabled or uninstalled without permission from the VP of Information Technology or designee.
Users must logoff of their systems and leave their machines turned on when they leave for the day to ensure that their systems receive necessary malware and security updates.
Users should not open suspicious emails or attachments, solicited or unsolicited, from unknown or unusual sources.
Users should scan all software or other content that they download from the Internet for malware.
Users should exercise caution when downloading software from the Internet and install software from reputable Internet sites only. If users are unsure about the legitimacy of the software or source, they should contact OIT via the helpdesk.
Users should exercise caution when accessing web-based E-mail, including but not limited to Hotmail and Yahoo. Users should be aware that email accessed on these sites has not been scanned by the College email gateway and may contain malware
Responding to Virus Infections
All users must respond to any malware infection detection indicated by their anti-virus software by contacting the helpdesk in accordance with College procedures.
In the event that users are unable to clean or remove an infected file they should notify the Office of Information Technology Helpdesk of the problem immediately.
All users should be alert to the possibility of a virus and report any suspicious behavior on their computer to the Information Technology Helpdesk immediately.
Unsolicited Email (spam)
Users should exercise caution when divulging their College email account to third parties. Some organizations may provide email addresses to parties involved in sending unsolicited emails (spam), which may result in increased volumes of spam email being sent to a user’s account.
Using College network resources to distribute unsolicited email other than for College business is strictly prohibited. Users also may not deliver spam or cause spam to be delivered to any of Hillsborough Community College's email services or customers.
Users should never divulge personal information in response to a request received via spam.
Users may not use any college email services to send spam. In addition, e-mail sent, or caused to be sent, to or through the email services may not
- use or contain invalid or forged headers;
- use or contain invalid or non-existent domain names;
- employ any technique to otherwise misrepresent, hide or obscure any information in identifying the point of origin or the transmission path;
- use other means of deceptive addressing;
- use a third party's internet domain name, or be relayed from or through a third party's equipment, without permission of the third party;
- contain false or misleading information in the subject line or otherwise contain false or misleading content;
Failure to comply with the technical standards described below or otherwise violate FERPA, the applicable Privacy Statement, Acceptable Use Policy, and Security Policy may result in formal disciplinary or legal action appropriate to the inappropriate behavior.
Hillsborough Community College does not permit or authorize any attempt to use the college email services in a manner that could damage, disable, overburden or impair any aspect of any of the college information technology services, or that
could interfere with any other party's use and enjoyment of any technology service.
The Office of Information Technology has a responsibility to protect College systems and infrastructure from malware and virus infection and to filter network traffic as appropriate.
Anti-virus and Anti-spam Measures
The Office of Information Technology will
• Evaluate, select, and deploy anti-virus software on file servers, desktops, laptops and other equipment to scan for malware from sources such as inbound and outbound E-mail, external storage devices, E-mails and attachments (inbound), CD-ROMs. Software downloaded from the Internet
• Provide a method to reduce the impact of unsolicited or spam email in user email inboxes
• Take such action as it deems appropriate, including blocking traffic from a particular email address, internet domain, mail server or IP address to protect the network and College systems
• Terminate any account on any email service which it determines, in its sole discretion, is transmitting or is otherwise connected with any e-mail that violates this policy or any other applicable policy.
Desktop Anti-virus protection
The Office of Information Technology must
• Select an effective desktop anti-virus product. This product must be licensed and made available to all Staff and Faculty users connecting to the College network using a College-owned computer
• Monitor systems regularly for devices that do not have anti-virus software installed or have incorrect anti-virus products or settings
• Provide a central point of contact to College users for anti-virus matters;
• Keep abreast of potential malware that may affect the College;
• Promote awareness of anti-virus issues among users.
Gateway Malware Protection
The Office of Information Technology will provide and maintain effective virus scanning and anti-spam measures at the College gateway.
All inbound and outbound email from the College network and all autonomous managed networks must be routed through the central Message Transfer agent (MTA) in order to ensure that uniform gateway malware scanning and spam filtering measures are applied.
Office of Information technology, Anti-virus Support Group
The Anti-Virus Support Group will be responsible for
• Monitoring desktop systems for indications of malware infection using available tools
• Providing user support to follow up on and evaluate any virus reports from users and make recommendations which may include informing users of the problem by email alert, intranet, etc
• Providing user support during a malware outbreak incident and will provide whatever assistance is required to disinfect the virus and prevent propagation
• Providing official, updated information in the event of an incident.