Be honest – do you currently have a malicious software reporting policy? Just relying on the existence of anti-virus software and firewalls may be too optimistic nowadays. The potential damage to information assets and productivity, let alone identity or bank account theft, suggests that a malware reporting policy should be in place in any organisation. Even Google is asking users to contribute to tightening up security by reporting any nefarious activity from websites listed in its results pages. And as an additional source of concern, it seems malware infections are also being caused by some of the very entities that are supposed to be protecting us.
A number of establishments like universities, government agencies and even churches take the malware threat seriously enough to formally issue policies about reporting it. Employees or members are asked to report any out of the ordinary activity on their computer systems – for example, browser windows opening unexpectedly or erratic mouse movements. Effective policies also define how IT staff should in turn report malware incidents to other users to advise them of any chance of infection. And they define sanctions for those who cause damage or loss to others through negligent or illicit handling of malware.
With new forms of malware appearing at different intervals (‘ransomware’ now locks up your computer until you make an online payment to unlock it), enterprises and agencies need all the help they can get to stay uninfected. But it seems that it is not only cyber outlaws that are launching malware attacks. Based on the documents leaked by Edward Snowden, former NSA worker, the Dutch newspaper NRC Handelsblad claims that the American intelligence service, the NSA, has deliberately infected more than 50,000 computer networks worldwide. Whatever the case, malicious software reporting, like neighbourhood crime watches, can be highly beneficial when people are well-informed about a few simple security rules for maximum protection.