Members of the Delta State University community are expected to perform their scholarly and scientific activities in a safe-computing environment. The University will vigorously investigate allegations of computer virus activity on campus, as well as malicious code that would adversely affect the academic or administrative computing environment.
The purpose of this policy is to describe the responsibilities of individuals, departments and the Office of Information Technology Services (OIT) in protecting Delta State University (DSU) computer systems against virus infections. A virus infection is almost always costly to the institution whether through the loss of data (possibly permanent), staff time to recover a system, or the delay of important work.
Computer virus: A piece of self-replicating code, most often a malicious software program designed to destroy or damage information on computers. Some viruses cause no damage, but a significant number are specifically designed to cause data loss. Potential sources of viruses include shared media such as floppy disks or CDs, e- mail (specifically, e- mail attachments), and documents downloaded from the Internet.
PROCEDURES and RESPONSIBILITIES
Computer viruses can be very destructive, and at times catastrophic, if not handled swiftly and correctly. It is critical that if a department suspects that they have a virus on a computer that they contact OIT immediately. The campus site license antivirus program should be installed on every computer on campus in order to prevent a computer virus from infecting the campus. If the user does not have this program installed, or the program has been disabled, then the entire campus is at risk for infection or repercussions from the virus may affect the campus as a whole. The following information details how the campus can avoid and prevent a virus, and how to handle the situation once a virus is suspected or detected.
If you have concern regarding a computer virus on campus, or there is suspicion that a virus resides on any DSU computers or resources, please contact the OIT department immediately for assistance. If you suspect that someone has inadvertently or intentionally sent you a computer virus, please notify the OIT department for assistance. Over 90% of computer viruses are inadvertently spread by email.
- Negotiate campus site-licenses (PC and Mac) for virus protection software that result in cost-effective solutions for campus units. Communicate these solutions to departments. Provide the chosen site-license at no cost to the departments or provide an opportunity for departments to purchase licenses at a rate that corresponds to the number of computers in the department and reflects the discount achieved through bulk purchasing.
- Pursue server-based solutions as they become available to stop the propagation of viruses through University systems and networks.
- Provide training to participating departments on virus protection.
- Work with participating departments to install virus software on all computers.
- Assist individuals with recovery from infections by providing swift and accurate advice and assistance at the level the user and the situation require. This includes containment to stop the spread, disinfecting to clean the system, and the capture of incident information for future use.
- Ensure requests for assistance from participants receive a higher priority than those who do not participate in the OIT-negotiated solution.
- Perform trend analysis to locate problem areas and identify high-risk users where special actions may need to be taken. In cases of risk to other campus systems, take appropriate action to thwart the spread of the virus (for example, block outgoing data from infected systems).
- Proactively notify the campus of viruses as soon as they are known to be in circulation or that there is a threat to the campus.
- Ensure that all OIT public and teaching lab computers and other shared systems are adequately protected and that someone in the department has been designated as being responsible for their maintenance and upkeep.
- Ensure that all virus definition files are current, usually updated on a daily basis.
- Ensure that site licensing is maintained to prevent further incidents of virus outbreaks on campus.
- Ensure that all departmental computers are running current virus protection software either through the OIT-negotiated solution (referred to in this policy as “participating departments”) or another option.
- Designate a local contact for departmental virus protection and other computer related issues to assist OIT in the education of the user community and virus response.
- Schedule a mandatory-attendance workshop for all departmental computer users(including student employees)in which OIT staff and the departmental contact train departmental users on protecting their systems. This session will be held annually, at a minimum.
- Ensure that all departmental lab computers and other shared systems are adequately protected and that someone in the department has been designated as being responsible for their maintenance, with assistance and coordination with OIT.
- Make every effort to ensure that materials used on campus are virus free, up to and including scanning of all uploaded documents.
- Report all virus incidents to the OIT User Support Services Help Desk at once. Provide the following information if known: virus name or type, extent of infection (single PC, LAN, etc.), source of virus, and potential recipients of infected material. Note the distinction between receiving an e-mail message that contains a virus-laden attachment versus allowing a virus to infect a computer. Most active computer users receive e-mail messages that contain viruses on a daily or weekly basis. By knowing the proper way to dispose of these messages, users can prevent any harm from coming to the system. Only cases of infections or possible infections need to be reported.
- Remove from the network any computer known to be infected or where infection is suspected, until it can be disinfected. This can be accomplished simply by removing the network cable from the wall connection. Physically disconnect the computer from the network in order to prevent further spreading of the virus.
- Update your virus protection software and/or data files frequently (weekly at a minimum). The campus site license software that is installed on campus computers will automatically update daily, unless circumvented by the user.
- Perform frequent auto-scans for viruses (daily recommended) on desktop systems. OIT will configure your desktop system to perform frequent auto-scans. Do not alter these settings without consultation with OIT.
- Exercise extreme caution when opening attachments. Never open an attachment unless it is expected even if it is from a trusted user. The majority of viruses come from attachments to email messages.
- Include any removable media in the scan. Diskettes are often used to spread viruses.
- Allow OIT to install or have you install any recommended security patches for the operating system and applications that are in use.
- Exercise extreme caution when downloading files from the Internet. Only download from reputable sites
- Exercise reasonable caution when installing files from removable media such as CDs. Even “shrink-wrapped” software has been known to contain viruses.
- Perform regular backups of the data on individual desktop systems in the event of a disaster. OIT is not responsible for lost data under any circumstances.
- Understand if OIT responds to a virus incident and finds that the infected desktop system is not running virus protection software, or that virus protection software has been disabled, then the individual must agree to either allow the OIT technician to install the campus site license antivirus solution or they must agree to purchase, install and properly use the software to prevent future incidents.
- Limit personal use to a minimum to reduce the possibility of receiving a virus on a University-owned computer.
- Read the policy on Responsible Use of Electronic Communication. Allowing a computer system to become infected puts other University systems at risk and, in the extreme, is a violation of the Responsible Use of Electronic Communication policy in force on the DSU campus.
Anyone suspected of deliberately unleashing a computer virus on the DSU campus will be handled according to all policies in place at the University. The individual will be reported to his respective supervisor. The University reserves the right to enforce the sanctions as outlined in the Responsible Use of Electronic Communication policy, and other resources that may be available at the time of the incident. The individual may also be subject to local, state, and federal laws and will be prosecuted to the fullest extent possible. For details on violations, reporting violations, and how such violations are handled, please refer to the policy on Responsible Use of Electronic Communication.
If unsure whether a violation has occurred, contact OIT to evaluate the situation. From there, appropriate channels will be followed.