1. Home
  2. Information Technology
  3. About
  4. Policies

5.06 Malware Policy

I. Purpose

The purpose of this policy is to describe the responsibilities of individuals, departments and Information Technology (IT) in protecting Bradley University endpoint computers against malware infections.

II. Description

All endpoint computers connected to the Bradley University network, whether wired or wireless, must have current malware protection software installed and running.

Malware, a shortened term for malicious software, is designed to infiltrate a computer system without the informed consent of the user.

Potential sources of malware include removable media such as CDs, DVDs and USB drives, electronic mail (including, but not limited to, files attached to messages), software or documents copied over networks such as the campus network, the Internet, P2P applications, and browser popups.

A malware infection is almost always costly to the institution whether through the loss of data (possibly permanent), staff time to recover a system, or the delay of important work.

Advice and Assistance

Information Technology will provide malware protection assistance in the following ways:

  • The IT HelpDesk and staff will assist individuals with recovery from malware. This includes advice on containment to stop the spread, help with removing malware, and advice on how to prevent a recurrence.
  • Timely information regarding malware threats will be sent to campus in a variety of ways, including notices via electronic mail and postings on Sakai and the HelpDesk Web page.
  • Information Technology will continue to work with Student Senate and the Residential Life staff to increase awareness of the importance of adequate malware protection.

Noncompliance

Computer users not complying with this computer security policy leave themselves and others at risk of malware infections which could result in:

  • damaged or lost files
  • inoperable computer resulting in loss of productivity
  • risk of spread of infection to others
  • confidential data being revealed to unauthorized persons

An individual's non-compliant computer can have significant, adverse affects on other individuals, groups, or the University itself. It is critical for the protection of all individuals using the campus network that each computer be adequately protected against malware activity. Non-compliance with this policy by use of a computer on the campus network which is not adequately protected against malware infection may result in a variety of negative outcomes outlined below.

University-owned computers (purchased through campus computer sales and supported by IT)

Malware activity is generally initially suspected when a great deal of traffic is identified by network administration software coming from a particular IP address (in use by a particular individual) on the network. When this occurs, the following steps are taken:

  • Network access by that computer will be restricted.
  • A trouble ticket will be opened by the HelpDesk, the University employee responsible for the infected computer will be contacted. (If the responsible party cannot be identified, the restriction will remain in place until someone contacts the HelpDesk about the computer.)
  • A time will be arranged for the infected computer to be scanned and cleaned. If files appear to be damaged or missing, file recovery will be attempted.
  • The IT staff person will ensure that NAV is installed and updating daily on the computer before the ticket is closed

Student-owned computers

As with University-owned computers, malware activity on student computers is generally identified when a great deal of traffic is coming from a particular IP address (in use by a particular individual) on the network. The following steps are taken when this occurs:

  • Network administrators will restrict the user's access to the network and notify the HelpDesk of the restriction. The HelpDesk will call the student to whom the computer is registered to inform them of the restriction.
  • The student must bring their laptop or CPU to the HelpDesk for assistance in scanning and cleaning the malwares from the system.
  • The student must demonstrate that anti-malware software is installed and set to update daily before network access is restored.
  • A fee of $25 will be charged for an initial violation. A fee of $50 will be charged if there is a subsequent violation by the same student. If non-compliance with the policy continues, the student may be referred to the residential life and student judicial services office.

Other systems

Some systems are on the campus network which do not fall under the above categories of University, employee owned or student owned. As stated earlier, all systems connected to the Bradley University network, whether wired or wireless, must have current malware protection software installed and running.

III. Scope

This policy applies to all Bradley University computer and network users.

Date Approved      
2/23/2004      
Dates Revised      
4/6/2004      
Dates Reviewed