Malicious software, or malware, are software programs that are designed to harm computer systems. These programs can wreak havoc on both systems and electronic data by, for example, gathering sensitive information such as passwords without the computer user’s knowledge, deleting files and making systems inaccessible or inoperable. Computer users can inadvertently install malware on their computers by opening email attachments, downloading content from the Internet or merely visiting infected websites. Damage caused by malware can be expensive to fix and can cause significant losses in productivity until corrected. This is especially true with the ongoing and escalating threat of ransomware attacks against local governments and schools.

One way to detect and stop some forms of malware before it can affect its targets is by using antivirus software. Antivirus software should be installed and kept current with software and signature (a set of characteristics also referred to as virus definitions) updates. Antivirus software should be set to update definitions daily and to scan for threats throughout the day. Without current virus definitions, protection is limited and leaves computers at risk of being compromised by new types of threats. Similarly, without ongoing scanning, threats could infect computers between scans and then disable antivirus software to avoid detection.

Some local governments and schools use a mix of purchased and free antivirus software (downloaded from the Internet). While there is nothing inherently wrong with using different kinds of antivirus software, it may make timely, coordinated management of antivirus protection more challenging. If a local government or school chooses to use free antivirus software, officials should carefully consider all terms defined by licensing agreements, including type and extent of the software’s use, to ensure compliance.

In addition, some malicious programs are written to automatically propagate, or spread across, any new system they discover. Because malware can be embedded onto a wide variety of devices, a best practice is to force scans of any new devices connected to computers, such as USB flash drives and digital cameras, and turn off the AutoPlay¹³ feature for such devices.

¹³ A feature built into Windows operating systems to automatically “play” files stored on devices when connected to computers. This feature poses a security risk because malicious programs could be embedded on connected devices.

The Information Technology Governance LGMG can be downloaded at https://www.osc.ny.gov/files/local-government/publications/pdf/information-technology-governance.pdf