It’s a sad fact that many organisations are ill-equipped to deal with viruses when they occur. Yet it is remarkably simple to keep ahead of the game. Although it’s impossible to be 100 percent secure against infection, by following this simple checklist, methodically and regularly, you can keep your network as safe as it’s possible to be while connected to the Internet.

One-off actions
Action Comment
Procure the corporate edition of a good virus scanning package and roll it out across the organisation - on servers and workstations, and any other devices you can (e.g. firewalls or switches with AV interface capability). Ensure that users are not able to disable protection on their workstations. Corporate virus packages collate details of attacks in a central management interface, allowing you to keep abreast of the level of attack you are experiencing.
Define business processes for the use of removable media (floppies, CDs, Zip disks, etc) with regard to viruses. Removable media are a common path into the organisation for viruses.
Set aside one computer as a 'proven' virus-free machine and forbid users to touch it; configure it with a separate Internet connection from the main link, and do not connect it to the LAN. Should you need to download material from the Internet in the event of an attack, you need a machine you know to be uninfected with a link that you know will work.
Define a procedure for recovering from all types of attack. You should consider the various eventualities of how attacks on various system components would affect you. Document how to recover from them (this probably includes the eventuality of recovering from backup tapes).
Define a priority plan for use in the event of attack. Business-critical systems and departments should be prioritised higher than less essential services. Business functions vary in their criticality to the organisation. It's important to understand what needs to be backed up first when recovering from an attack.
Every year
Action Comment
Revisit the brand of anti-virus software you use and consider whether it is still the best of breed. It's important not to be complacent and stick with a brand for no good reason.
Every month
Action Comment
Circulate a report of how many viruses have been caught, or how many infections have taken place. Users are often surprised just how prevalent viruses are. This is a useful reminder to keep them vigilant.
Re-examine your departmental priority plan. You may need to adjust priorities as business needs change.
Every week
Action Comment
Run a report of the version of the AV software and its signature file that each machine is running. Compare it with your asset inventory. Corporate AV software often relies on users being connected to the LAN in order to receive virus updates, which means people who regularly telework are liable to have out-of-date virus signature files.
Update your anti-virus rescue CDs/floppies with the latest virus definitions and check that they work. There's no point in having a rescue disk if it can't eradicate the viruses that have crept in.
Every day
Action Comment
Check your virus logs, and compare the viruses found there with your software vendor's website. It's important to get to know the destructiveness of each virus, so you can remember the vicious ones.
Ensure that virus signature updates are occurring correctly. You don't want to discover empirically that updates aren't working.
Act upon instances where the AV software has reported an infection but has been unable to clean the computer. Some viruses can't be eradicated without a reboot or even manual intervention.
When you add to the network
Action Comment
Ensure that new computers - servers or workstations - are as fully virus protected as possible before you connect them to the LAN. It's common for viruses to sneak in between the operating system installation and the virus software installation.
When you get attacked
Action Comment
Cut off the source of attack and any routes a virus may take out of the network. It's important to stop the flood of viruses inward, but also to ensure that a virus that has got in cannot replicate itself across the network and/or outside.
If you suspect that the virus is percolating through your network, segment it by disconnecting switches and routers where appropriate. It's important to confine the virus to as small an area as possible.
Inform the business of the situation to whatever extent is possible. If you don't, the phone won't stop ringing, but of course if your email server is infected it may be impossible to inform everyone quickly.
Ensure your AV toolkit has the appropriate cleansing capability for the virus you're infected with. The virus may have crept in between AV updates.
If a special disinfecting tool needs to be downloaded, do so via the computer you know to be clean. Some viruses can only be removed via separately downloaded tools, not by the standard AV system.
Before disinfecting machines, ensure that you apply appropriate protection to prevent re-infection, including updating your AV signature files. Note that if the virus is brand new, you may have to wait for the AV agencies to put out a patch, during which time you may have to keep some systems disconnected.
Starting with central components such as servers, clean and double-check the cleanliness of each system. Keep 'clean' and 'dirty' systems separate and assume everything to be 'dirty' unless proven clean. Connect systems back up only when they are known to be clean. Once you have disinfected an area, you don't want to re-infect anything in this area.
Once everything is clean, verify that the source of attack is no longer a threat. Have you protected yourself against the problem, or has the attack simply gone away, to bite again tomorrow?
Inform staff and management when systems are running normally; if some systems have to stay out of commission, make this known and report as you re-commission services. 80 percent of the customer experience is down to users and management feeling that they are being kept informed about what's going on.