Removing malware and cleaning up after an infection can be time consuming. Although the process of protecting computers from malware may seem to be tedious, it is far better to prevent malware than to clean up after a malware infection. Develop a malware prevention strategy as well as malware mitigation procedures.

Aggressive malware prevention strategies will likely include some of the following:

• Frequent media scans

• Multiple anti-malware software shields

• Frequent signature database updates

• Restrictive software installation policy

• Restrictive download policy

• Restrictive removable policy

• Limited web browser functionality

• Not running in Administrator mode unless necessary

While each item on this list does reduce the probability of malware infections, it reduces the computer’s usability. Overly aggressive malware prevention measures can become so intrusive that they can interfere with business functions. Weak malware prevention can allow infections that can also interfere with, or even prevent, business functions.

The best solution is a balance between the two extremes. The following best practices employ a good measure of malware prevention without being overly intrusive. Follow these suggestions to develop a solid malware prevention strategy:

• Install antivirus and anti-spyware software on all computers.

• Enable all real-time scanning (shield) options.

• Update signature databases and software daily.

• Perform a complete scan of all hard drives at least weekly.

• Perform a quick scan after installing or updating any software.

• Enable boot time virus checking, including boot sector and memory scan at startup options.

• Remove administrator rights from all normal users.

• Apply software and operating system security patches.

• Educate users on the dangers of malware and how to avoid becoming a victim.

• Block outbound network connections that are not required for your applications.

• Establish incident response capabilities.

• Back up your files.