Corporate Users - Recommendations on Virus Warnings

   A member in MyITForums ask for general guidelines in composing virus alert messages to be sent to all employees for a rapidly spreading virus.  

Occasionally viruses will get into the corporate email system before AV protection is in place. The "rules" below represent some of the factors I have learned after years of doing this.

Rule #1 - KEEP IT SIMPLE for the users to promote understanding by non-technical folks

Rule #2 - KEEP IT SHORT as you want it to be read quickly plus it saves bandwidth and space on your email servers. 

Rule #3 - TELL THEM WHAT TO AVOID and promote good security awareness along the way in a simple way

Rule #4 - ASK THEM TO REPORT INFECTIONS to the Help Desk, Security department, or Techs rather than trying to clean the virus themselves.

Rule #5 - SHARE LINKS TO MORE INFO on your Intranet based Security Awareness sites. Hopefully, you have an Intranet Security site (and if not build one as it's one of your best tools)

Here's an example of a format I'd recommend changing the word EXAMPLE to the specifics relevant for the particular virus:

quote:

To: ALL EMPLOYEES
Subject: Virus Alert: W/32.EXAMPLE.A (avoid EXAMPLE.ZIP attachments)

Some of our professionals have found copies of W/32.EXAMPLE.A in their email accounts. We have protection from AV-VENDOR in place to now block this rapidly spreading virus.

Please report all suspicious email attachments to our Help Desk. The attachment to avoid is EXAMPLE.ZIP. If you have accidently selected this, please contact our Help Desk at 999-HELP so we can check your system

MORE INFORMATION CAN BE FOUND HERE:
infosecurity.companyintranet.com/ExampleA.htm

PLEASE PROTECT YOUR COMPANY AND HOME PC THRU BEST PRACTICES:
infosecurity.companyintranet.com/Virusprevention.htm