New malware policy and internet security awareness training approved

A new campus policy regarding computer and network access in case of malware infection has been approved and added to the university manual, and internet security awareness training has been approved for all employees. 

The new policy specifies that any device or account connected to the GVSU campus network that has been compromised by a virus or malicious software must immediately be disconnected and removed from the network. If the device isn't disconnected from the campus network, Information Technology may block the user account from the network until IT staff can verify that the device or account are no longer compromised. 

Users whose devices become infected will be required to produce any infected device to IT immediately upon request to prevent information disclosure, data file destruction or exploitation of the compromised account. 

IT staff will provide their identification and authorization to the person whose device was compromised prior to the device being removed from the network. IT will also take reasonable steps to provide a substitute device for use on the campus network while repairs are being made to the original device. 

Additionally, internet security awareness programs have been approved and adopted by university senior management and will begin on February 1, with required completion by March 20. 

All faculty and staff members will be notified by email when the training is set up and ready for completion. The training and awareness program consists of 15 mandatory and eight optional videos with two or three questions at the end of each. The entire training program will take approximately one hour. 

"GVSU employees have had many attempts by hackers to change bank routing information, vendor information and attempt phishing emails and calls to steal account and password information," said Sue Korzinek, director of Information Technology. "We are committed to helping employees learn the risks and warning signs of these security risks to keep university and personal data safe and secure."

Any employee with questions about internet security or who suspects a network device may be infected with a virus or malware should contact Information Technology immediately at (616) 331-2101.