End point anti-virus (6.2.1 - 6.2.9)

The NDG review highlights the importance of deploying suitable measures to reduce the likelihood of incidents in the first place, such as anti-virus solutions.

Each end point desktop computer, laptop or tablet (tablet with the main operating systems of the organisation not a mobile operating system) should be protected by an anti-virus product.

Whatever the the solution should enable you to easily determine the anti-virus status on each end-point, such as how often it's updated.

Your anti-virus solution will generate alerts every time an event occurs (such as a detected infected file). You should be able interrogate your system to know what they are, whether they are fixed or whether you need to take any further action.

Managing your IT estate will be easier with a central management, because even where you have a small number of endpoints, examining each one can be cumbersome. Some providers will provide you with features to manage a small estate, making this task easier.

Has anti-virus/anti-malware software been installed on all computers that are connected to or capable of connecting to the internet?

Money should not be seen as a barrier to having adequate antivirus protection. There are anti-virus packages that are bundled with the operating system (such as Microsoft Windows Defender) or can be acquired at zero or modest cost.

For NHS organisations using Windows 10 (which is centrally funded) the Advanced Threat Protection version of Defender, now known as Microsoft Defender for Endpoint (MDE) is included  (Free of charge)

As well as being on the endpoints, anti-virus protection should be installed on all your central infrastructure servers, such as:

• file servers
• mail servers
• application servers
• print servers