|Description||Notification to End Users:
ISPs should develop and maintain critical notification methods to communicate with their customers that their computer and/or network has likely been infected with malware. This should include a range of options in order to accommodate a diverse group of customers and network technologies. Once an ISP has detected a likely end user security problem, steps should be undertaken to inform the Internet user that they may have a security problem. An ISP should decide the most appropriate method or methods for providing notification to their customers or internet users, and should use additional methods if the chosen method is not effective. The range of notification options may vary by the severity and/or criticality of the problem.
Examples of different notification methods may include but are not limited to: email, telephone call, postal mail, instant messaging (IM), short messaging service (SMS), and web browser notification.
|Industry Role(s)||Service Provider|
|Keyword(s)||Cyber Security;Intrusion Detection;|
|Reference/Comments||An ISP decision on the most appropriate method or methods for providing notification to one or more of their customers or Internet users depends upon a range of factors, from the technical capabilities of the ISP, to the technical attributes of the ISP's network, cost considerations, available server resources, available organizational resources, the number of likely infected hosts detected at any given time, and the severity of any possible threats, among many other factors. The use of multiple simultaneous notification methods is reasonable for an ISP but may be difficult for a fake anti-virus purveyor. Best Practice 8-8-X022 provides information on how to address the malware infection.
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide services to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.