Security
Sophos Best-Practice Settings
Sophos regularly adds features and settings to its suite of antivirus tools to improve protection against malware, so it is important to regularly check your school is using the latest best-practice settings and features, that updates are coming through and you have Sophos on ALL servers and endpoint devices.
Please check the following in your console and return regularly to this page (sophosbestpractice.lgfl.net) for new additions. Bear in mind this is not an exhaustive list of the protections available but a selection of key elements which are easily missed and most helpful to review.
Account Health Check
Sophos has developed a built-in high-level health check. Follow these steps to see the recommended actions to improve your security.
Tamper Protection
It is important that his setting is enabled to help stop users (or hackers) from removing Sophos from their machines.
Global Exclusions
As the name suggests, a global exclusion applies everywhere so should be used with great caution and regularly reviewed.
Best practice is to apply an exclusion to policies that target specific machines rather than globally. Sophos will highlight exclusions which it deems to be high-risk.
Endpoint Policy
The settings available for your endpoints are regularly updated so it is worth checking this page to check that you are getting the latest protections.
Always double-check anything marked in red and ensure there is a reason for any protection which has not been activated.
Server Policy
These settings are regularly updated so it is worth checking this page to check that you are getting the latest protections.
Always double-check anything marked in red and ensure there is a reason for any protection which has not been activated.
Make sure you are making the most of all protections and if you are not using any of them you know why.
Alert Notifications
Although Sophos is always working and will take proactive steps to remediate threats, you do need to be aware of what is happening.
If there is a sudden spike in activity, this may be a precursor to an attack and it is vital you are aware of these early-warning signs so make sure you are receiving and monitoring these reports (including those reassuringly showing no concerns).
NB - alerts get sent to the email address you use to log onto the console