There’s no better time to be talking about malware. With the NHS attack earlier this year and the recent rise of the Bad Rabbit virus, malware however big or small, is plaguing many locations of the world.
Spreading faster than ever, with more sophisticated variations than ever, the problem is only getting worse. Viruses and malware are a daily occurrence worldwide, considering a scary 4,000 estimated attacks took place every day in 2016 alone, with that number estimated to be double in 2017.
According to Kaspersky, a leader in antivirus software, not only are malware attacks exceptionally higher than they were a few years ago (and much higher than most people think), but the quality of the malware has also increased dramatically. They are less obvious, and more aggressive, meaning that even those of us who like to think of ourselves as tech savvy could fall for a malware scam.
What’s further frightening, is that virus infections are no longer simply a practical joke from a lone hacker, they are complex and manufactured crimes, belonging to whole methodical organisations. With now suspected political and financial motivations, more than ever companies are proposed targets for this sort of crime. A potential attack can be devastating for a company, not only wrecking their brand image and costumer support, but potentially costing the company lots of money, alongside the worrying chance of losing sensitive and secure data.
Barkly’s survey about Security Confidence Headed into 2017, showed that 38% of respondents who suffered attacks expect their security budget to increase in 2017 but 52% expect budget to decrease or stay the same. This can alarmingly show how many businesses are unprepared and oblivious to just how large the risk actually is for viruses.
For SME’s, Edge IT recommend that all companies undertake the advice of a professional IT company, and look into trusted software and processes that can protect your company in the event of an attack. However, there are simple steps anybody can take to help prevent attacks, and we’ve summarised them into key points.
Firstly, to fully understand how to protect your company, you need to understand what malware actually is, and what forms it can come in.
- Viruses: A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
- Worms: A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
- E-mail viruses: An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim’s e-mail address book. Some e-mail viruses don’t even require a double-click — they launch when you view the infected message in the preview pane of your e-mail software [source: Johnson ] A fascinating study from FAU also backed up the fact that many of us are still clicking on threatening links. Their study found that worryingly, two in every three users admitted to clicking on a virus link, and alarmingly there were a lot more actual clicks compared to the amount of people who owned up to the doing.
- Trojan horses: A Trojan horse is simply a computer program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
So, now we understand more about the dangers, what can be done to prevent them?
Updating Systems
Patching is the most common way of describing the process of making sure a machine is properly secured with the latest operating systems, browsers and anti-virus. A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, which usually also improves the performance of the computer.
Without up to date and secure versions of these items, then the computer is more at risk to viruses. Operating systems such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them particular targets for criminals. Criminals and security researchers are constantly analysing and testing the code, looking for flaws that can allow a “computer hacker” to take control of a computer or steal valuable data.
It’s therefore vital that when a new and improved version of a software or system is available, that you take the chance to upgrade. The upgrade and change could be fixing and preventing flaws that hackers may be trying to take advantage of right now. As a business owner, patch tests can seem overwhelming and time consuming. especially if you have a large number of machines. Barbecue of this,we offer our own patch management service for businesses, so you don’t have to be worrying about systems or software’s that need upgrading.
Anti-Virus
You may be sick of hearing about the importance of anti virus, but the fact is that it is so widely spoken about because it is very important for all machines. Whether you have a small or large company, every machine needs a reliable anti-virus software. Anti-virus acts as the doorman to the computer, checking and approving what comes through onto the system. It’s aim is to seek out, warn and destroy all potential threats. Installed properly, it can be the barrier between potentially infecting a computer.
A problem that many companies face, is remembering to update their anti-virus. It’s pretty simple to have it downloaded onto all machines, but when you’re busy focusing on the business, it’s easy to let antivirus expire and miss upgrades. It’s a common misconception that once on the machine, it’s safe for life. Employees need to be aware that they should be looking out for notifications from your anti-virus that may be pre-warning of expired software. Alongside anti-virus it’s important to know your operating systems, firewalls, and firmware up-to-date. Are your servers and workstations running operating systems that are still being supported? Is your firewall current? Is everything being automatically updated and patched on a consistent basis? What about your firmware? It is important that these elements stay current to protect against ever-evolving threats
Browsing and Download Policies
Malware isn’t just found within software’s and systems. It’s now becoming more common than ever for malware to be detected on the internet. We may associate viruses on the internet with the dark web or inappropriate websites, but they are now appearing on seemingly legitimate websites that we are frequently visiting. Viruses are particularly powerful on the internet because they are attached to data, not code, making them harder to avoid.
There are ‘safe browsing’ options on most browsers, and it may be worth looking into this for your staff. Anti-virus can also be sure certain pop ups and adverts are blocked, which may contain further links to download files that are harmful. Downloading unknown files is where a lot of problems start. One way a company can combat this issue is by setting up administrator powers on machines. This can mean that users have to request permission to download unknown files that are deemed suspicious. Although perhaps time consuming for the administrator, it will still be a lot quicker than trying to solve a virus problem if it should arise.
Protect Mobiles
Many business are still yet to fully understand the implication mobiles can have on their security infrastructure. More than any other device, phones and tablets straddle the line between purely business and personal. Even if your company has company phones and devices, many individuals are still bringing in and using personal devices alongside. Many employers are happy to combine the two, providing business devices that employees can use outside of work for personal use too
Mobile phones however, are increasingly becoming a target for malware and hacking, thought to be due to criminal’s awareness that many people’s personal phones also act as their business phone and therefore can contain information and desired data. The issue of mobile phones being brought into the work place should be on any employers radar. We love this little visual which captures all of the different areas of threat mobile phones can face.
You can’t control what people do on their personal devices outside of work, but it may be worth thinking about having a general security chat with your company about how they currently protect themselves and their devices online. We’ve also previously outlined how using free public wifi can provide risks for devices, so it goes without saying that your company needs a secure wifi infrastructure and system in place. Edge have helped many companies set up their infrastructure to ensue it’s a secure and safe online environment, protected against malware. Lastly, we can’t express enough how it’s important to make sure every member of your company understands malware and it’s dangers, and their actions that may encourage it’s presence. Although encouraged, many employees still don’t choose secure passwords for example, which can be another easy route for criminal organisations to access certain files and areas of a machine to infect.
Edge IT are on hand for any virus concerns, and protecting small businesses against malware dangers is a large area of our expertise. Get in touch today for free advice on protecting and preventing viruses in your company today.