What is malware?
Malware – or malicious software – refers to a range of harmful programs designed to damage your computer, network or server, and it can include viruses, trojans and worms. It targets individuals and organizations, and it can steal information, damage data, hijack website visits and spy on Internet activity.
Malware can hide inside innocuous-looking software (trojans) or spread between machines without relying on user interaction (worms). It can be custom-designed to evade defences and execute specific tasks.
Once inadvertently installed, malware can carry out many activities unseen. It may spy on website visits, destroy data, record your keystrokes, or piece together passwords. Ransomware is an increasingly popular form of malware that encrypts important business information until the organization pays a ransom.
Malware is usually delivered via email phishing or fraudulent links. Malicious apps and USB memory sticks can also compromise smartphones and computers.
What are the risks to your business?
- Data loss
- Financial loss
- Hardware damage
- Paralysis of business activity
How to defend your business against malware
- Put in place strong response, recovery and back-up processes.
- Run up-to-date anti-virus software on all machines and consider systems that use file reputation and behaviour analysis within a safe sandbox system. Network behaviour anomaly detection (alert to attacker commands) is another systems security option.
- Keep your PCs, servers and associated hardware up to date, installing the latest security patches as they become available.
- Make sure that your staff avoid questionable websites and know not to download free software or apps, run Microsoft Office macros on email attachments or use USB sticks from unverified sources.
- Consider application whitelisting (blocking any software not already authorized).
- Use different passwords for different business logins.
- Require staff to shut down their computers completely at the end of the day to ensure they are receiving the latest security updates.