With computer hacking in the news on a regular basis, security and how to protect your computer network are a top concern for many small businesses. But do you understand the dangers, and what it all really means? It can be a real challenge to decide what steps you need to take to protect yourself if you don’t really understand what the risks are. That’s why we have broken down one major risk category for you – Malware. This guide will explain what is malware, what harm it can cause, and most importantly, easy steps you can take and train your employees on in order to decrease the likelihood of an attack on your network. One important note – because new malware is released every single day, even the best anti-virus, firewalls, and patching solutions aren’t foolproof. All they can do is react to or patch for the latest version. Which makes sound, frequent backups your absolute best protection against data loss.
What Is Malware?
Short for malicious software, Malware describes any software whose purpose is to either disrupt computer operations or infiltrate it to gain either private information or unauthorized access. Malware is designed for a variety of stealth and/or hostile purposes, including spying, sabotage, or extortion. Malware is a blanket term used to cover all malicious software, such as viruses, worms, Trojan horses, ransomware, spyware, adware and scareware, among others. It’s all bad news, but here is the quick review of each term and what it means: Virus – a computer virus embeds itself into software or even the operating system itself, and then when that is run, it spreads to other executables on the machine. A virus requires a user to run the infected program before it can spread. Worm – this is a stand-alone piece of malware that actively transmits itself over a network to infect other computers. Unlike a virus, a worm doesn’t rely on a particular program being run – it spreads itself. Trojan Horse – Just like what it sounds – this is any program that invites a user to run it, escaping detection of the malware concealed within it. This is a common method of infection for ransomware, spyware, adware, etc. so you think you’re downloading a free fun game, but really you have opened the gates to a dangerous software program. Ransomware – This stops you from using your computer until you complete a certain action – effectively holding your PC or files for ransom. Most commonly, the demand made in order to re-gain access is for money, though it may also be to complete a survey. Ransomware messages may also claim that the user has done something illegal and the payment demanded is actually a fine being levied by a government agency such as the FBI. Spyware – a general term used to describe software that behaves in a certain way, almost always without the user’s consent. These activities include advertising, gathering personal information or even altering how a computer is configured. Adware – a type of Spyware, adware is software that automatically displays or downloads advertising material – usually unwanted – when a user is online. Adware isn’t always malicious, but it can impact the performance of your computer by slowing it down or making it unstable. It may also be collecting information about you that you are unaware of, in order to create a user profile and sell to another vendor. Scareware – this is a malicious software program that is designed to trick a user into buying and downloading software that is not needed and potentially dangerous, such as fake anti-virus protection. This is primarily a money-making scam, bilking users out of money for the fake software, because the scary and urgent messages convince users that they need it. The software itself can also be a Trojan Horse, invading your computer once it’s downloaded and gathering credit card, banking and other personal information. Malware often succeeds by being concealed within official software from legitimate companies. For example, a software update that users download from a website might have malware embedded with it due to an unknown vulnerability discovered by talented hackers. The less malicious types of adware are more likely to bundle with freeware (free software), so that when you download the intended software the adware gets downloaded as well. Sometimes you even agree to it, which is why you must read the fine print.
It’s no surprise that as technology grows more sophisticated, so too does Malware. Not only is it more prevalent – the AV-Test Institute registers 390,000 new malicious programs every day – but the creators are also more skilled than ever in damaging or disabling computer operations. A 2012 study by Statistic Brain Research Institute found that 40% of all US households had been affected by Malware, at a cost of about $4.55 billion. The popularity of ransomware is currently on the rise, as hackers capitalize on our increasingly connected world. The two most widely known ransomware programs – Cryptolocker and Cryptowall have earned a combined $18 million as of June 2015 – and still counting for Cryptowall. This trend is likely to continue, as hackers are more sophisticated and savvy than ever. Agencies and organizations dedicated to combating this are working hard to keep up, but in many cases the best they can do is to react as quickly as possible to the newest form of malware, limiting the amount of damage it inflicts.
Can Malware Be Prevented?
While nothing is foolproof, there are tried and true technologies that act as good defenses against malware and the damage it can cause. Most common are anti-virus (also referred to as anti-malware) software, and firewalls designed to keep unidentified and potentially harmful software away from a computer or a network. Here is a quick review of these defenses: Anti-virus programs – computer software whose purpose is to prevent, detect, and remove malware. This software was originally developed to defend against viruses, but as technology has evolved, so too did anti-virus software, providing protection against ransomware, Trojan horses, worms, etc. It can be installed on an individual computer or a network device. Firewall – a firewall screens out hackers, viruses, worms and other malicious attempts to invade your computer over the Internet. A firewall is designed for blocking specific network traffic, in accordance with company protocols and how they are allowed on the local area network. A firewall can be a physical device, or a piece of software, that filters an entire network or individual workstation as well. Patch Management – Patching as a malware defense applies to both operating systems (OS) and third-party applications. Patch Management involves acquiring and installing “patches” (code changes) that are designed to update an OS or an application – usually by fixing a security vulnerability or improving its overall performance. Common examples are when Microsoft issues weekly patches for its current operating systems and you are prompted to re-boot to install them, or Apple issues an update and pushes it to your iPhone so you can install and restart it. These are often done to fix holes or bugs in the system that have been identified by hackers already. Both home and business computer need to be protected, so it’s important that you determine what you currently have in place and take steps to implement both anti-virus and firewall protection, and/or ensure that you are using the most current version of your operating system and all applications, so that any patches that have been released are in place. And it’s worth noting again that nothing comes with a 100% guarantee. Despite the best efforts of the makers of anti-malware software and firewalls, sometimes the hackers are just better at their jobs. But when they do succeed at finding a way around the security systems designed to keep them out, the good news is that the manufacturers will issue the needed patch or update to correct the flaw – which is why keeping your software and operating system up to date are both critical pieces of the puzzle.
Malware Protection Starts With You!
The best prevention against malware is you. By practicing safe computing, being constantly vigilant and using common sense, you can greatly reduce the risk of having your computer system disrupted or damaged by malware. It’s easier than you think too by just following these simple practices: Avoid running any program that has been downloaded from an untrustworthy source or doesn’t have a digital signature. What this means is that when that that Security Warning pops up alerting you to an Unknown Source, don’t ignore it. Instead, take the time to scan it with your anti-virus or an on-demand scan program. Another option is to only open the program in a virtual environment (like Sandboxie or Bufferzone) until you can determine whether or not it is dangerous. As a general rule, we recommend that you only download programs from known reputable sites where you can confirm that the program you want to install is malware-free. If you are unsure, it’s always a safer bet to research it first. You can always come back and install it later. Use common sense online. If it sounds too good to be true, it probably is! Don’t get sucked into claims of free vacations, cash prizes or other free giveaways. Completing that survey won’t win you a new iPad. What it will do is give your personal information to the hacker behind the false internet claim. On the other end of the prize spectrum are the scare tactics – messages indicating that you are being investigated by the FBI for illegal activity and you have to pay a government fine, or that you have hundreds of viruses on your computer that must be cleaned up NOW, just click here and all your problems will be solved. These campaigns are designed to scare you into handing over your credit card information. And what’s truly scary is how effective they are and how many people are duped into paying for and installing fake software. Don’t fall prey to these scams. If the FBI wants to contact you, rest assured that it won’t be through a pop-up ad! Maybe you do need anti-virus software, but you will want to install it through a trusted anti-virus program’s website, and only after doing your own research on what you do – and do not – need. Keep your software and operating system up to date. Pay attention to the software updates that get released and be sure to get them installed. Often you can do this with a simple re-boot. These updates are providing patches to vulnerabilities and bugs that have been discovered – in many cases because they have been exploited by a hacker already. The update is what provides security against the flaw and is therefore critical to keeping your computer secure. You should also pay attention to the pop-ups issued by your operating system. In Windows, for example, it will prompt you to an unknown source that is trying to make changes to your computer, giving you the option to accept or reject the change. Hint – just say NO! These operating systems have built-in standard security measures so bypassing them is never recommended. Always read the fine print. Those user agreements that you NEVER read and always agree to accept? Depending on the source, you could be agreeing to download Adware that is bundled with the free program you just installed. So “free” to you means that the software provider is paying for it through the sale of advertising. At best it’s an annoyance and can affect your computer’s performance. At worst it could be a form of spyware that is collecting and then selling your personal information. Back everything up. We cannot stress this one enough! The best defense against ransomware is knowing that even if the worst happens and a hacker locks up all your files, you have a backup copy of all your files, videos, photographs, etc. Same goes for all types of malware. Having sound, frequent data backups as part of your network management or even your own personal computer is really the most critical component of any security program. Yes, you should still implement all of these other measures in order to provide as much protection as much and also for efficiency’s sake. After all, you don’t want to have to go to your backups every other day because you aren’t filtering out the vast majority of malware using the tried and true solutions. But in order to give yourself true peace of mind that your data is protected, you need to implement data backups to serve as that last line of defense against catastrophic data loss caused by a malware attack.
Other Quick Tips:
- Uninstall Java if you don’t really need it as this is one of the most exploited programs.
- Use complex passwords for you online accounts – Passwords should be a minimum of eight characters and contain a combination of letters (uppercase/lowercase), numbers, and special symbols (!,@, #, &, %,*) and re-set them every 6 months or so. An easy way to remember – treat your password like your toothbrush…don’t let anyone use it, and change it frequently!
- Do not open email attachments from unknown sources or files sent through an instant messenger – this is even more critical given what ComputerWeekly.com is reporting at the trend towards attachment-based malware campaigns.
- Don’t give out your details to people who don’t have a legitimate need to know them.
- Uninstall Java if you don’t really need it as this is one of the most exploited programs. While on social networks, it’s best to be reserved when allowing people to see your profile or updates.
If you remain vigilant about keeping your computer’s operating system safe, chances are you will be fully protected against the large majority of the various forms of malware. But because nothing is foolproof and malware is big business that continues to proliferate, it’s always smart to adopt a layered approach to security, and also be prepared for the worst. Using firewalls and anti-malware software, staying smart online and fully backing up all your data on a regular cycle is how you do that. Let the experts at Corsica Tech assess your current status and help you create the network solution that gives you the peace of mind you need when it comes to protecting your data. Don’t wait! Give us a call today at 877-367-9348 or email us at firstname.lastname@example.org to implement data backups, firewall services, anti-virus software and patch management solutions. Relax. We’ve Got I.T. Corsica Technologies understands that you need to run your business, not the IT that powers it. Whether it’s partnering with you to evaluate Cloud-based technologies, protecting your network, or proactively managing the overall health of your IT environment, Corsica’s experts will provide you with the peace of mind that it’s covered.