How To Protect Your Organization From Viruses And Malware
“We have anti-virus and anti-malware, but what is the difference between viruses and malware?” This is a question that clients and prospects ask our team all the time. I am the president of an information technology company in Chicago, and I’ve learned that, in reality, all you need to know is you don’t want viruses or malware on your system. There is one thing to remember when it comes to cybersecurity and having layers of protection: No one policy or tool will save you from every possible threat.
With that said, here is the non-techie breakdown of viruses versus malware and four rules to help your business avoid getting infected:
The Cybersecurity Basics
Viruses are programs or code that can harm your computer or server by encrypting, corrupting or destroying your system and data. All viruses are made to do different actions, but generally, they can create, move or delete files and have the ability to slow your computer down so it can no longer function. Viruses attach themselves to legitimate programs and files to then unleash their fury immediately.
Malware, on the other hand, is more encompassing and can be a variety of malicious software. It is a catch-all term when talking about cyberthreats. It could be ransomware, spyware, worms or a virus.
Each malicious program has its own objective, some of which include:
• Gaining control of someone’s system and files so it can hold them hostage for ransom payments.
• Setting up services in the background for their own gain, often, I’ve found, with the intent to mine cryptocurrency.
There are plenty of ways to catch a cyber cold; most require some sort of human interaction. There are some forms of malware that can execute on their own, but humans, in my experience, are usually the last line of defense. Below are four ways to protect your company from malware:
Be careful what you click on.
The first and easiest way to get infected is to click on or open something you’re unsure about. One example of this is spam emails with links or attachments. Most are made to infect your computer, so the first rule is: Don’t click on things you don’t know for sure are legitimate. This goes for emails as well as messages through social media platforms.
Ask your IT team for help.
If you are asked to enter your password anywhere outside of where you normally would, it is probably not a good idea to not enter it. If an email asks you to send a password, do not comply. This includes emails from companies, software providers or even someone you share access to a program with. Attackers use login boxes and emails to gain passwords and can make their requests look legitimate.
This brings us to rule No. 2: Don’t hesitate to ask your IT department when you are unsure about something, and always go to a website by typing the URL in a new window before logging into anything.
Verify technology is safe before allowing it to join your network.
Another way I’ve observed business technology can become infected with malware is through USB drives, though this is a method that is becoming less common. Be careful when plugging anything into your machine. This is an easy way for malware to spread from one network to another.
Picture this: Your client is working on a document they need you to review. Unbeknownst to them, they currently have dormant ransomware sitting on their system. They copy the document to a USB, but it also includes that dormant ransomware. When you plug the USB into your computer to review the document, a signal goes to the cybercriminal, who can then infect your entire network.
This shows the importance of rule No. 3: Don’t think that because you know the source you can trust all technology. Sending files via email is generally safer than a USB. If the file is too large for email, use a secure file-sharing application.
Exercise caution when sharing personal information.
The last scenario I often see is called social engineering. This is when cybercriminals trick you into sharing information through spam emails and phone calls. They might call your receptionist, sales department or whoever else they can reach to gather nuggets of knowledge — such as your favorite food, where you were born, your mother’s name, etc. — that enable them to hack your organization.
Answers such as these could give access to security questions or passwords, and these are also things people who know you will know. An innocent question such as, “I just met with Bob last week and wanted to send his dog a customized treat based on our conversation, but I forgot its name. Can you help me out?” could cause a security breach in your network and expose you to malware. This is why I believe rule No. 4 is: Don’t trust everyone.
You can combat social engineering by implementing security policies and verification. Create company policies regarding sharing personal information. A good rule of thumb is if it isn’t public knowledge, you and your team shouldn’t share it with strangers. If the caller’s identity can be verified, instruct your team to confirm that they are allowed to have the information they requested.
What really matters when it comes to protecting your organization is that you take every step possible to prevent getting a virus or malware. First, implement the four tips listed above throughout your company. Then, invest in tools that help protect your company. As stated at the beginning of this article, when it comes to cybersecurity, it is all about having layers of protection. No one policy or tool will save you from every possible threat.
How To Protect Your Organization From Viruses And Malware was first published by Forbes.com on August 19, 2019