Fighting cybercrime: How to avoid malware and other computer viruses
Small businesses are increasingly the target for cybercriminals. Here, one expert shares tips to ensure you stay protected
News articles are appearing every week reporting that consumers have been targeted by cybercriminals and have lost money or that a large organisation has been temporarily shut down.
However, in the background these criminals are often targeting small businesses as they present a lucrative income and are easier to attack than larger organisations with dedicated IT professionals.
The majority of small businesses and Growing Business readers will do their banking and accounts online so by hacking into one machine, criminals can gain access to salary details, other critical passwords and bank accounts which can then be used to access money or sell to the cyber-underground.
These are done through key loggers on computers and by hackers monitoring key strokes. Every time you use the keyboard, hackers are able to analyse your movements and even take screen shots to see where you are going.
This means that if malware is installed there is full visibility of your entire banking process. The recent Global Payments breach reported in late March 2012, affected numerous large and small businesses. It is estimated that approximately 1.5 Million account numbers were stolen by hackers.
One of the biggest online threats is the malicious software called malware which can access company networks to steal sensitive data. Malware is the next level of computer virus and moves faster than before. It is intelligent and can get round anti-virus software by constantly changing shape making it harder to be visible.
Recent research from Symantec has shown that cybercrime has doubled in small businesses and there are now over 403 million different versions of malware infecting computers. Many of these will have variations of the same attack that are auto-generated.
Small businesses have become easy targets for cybercriminals because the majority do not have IT departments and can’t afford the outlay of a high powered network defence system. These businesses therefore need to understand the risks and take such measures to make sure their company is protected from these criminals.
There are three simple steps you can do to make sure your business stays protected.
1. Educate your employees 2. Be strict as a company by limiting what employees have access to 3. Make sure you are using the right software
Educating employees about cybercrime
Employee education is critical and a lot of the time the most overlooked aspect. The most common cause of infection on company systems is the ignorance of the users who click on things they shouldn’t. Simply opening up pop-ups or bringing in a USB stick with personal files such as music, can be ridden with worms because their home PC is not fully protected and these worms will silently move through the office network. Pop-ups are sometimes authentic warnings or error messages but can also be a hacker posing as a legitimate site and by simply clicking on the link the computer can become infected.
Limiting user access control is a simple step one can take to minimise the chance of attack and there are a couple of ways of achieving this. First, there is the User Access Control that comes with Windows Vista and Windows 7. This basically stops executables that are requesting to do something with elevated privileges from running and asks for an administrator password.
Putting limits on access
Secondly, just limiting access in general; if your employee is using a computer for one task and one task only, and they don’t need access to the Internet, why risk that computer? Give as limited privileges as you think your employee needs to complete the job efficiently.
Sharing files or using peer-to-peer (P2P) type programmes should be blocked as this poses a substantial risk as you’ll never know exactly what is hidden in the files you are receiving. When putting a file in a folder that is shared on a P2P network, it will be shared with all other people connected to that folder and almost anyone can access it. The easiest way to limit this threat is by banning employees from using any file sharing services outside of your network.
Getting anti-malware software
The final step to take when protecting your business is to look at the technology you are using. When using security software, layering is essential. The majority of anti-virus products were designed 10-15 years ago and while still effective, they aren’t specifically designed to stop the latest breed of criminal software.
They were originally designed to run using signatures. However, this is now too slow and the latest malware is moving much faster. Anti-malware systems block malware on behaviour rather than what they look like, which makes it easier to catch newer Trojans. Using anti-malware software alongside your existing anti-virus will greatly enhance protection and reduce the chance of infection.
A good mail spam filter will help prevent scam emails which often use social engineering to trick users. These scam emails can manipulate people into divulging confidential information by posing as a bank or credit card company for verification of personal details. Using a spam filter will help to block these and other types of spam emails. There are both software and hardware options for mail spam filter and this can be installed by the user as either a separate programme or as part of their email programme. Anything that blocks spam before it gets to the employee is ideal.
It is also crucial to frequently backup data, both on-site and off-site. This can be done at the end of the day by backing up your Outlook emails to the server or onto another electronic device such as a USB. Ideally one should use remote locations like cloud servers wherever you can. Cloud servers are now relatively easy to buy online at affordable rates for small businesses so there should be no excuse to not invest.
Updating security software regularly is also imperative to ensure your business is protected against the latest emerging threats. Even unrelated software, such as web browsers, operating systems, Adobe etc need to be kept up to date to ensure there is no attack. Individual users must also remember to update their security software which appears in the tray at the bottom right hand side of the screen. It is easy to ignore these requests but by doing so you open yourself up to attack.
A small business owner has many demands on his/her time and if you are a technophobe, all of the above can seem daunting. However, if you want to stay ahead of the game then you need stay protected. If you can apply the simple steps of educating employees, controlling access in the workplace and using the right software then you will be doing your bit to fight cybercrime.
Marcin Kleczynski is the CEO of Malwarebytes, a provider of anti-malware solutions. www.malwarebytes.org