What Is Malware?
Malware is the collective term for a variety of malicious software programs including viruses, spyware, and ransomware. Malware, or malicious software, is made of code developed by cybercriminals that is designed to inflict damage on your company’s network and gain unauthorized access to your sensitive data. Malware is most commonly transmitted by links or files in email attachments. However, it can also be distributed via malicious websites, instant messaging platforms, and even USB sticks.
Malware manufacturers are becoming savvier in their attacks every day. Here are the most common types of malware you may encounter:
What are the types of Malware?
Virus: A virus is the most common type of malware. Viruses attach malicious code to otherwise unsuspecting safe code in an attempt to spread. Some viruses require a user or employee to activate them before they can begin their attack, while some viruses spread automatically. A virus can spread far and wide very quickly, damaging every device on your network. Viruses can corrupt files, lock users out of their devices, and cause network outages. Viruses are usually found within an .exe file, an executable file. To protect against viruses, never click on an .exe file unless you can verify the legitimacy of the source. Viruses are easily through instant messaging programs and social media, and no device is safe from attack. Install a well-rated antivirus program to protect your network and ensure users are properly trained to spot threats.
Worms: A worm is a type of malware that spreads copies of itself from computer to computer across your network without any user action. Worms don’t have to attach themselves to software programs to cause damage, which makes them especially insidious. This type of malware can quickly dismantle computer networks and cause damage. Worms can be transmitted in many ways. They can be spread through vulnerabilities in software or as attachments in emails or instant messages. When opened, these worms can modify or delete important files, inject additional malware into your computer and eat up space in your hard drive and on your bandwidth. Worms can also steal your sensitive information and data by installing a “backdoor” for hackers to access your network. Once hackers have access to your network they can access your system settings and wreak havoc. To prevent worms from infecting your business’s network, ensure all software is kept up to date and systems are properly patched. Avoid clicking on links from unknown sources or downloading unknown files. Finally, install a well-vetted antivirus program to defend and remove possible threats on your network.
Spyware: Spyware doesn’t just exist in James Bond films or multi-million dollar international corporations. In reality, it is a dangerous type of malware that targets businesses of all sizes. Spyware is a form of malware that infiltrates your devices to gather information about you. This can include things such as your geographical location, your banking information, your address, your browsing history, your passwords, and even your emails. Spyware hides in the background of your device and attaches itself to your operating system. Spyware can infect your computer in many different ways, even by your own consent. You could allow spyware to be installed on your computer by agreeing to the terms of service of a seemingly safe program without first reading the fine print. As the old Russian proverb says, “Trust, but verify.” No business is immune from spyware because every business in the world traffics in some form of sensitive information. Spyware creators infect as many devices as possible to ensure a good ROI. Mobile spyware has also become an issue in recent decades. This can be easily transmitted through public Wi-Fi networks, unpatched operating system flaws, or malicious applications downloaded from unauthorized app stores. If you suspect your business devices have been compromised by spyware contact your IT provider immediately.
Trojans: Trojan Horse malware gets its name from the famous Greek story of the Trojan War. Greek soldiers hid inside a giant wooden horse and entered the walls of the city of Troy, finally allowing them to take the city and win the war. Trojan malware hides within seemingly legitimate software or disguises itself to look the part. After breaching your device, it creates a backdoor similar to other forms of malware and gives hackers easy access to your computer and its important files. Trojan horses can delete your data, block your access, modify information on your operating systems, and generally disrupt all normal business operations on your network. Unlike other forms of malware, Trojan horses can’t replicate themselves. Protect your network from Trojan malware by being smarter than the average ancient Greek – patch your systems, install antivirus software, and avoid downloading files from unknown sources.
All employees should know how to identify malware and what to do if their device or network has been infected. If you or your employees discover malware on any device, shut down the device and contact your IT provider immediately.
How to Prevent Malware
Preventing malware is critical as a single security incident can cost your business tens of thousands of dollars in costs and lost reputation. Here are some easy and practical tips that can help reduce the risk that you suffer a cyberattack.
Keep Software Updated
A massive number of cyberattacks occur every year simply because companies fail to update critical software that they use. Microsoft has a monthly “patch Tuesday” in which they release a full set of fixes for vulnerabilities and exploits that have been discovered. In fact, when WannaCry ransomware occurred in 2017, Microsoft had already released a patch a few weeks prior fixing the exploit. Unfortunately, thousands of companies hadn’t recently patched their computers and were left vulnerable. Regularly patching and updating your IT systems is critical to staying protected.
Use Two Factor Authentication
Two factor authentication requires a second token to verify that an authorized user is logging into a service. Most SaaS platforms can be configured to send you a text or alert through google authenticator before your login is authenticated. Ensure that you use two-factor authentication on all online services possible. Email, banking, payroll and other sensitive information should be protected with 2FA.
Use Endpoint Detection
Ensure that each endpoint (an endpoint is a laptop, desktop, or server) has endpoint threat detection installed with continuous monitoring. Users can easily accidentally download malware onto their computers
Use a Firewall
Firewalls are a critical line of defense to prevent unauthorized access to your network. A firewall serves as the gateway for all incoming and outgoing traffic. Many next generation firewalls automatically block high-risk incoming and outgoing traffic. Using and regularly updating a firewall is a critical component of both cybersecurity and cybersecurity regulatory compliance.
If you need cybersecurity support Iron Range Cyber can help. We offer a variety of cybersecurity services including program development, pen-testing, cybersecurity compliance, and more. Contact us today.
Provide Security Awareness Training
Security Awareness training for all users is absolutely critical to reduce the risk of serious security incidents and breaches. Some studies have found a dramatic decrease in risk from even an hour per employee of security training. Security awareness training is also an extremely common component of many compliance requirements.