You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today.

Preventing infection, without a hand sanitiser in sight

With COVID-19 spreading across the globe, and supermarkets sold out of every hand-cleansing product we can get our mitts on, we’re going to buck the trend this week and talk about preventing a different kind of virus. Malicious software – or ‘malware’ for short – is the term applied to any kind of code or content that can infiltrate and infect your company’s IT systems - with annoying, problematic, or downright disastrous consequences. And it can attack quicker than you can say ‘self-isolate’..

Undermining systems and services

We’ve all experienced those times when our own devices slow down or start behaving abnormally. This is often caused by some sort of malware – which could have smuggled its way in during any exchange of digital information, from email to web browsing to inserting a less-than-squeaky-clean USB stick. Sorting the situation is time-consuming at best; at worst malware can cause substantial material harm, completely undermining your business systems and services.

So whilst we all get preoccupied with hand-washing and self-isolating, what you should also be worrying about right now is putting up your digital defences against an arguably greater risk to your day-to-day business than mere coronavirus: that of losing sensitive data, performance or reputation to ever-lurking malware.

How does malware worm its way in?

There are various ways malware can cat-burgle its way into your systems. The obvious route is via email, contained in a malicious file attachment, or accessed via an embedded link. Malware emails might be targeted at individuals such as finance personnel, or might circulate around your whole company: they can certainly be sophisticated and convincing in their nature.

Malware could also access your systems via employees’ innocent web browsing, social media systems importing content, or the connecting of removable devices – it only takes one person to charge their mobile via a USB port for malware to seize its chance.

No need to stockpile loo roll. But how can you manage the risk most effectively?

The good news is, there is plenty you can do to build your defences against malware. The UK’s National Cyber Security Centre advises the following:

  • 1. Put policies in place (and follow them).Make sure rules, expectations and protocol are laid out in black and white, and are subscribed to by everyone, from the intern to the Board.

  • 2. Scan all traffic going in or out. This should be done at the perimeter, to pick up on anything untoward before it’s infiltrated your system.

  • 3. Block suspicious websites. If you’re already wise to some dodgy websites, make sure your perimeter gateway has the facility to blacklist them.

  • 4. Use separate computers to scan removable media. Standalone workstations can be equipped with anti-virus software to scan any personal devices before they are let anywhere near your main system.

  • 5. Install antivirus protection at every level. Malware can attack at any system level or function, so it’s vital you cover everything, in a multiple layer approach. Deploy antivirus solutions on each user’s devices (including smartphones), but also on your perimeter, and at any external gateways such as your web browser. It’s sensible to use several different anti-virus products to increase your detection capabilities.

  • 6. Install a firewall, and configure it to deny traffic by default, until proven safe.

  • 7. Disable autorun to avoid malware being waived through automatically, and disable certain browser plug ins or scripting languages if possible.

  • 8. Keep everything up to date. Ensure all your systems and components are well-configured to your secure baseline build, and keep them up to date. Make sure your antivirus products are also constantly updated to keep them at their most effective.

  • 9. Make sure your employees know the score. User education and awareness is key – getting people to think before they click, and to avoid connecting personal devices or unapproved media; training them to be vigilant in spotting irregularities, and ensuring they know how to report them.

Following these steps and applying a good dollop of common sense and risk awareness should bring you an effective degree of protection from malware. Combine them with the other steps to cyber security we’ve been blogging about, and you’ll be up there amongst the more cyber-savvy. Just make sure you anti-bac your keyboard and wash your hands when you’re done 

Back To Blog Page