Mitigating malware is about reducing the risk of infection by malware. Your organisation can take pre-emptive steps and prevent cybercrime. While it is impossible to defend 100% against malicious software, the risks are hugely reduced, when proper preparation and security tasks are performed.
A cybercrime event can be extremely costly to your operation and its reputation. The actions of malicious software can include:
- Locking your device and holding them hostage for a ransom (ransomware)
- Stealing, deleting or encrypting your data
- Gaining credentials and permissions within your network
- Using chargeable services at your expense
- Mining cryptocurrency
- Using your devices to attack another organisation
Ransomware is becoming an even greater problem due to automation, and there is no guarantee that your files will be decrypted if you pay the ransom. Called wiper malware, these attacks can target both small and large organisations.
The National Crime Agency advises you not to pay the ransom. Your devices could remain infected, be the target of future attacks, and fund criminal activity.
How to protect your devices from malicious software
Conducting software updates is the first step to mitigating malware risks. Regularly, new vulnerabilities become known. To tackle this, manufacturers release software updates, known as patches. You should ensure your devices are set for automatic updates. You should also cease using operating systems or software that is no longer supported by the manufacturer.
The second step to malware resistance is to create a backup of vital files. These might include documents, spreadsheets, and photos that cannot be replaced. Off device storage of these files, such as on a separate hard drive or a USB stick, is a good solution, as long as the storage devices don’t remain connected to your computers. Another option is to use an online cloud-based service that is not located on your network.
The third step is to protect your devices by using anti-malware and antivirus software. These must remain turned on and be up to date. For Windows devices, for example, Windows Defender is built-in. Be sure to run a full scan regularly and only download apps from the official Windows, Google, and Apple stores.
How to protect your organisation’s network
On a network level, it is a fact that eventually, some attacks will get through. To minimise the risks, your defences should take a layered-approach. These layers should:
- Prevent malware from getting to your organisation’s devices
- Prevent malware from executing its malicious code
- Prepare a rapid incident response plan to cyber attacks
You should also consider working towards the Cyber Essentials certification scheme. When you do this, partners and customers can be assured that you have taken the necessary action to minimise the risks of malware and other attacks, such as phishing.
Here we take a look at the three layers of protection in more detail:
Prevent malware from getting to your organisation’s devices – Actions include whitelisting files types that you expect to receive, regularly inspecting content, creating safe browsing lists, and blacklisting unofficial or dangerous websites. You should use signatures to block malicious code and put in place mail filtering, internet security gateways, and proxy interceptions from known malicious websites.
Prevent malware from executing its malicious code – You should install enterprise-grade anti-malware and antivirus software and conduct awareness training with your workforce. Ensure that you install security updates on all devices, configure your network’s firewall, and enable operating system and firmware automatic updates.
Prepare a rapid incident response plan to cyber attacks – Your organisation should prepare incident responders to act quickly, to prevent the possible spread of the malicious software. Devices with old apps and old operating systems should be segregated from the network if they cannot be replaced. Also, your security team should regularly review user permissions and privileges to minimise the number of system admins. It is also a valuable exercise to test your backup and restore processes.
Malware infection response steps
If a device becomes infected by malicious software, then you should take these six steps:
- Turn off Wi-Fi and disconnect network cables
- Replace disk drives and reinstall the operating system
- Download/update the OS and other software from an uninfected network
- Install, update, and run your antivirus software
- Reconnect the device to your organisation’s network
- Monitor network traffic and perform antivirus scans to determine if an infection remains
Our final piece of advice is not to attempt to decrypt your data using unknown tools from unknown security professionals. In most, but not all cases, it is impossible to decrypt data encrypted by ransomware.
Mitigating malware attacks is a complex process, and not all companies will have the internal resources to put adequate protections in place. Omni Cyber Security is ready to help organisations of all sizes put in place robust anti-malware processes.