Protection from malware is about reducing the risk of infection to your organisation. While it is impossible to defend 100% against malicious software, the risks are hugely reduced when proper preparation and security tasks are performed. A cybercrime event can be extremely costly to your operation and its reputation.
The actions of malicious software can include:
Locking your devices and holding them hostage for a ransom (ransomware)
Stealing, deleting or encrypting your data
Gaining credentials and permissions within your network
Using chargeable services at your expense
Using your devices to attack another organisation
Ransomware is becoming an even greater problem due to automation, and there is no guarantee that the malicious actors will decrypt your files if you pay the ransom.
The National Crime Agency advises you not to pay the ransom. Your devices could remain infected, be the target of future attacks, and fund criminal activity.
How to protect your devices from malicious software
Conducting software updates is the first step to mitigating malware risks. Software suppliers regularly discover vulnerabilities in their products. To tackle this, manufacturers release software updates, known as patches. You should ensure your devices are set for automatic updates. You should also cease using operating systems or software that is no longer supported by the manufacturer.
The second step to malware resistance is to create a backup of vital files. These might include documents, spreadsheets, and photos that cannot be replaced. Off device storage of these files, such as on a separate hard drive or a USB stick, is a good solution, as long as the storage devices don’t remain connected to your computers. Another option is to use an online cloud-based service that is not located on your network.
The third step is to protect your devices by using anti-malware and antivirus software. These must remain turned on and be up to date. For Windows devices, for example, Windows Defender is built-in. Be sure to run a full scan regularly and only download apps from the official Windows, Google, and Apple stores.
How to protect your organisation’s network
On a network level, it is a fact that eventually, some attacks will get through. To minimise the risks, your defences should take a layered approach. These layers should:
Prevent malware from getting to your organisation’s devices
Prevent malware from executing its malicious code
Prepare a rapid incident response plan to cyber attacks
You should also consider working towards the Cyber Essentials certification scheme. When you do this, partners and customers can be assured that you have taken the necessary action to minimise the risks of malware and other attacks, such as phishing. OmniCyber Security’s Cyber Essentials guide gives you everything you need to make sure you’re fully informed going into the assessment.
Here we take a look at the three layers of protection in more detail:
Prevent malware from getting to your organisation’s devices – Actions include whitelisting files types that you expect to receive, regularly inspecting content, creating safe browsing lists, and blacklisting unofficial or dangerous websites. You should use signatures to block malicious code and put in place mail filtering, internet security gateways, and proxy interceptions from known malicious websites.
Prevent malware from executing its malicious code – You should install enterprise-grade anti-malware and antivirus software and conduct awareness training with your workforce. Ensure that you install security updates on all devices, configure your network’s firewall, and enable operating system and firmware automatic updates.
Prepare a rapid incident response plan to cyber attacks – Your organisation should prepare incident responders to act quickly, to prevent the possible spread of the malicious software. Devices with old apps and old operating systems should be segregated from the network if they cannot be replaced. Also, your security team should regularly review user permissions and privileges to minimise the number of system admins. It is also a valuable exercise to test your backup and restore processes.
Malware infection response steps
If malicious software infects a device, then you should take these six steps:
Turn off Wi-Fi and disconnect network cables
Replace disk drives and reinstall the operating system
Download/update the OS and other software from an uninfected network
Install, update, and run your antivirus software
Reconnect the device to your organisation’s network
Monitor network traffic and perform antivirus scans to determine if an infection remains
Our final piece of advice is not to attempt to decrypt your data using unknown tools from unknown security professionals. In most, but not all cases, it is impossible to decrypt data encrypted by ransomware.
Mitigating malware attacks is a complex process, and not all companies will have the internal resources to put adequate protections in place. Contact OmniCyber Security to start protecting your organisation from all forms of cyberattack, including malware.