Protection against malware
Computers bring many benefits and most businesses could not function without them. Unfortunately, along with the convenience and opportunities that computers bring, they also brings opportunities for criminals to attack your business from within. 'Malware' is the general term used to describe malicious software intended to harm your computers, computer network and business.
What kinds of malware are there?
There are a variety of different kinds of malware, including:
- Trojan horses
What does malware do?
These could do one or more of the following malicious activities:
- (spyware) Quietly log your keypresses and other activity and pass the information to criminals, enabling them to discover your passwords and other security information, enabling them fraudulently access the accounts and services you use
- (ransomware) Encrypt the data on your computers, preventing you from using your data, then demand a ransom to decrypt it
- Surreptitiously use your computers to generate email marketing to people you know using your address book
- Use your computer along with many others to carry out a denial of service attack
- Sabotage your computers, preventing you from using them
- (spyware) Spy on your business, revealing your business secrets
- Use your computers to host illicit data, such as child pornography
- (adware) Display unwanted advertising
- Generating 'clicks' on web advertising, resulting in payments being made to fraudsters by the advertisers (this is known as 'click fraud')
- Create a 'back door' into your computers, allowing criminals to access them remotely without your knowledge
How does malware get into my computers?
There are a number of ways for your computers to become infected with malware.
- Emails that appear to come from legitimate organisations or people you know that contain links to malware downloads or attachments containing malware
- Emails sent from infected computers of people who have you in their email contacts
- From infected floppy disks or USB drives
- Seemingly-legitimate software that includes malware (see the Sony BMG copy protection rootkit scandal article on Wikipedia for a rather famous example)
- Seemingly-legitimate software, particularly free software, advertised for one purpose but with the hidden purpose of installing malware on your computer
- Phone calls from people pretending to be from legitimate companies such as Microsoft who tell you they can see a problem with your computer and that you should download some software to fix the problem
How can I prevent malware infecting my computers?
Prevention is always better than cure and while you can never completely guarantee to keep malware off your computers, there is plenty you can do to minimise the chances of it finding its way on to them, and make it easier to get them working again if the worst happens.
- Only install software from a known and official source.
- Do not install software that is not necessary for running your business.
- Do not allow employees to install their own software. If the software is necessary for the business, provide it from a proper source. If it is not necessary, it should not be installed on company computers.
- Check that the address an email is from makes sense for the person it purports to be from. Do not assume that because you recognise the name of the sender, the email really is from them – check the email address as well and check whether the message is the kind of thing you'd expect from the sender.
- Do not assume that because you trust the sender of an email, what they have sent you must be safe – their computer might have malware that they are unaware of, which might be responsible for sending the message.
- Do not click on links in emails that are, or seem to be, for amusement as many of these are sent by malware attempting to spread.
- Have a company data security policy and make sure your staff understand it and sign it. Don't just give them a copy to read; make sure they have properly understood it.
- Only download files and documents if you need them for a business purpose and understand what they are.
- Assume that everything is or has malware unless and until you know otherwise.
- Install anti-virus software and ensure its virus definitions are kept up to date.
- Never follow the instructions given by a caller claiming to be from Microsoft or Apple or any other well-known organisation unless you contacted them first asking them to call you with advice. Microsoft and Apple and other similar organisations never make unsolicited phone calls to users of their software offering to sort out problems.
What can I do if my computer is infected?
One of the simplest things you can do if you realise the link you've just clicked on or the email attachment you've just opened has resulted in malware being installed on your computer is to shut it down as soon as possible and then call us for help. While the computer is off, the malware cannot be doing any harm to it.
If malware has infected on one of your computers, it might have affected other computers on your network, so these should be scanned for malware too.
If you think your computer might be infected, perhaps because you opened an email you now realise you should have deleted, but then nothing bad happens immediately, don't assume that there is no malware. Not all malware has any obvious or immediate effect; some of it lies dormant for a while and some of it never openly reveals itself to you.
The importance of backups
Backing up your data won't stop malware getting into your computers but it will make sorting out the problem a lot easier. A bare metal backup should be taken daily so that if there is a problem you lose at most only one day's work.
Backups allow for data recovery in the event of:
- Data loss
- Malware infection
- Server theft
- Server damage by fire or other disaster
Backups should be on external storage media changed every day with only the connected media on site. The other media should be stored off site and brought to site only when needed. We suggest:
- For each primary server, 5 external hard drives labelled Monday to Friday (or 7 if you're open at weekends) with the appropriate drive being connected for each day and the others being removed from site.
- For each backup server (mirrors of primary servers), a single external hard drive permanently connected to the server.