The article “How to protect malware” is a must-read for everyone. Despite all their efforts, many businesses are making the news for ransomware attacks. I think it’s worth sharing this article with your colleagues, friends, families, etc.
The e-InnoSec team recently completed a 6-part series as a guide for organizations to leverage GDPR preparation for CCPA. The Malware/Ransomware 4-part series is focused on helping organizations protect themselves from Malware/Ransomware.
- Part I – How do I get malware?
- Part II – Different types of malware
- Part III – How can I tell if I have a malware infection?
- Part IV – How to protect against malware?
Malware, or “malicious software,” is an umbrella term that describes any malicious program, code or any piece of software that was written with the intent of damaging devices, stealing data, and generally causing a mess.
In Part-I (https://www.linkedin.com/posts/charupel_malwareransomware-how-do-i-get-infected-activity-6571844490900885504-brvh/) we answered, “How do I get malware?”
In Part II, https://www.linkedin.com/posts/charupel_malware-ransomware-different-types-activity-6574286835256741888-8aNE/ we discussed “Different types of Malware.”
In Part III, https://www.linkedin.com/posts/charupel_how-can-i-tell-if-i-have-a-malware-infection-activity-6576955571986067456-8-wk/ we discussed “Detecting or knowing if I have a malware infection?”
The Part IV details the various ways you can protect against malware.
Straight to the point, here are the few areas you need to start with:
- Get yourself a good anti-malware program. It should include layered protection (the ability to scan and detect malware such as adware and spyware while maintaining a proactive real-time defense that can block threats such as ransomware).
- Organizations can prevent malicious apps from threatening their networks by creating strong mobile security policies and by deploying a mobile security solution that can enforce those policies. This is vital in the business environment that exists today—with multiple operating systems at work under multiple roofs.
- The security program should also provide remediation to correct any system changes from the malware it cleans, so everything goes back to normal.
- So before you take a hit on your PC, mobile, or enterprise network, hit back first by downloading quality cybersecurity and antivirus programs, such as Malwarebytes for Windows, Malwarebytes for Mac, Malwarebytes for Android, Malwarebytes for Chromebook, Malwarebytes for iOS, portable Malwarebytes, or one of Malwarebytes’ business products.
Considering the tremendous cost associated with a malware attack, and the current rise of ransomware and banking trojans in particular, here are some tips on how to protect your business from malware.
- Implement network segmentation. Spreading your data onto smaller subnetworks reduces your attack surface—smaller targets are harder to hit.
- This can help contain a breach to only a few endpoints instead of your entire infrastructure.
- Enforce the principle of least privilege (PoLP). In short, give users the access level they need to do their jobs and nothing more. Again, this helps to contain damages from breaches or ransomware attacks.
- Backup all your data. This goes for all the endpoints on your network and network shares too.
- As long as your data is archived, you can always wipe an infected system and restore it from a backup.
- Educate end-users on how to spot malspam.
- Get proactive about endpoint protection.
- Careful where you browse.
- Avoid clicking on pop-up ads while browsing the Internet.
- Users should be wary of unsolicited emails and attachments from unknown senders.
- When handling attachments, your users should avoid executing executable files and avoid enabling macros on Office files.
When in doubt, reach out. Train end-users to inquire further if suspicious emails appear to be from a trusted source. One quick phone call or email goes a long way towards avoiding malware