SECURITY BREACH? CALL 888.234.5990 EXT 9999

The SMB Guide: THE ABCs OF MALWARE

Mastering Malware Defense: A Comprehensive SMB Guide

Viruses are not the only thing you need to worry about as every day, hackers invent new ways to wreak havoc for personal gain. From front-page attacks like ransomware to less obvious “grayware,” there are several types of malicious software programs and each one requires a unique defensive strategy.  According to the Verizon 2021 Data Breach Investigations Report,  last year, small organizations accounted for less than half the number of breaches that large organizations showed. This year these two are less far apart with 307 breaches in large and 263 breaches in small organizations.

5 tell-tale signs of malware infections

For decades, you have been trained to look for a virus when your computer performed more poorly than usual. But as new types of advanced malicious software are released, hackers have made it harder to notice when something is amiss. Here are some lesser-known signs your computer has been infected.

If you notice any of these signs, shut down your computer immediately and contact an IT professional about stopping the malware’s spread.

  • Your security software is mysteriously disabled.
  • Filenames have changed for no reason.
  • Unknown apps or browser toolbars have appeared.
  • An unrecognized webpage pops up when you open a new browser window.
  • Your email contacts are receiving strange messages from you.

Now, if you subscribe to a managed IT services, unlimited tech support is included in your service. But for businesses that still rely on the “call IT repairmen after something breaks” model, malware prevention is going to be especially important.

Tips for avoiding the most common malware attacks against small businesses.

Full disclosure, the majority of cyberattacks are made possible by users who circumvent security software and hardware. “Phishing” (sometimes called social engineering) is when hackers disguise themselves as a trustworthy source, such as a bank employee, and ask for private information, such as a credit card expiration date. So, the best way to avoid almost any type of malware is employee training. But beyond that, there are some more black-and-white solutions.

1. Trojans

WHAT ARE THEY?

Trojans are programs that seem benign to unsuspecting users but hide their true purpose.

HOW TO AVOID TROJANS

Since Trojans are disguised as seemingly harmless apps, a cautious mindset is your best form of defense. In other words, be careful when installing free software, even if it comes from a trusted source like the Google Play store. Forbidding employees from installing software that isn’t approved by your IT department is a good place to start.

2. Viruses

WHAT ARE THEY?

Viruses were some of the first malicious programs ever created. When a file is opened that is infected with a virus, that virus can spread itself to other files and computers.

HOW TO AVOID VIRUSES

Because viruses can’t hide behind the guise of a useful program, they are usually distributed as documents attached to emails. In addition to regularly reminding your employees to be wary of attachments, you should have a high-end spam filter and email-based antimalware software, ideally with monthly audits from an IT staff.

3. Worms

WHAT ARE THEY?

Worms are malware that spread themselves without the need for any human action. They are standalone programs that exploit network security holes and, unlike viruses, worms don’t need to be opened or installed to work.

HOW TO AVOID WORMS

Because they spread via deeply rooted hardware and software vulnerabilities, the most important thing to do is to install vendor-issued updates and patches for apps, operating systems, and firmware. In a horrific real-world example, Microsoft patched the vulnerability that made the WannaCry possible before the ransomware attack was released. The malware was so immensely successful only because so many people failed to update Windows.

4. Ransomware

WHAT ARE THEY?

Ransomware is set apart by its use of extortion and encryption. When a computer or server is infected, all its files are rendered unreadable until victims pay hackers a fee to return everything to normal.

HOW TO AVOID RANSOMWARE

Because it is based on unbreakable encryption, there is usually no recovering from a ransomware attack unless you have robust and secure backups stored somewhere safe from the spread of infection. Many off-the-shelf antimalware programs contain so-called ransomware protections, but struggle to recognize never-before-seen threats. Cloud-based backup services are inexpensive and ensure your data is always accessible regardless of the latest advancements in ransomware infections.

5. Grayware

WHAT ARE THEY?

Grayware programs do not actively alter, steal, or destroy information, but still manage to cause problems. This type of malware slows down your computer, reveals your private information, and floods your computer with ads.

HOW TO AVOID UNWANTED APPLICATIONS

These unwanted applications often come installed on new computers or bundled in free software packages. Take the time to periodically factory-reset company-issued devices. Windows 10 includes a user-friendly “Refresh” feature that wipes everything from a computer except its documents and critical applications. Anyone should be able to wipe a mobile device, but an IT provider can do it in a fraction of the time.

A formula for putting a dollar value on your security needs.

It is clear to most business owners that IT security services are non-negotiable. Budgeting how much to spend on those services is not always as clear. Cybersecurity is not something you want to skimp on, but we’ll be the first to tell you that you shouldn’t give an IT provider carte blanche. Thankfully, there is a simple formula to make sure the funds you set aside for prevention never exceed the costs of a breach.

Annual breach costs = Number of incidents per year * Potential Loss per incident

It’s a simple equation, but the variables vary greatly depending on the location and industry of your business. For example, Kaspersky Lab estimates that the average small-business data breach costs $117,000, but that number could be 10x higher if you are in the healthcare industry.

So even if you experience incidents only every other month — which we assure you is woefully optimistic — you could justify an annual cybersecurity budget of almost $700,000 (6 events x $117,000)!

Netrix provides managed IT services rather than break/fix contracts. We charge a flat monthly fee and take care of everything related to cybersecurity. Software vulnerabilities are patched before they cause a breach, your inboxes are kept free of malware, and your firewalls are top of the line — all for less money than the costs of potential data breaches.