How is malware dealt with once identified?
Anti-malware tools all work slightly differently, but when your anti-malware tool identifies something as potentially being malware, it will probably either remove it for you, or quarantine it. This is so you can check and decide whether you want to leave it quarantined, restore it (unlikely, but false positives do happen), or delete it.
When a file is quarantined, it is usually moved and renamed, so that it can’t be called by another program and executed. It might also be hidden or have its permissions reset, so it can’t be opened or executed. It could also be encrypted. In any case, it is extremely unlikely to run once quarantined, and can be regarded as ‘safe’.
However, if the malware successfully ran before it was detected, your operating system, applications and data may be corrupted or lost. In this case, it is best to ask for professional help to recover whatever you can.
How can I prevent malware infection?
The installation of anti-malware software in whatever combination, needs to be the right one for you and your business. This will go a long way towards protecting you from malware.
However, there is more that you could do to shore up your defences, whether this is by further hardening your environment (strengthening your technical defences), or by developing a strong security culture in your business.
Hardening your environment
Systems hardening is reducing the security risk, by reducing the ways in which you could be attacked.
There are a number of ways in which your system could be hardened; the ones you choose will depend on the scale and needs of your organisation. Options include:
- Keep your devices secured physically.
- Require strong authentication to gain access to your devices.
- Update software regularly, for all devices: operating system, browsers, applications, extensions and plugins.
- Delete programs or apps that you no longer need (and clean up any devices that are no longer in use too).
- Remove any unnecessary accounts and privileges.
- Prevent unauthorised devices from being plugged into desktops or laptops.
- Consider blocking unauthorised applications and code from running or even being downloaded.
- Consider the installation of a host-based intrusion protection system (HIPS) and/or a network-based intrusion protection system (NIPS). These are similar to the HIDS and NIDS discussed above, but these block the threats (P=prevention) as well as detecting them.
Strengthening your security culture
The purpose of strengthening the security culture of your organisation is to ensure that everyone understands the importance of security and the potential threats, and works to support the security of your business.
This will involve security awareness training for all employees (full-time, part-time, paid or unpaid) and the clear and continuing demonstration of the importance of security from top management. It may also require the creation or review of your security policies.
Most importantly, the awareness training should reinforce suitable user behaviour to help prevent malware attacks:
- Don’t open/download attachments from an unknown sender.
- Don’t insert unknown mobile storage devices, such as USB sticks that you might find lying about.
- Don’t click on suspicious links or popup ads.
- Make sure that macros are disabled in your Office applications.
- Don’t download pirated software or software from untrustworthy sites.
- Be wary of unusual domain names or domain name extensions.
- Take backups—this won’t prevent an attack but may help you recover from one.
Culture change is a slow process, and will take more than awareness training, but the human firewall—composed of your employees—is a vital component of your security defences.