In this blog post we will focus on what malware is, and what your organization can do to avoid being hit by it.
A piece of malware can cost organizations over $100 million
Malware came into focus in 2017 when over 200,000 systems were infected with the effective ransomware WannaCry. It is estimated that the attack cost the infected systems over $100 million and shut down several large organizations’ IT systems. This attack became an example of how malware develops and how important it is that we stay up to date on current threats in IT security.
In one of our previous blogposts, we focused on the biggest current threat in IT security: Phishing. Here, we will focus on one of the potential consequences of phishing: Malware. The term ‘malware’ describes a broad range of malicious types of software. A few examples are ransomware, adware, and spyware.
Malware has become easily accessible
It is no longer only the most devious hackers who have access to malware. Nowadays, petty criminals also have access with the help of programs like Cerber. Cerber is an example of a program called “Ransomware as a Service” (RaaS) that makes it easy for anyone to launch ransomware attacks. RaaS has steadily increased the amount of ransomware, making it important for your employees to be aware of the few that may bypass your antivirus programs.
Smartphones can also get hit
It is not only computers that are at risk, but so are smartphones. The amount of malware on Google Play doubled in 2017 and is only increasing. It is just as important to be careful about the apps you download on your phone. Generally, Macs and iPhones have been less vulnerable to malware. However, there is a steady increase in attempts to infect these systems.
Rules of thumb for avoiding malware
There is nothing to suggest that malware will become less of a problem as time goes on. So how can we protect ourselves against it? Here are five rules for your employees to keep in mind to avoid malware:
Use antivirus software on all IT equipment that allows for it.
Never download or open files from people you do not know or trust.
Never load CDs or USB keys from which you can’t identify the source.
Keep all your systems and applications updated on smartphones, computers, and other IT equipment.
Be careful not to click on pop-ups, advertisements, promotions, competitions, etc.
Keeping those in mind can help avoid the vast majority of malware. But as we saw with WannaCry, the threat is constantly evolving. Therefore, we need to continuously update all parts of our IT security systems. Secure IT obviously involves mastering the technical aspects of IT security, but employee knowledge is just as important. It only takes one employee to fall into the trap for the organization to be at risk.
See here for more information about our awareness training.