Nov 21, 2018
Malware is one of the most common types of security attack, so it's vital that your organisation takes steps to protect its sensitive data. Today, I'm looking at six actionable ways your organisation can improve its malware defences.
What is Malware?
Malware is malicious software that is unintentionally installed by a user and designed to attack your systems, devices or data. Once installed on one device, it can quickly spread through an organisation’s network, compromising value data in the process. Thankfully, your organisation doesn't have to be powerless against the threat of malware.
1) Install Automated Anti-Malware Tools
Your organisation should start with the obvious (but very important) task of installing a comprehensive suite of automated anti-malware tools. This should include:
- Personal firewalls
- WAFs (Web Application Firewalls) and WAMs (Web Anti Malware)
These anti-malware tools should be installed across all workstations, servers and mobile devices to protect the whole of your organisation’s network.
2) Choose Cloud-Based Software
Your anti-malware software is only as good as its ability to communicate with every machine on the system. When new malware signatures are identified, this new information needs to be sent to every machine on the network, quickly and efficiently. The advantage of cloud-based software over locally-hosted software is that if one machine or server is compromised, it doesn’t impact upon your software’s ability to communicate with the rest of your system- allowing the new signature to be uploaded to the cloud, protecting the rest of your network from the threat.
3) Disable Auto-Run
Auto-run is malware’s enabler friend. Malware can enter through any number of points, like email attachments, web pages and removable media. You should configure all of your organisation’s laptops, workstations and servers so that they don’t auto-run content from removable media like thumb drives, USB hard drives or CDs. This will close off one potential entry point. Additionally, you should configure your systems so that they automatically perform an anti-malware scan of removable media when it’s inserted. This will protect against user actions, such as accidentally opening a compromised file.
4) Sandbox Email Attachments
Email sandboxing is a way of executing your email software and attachments in a contained environment, separate from your organisation’s IT infrastructure. This protects your organisation against malicious attachments and executables: the sandbox can be deleted, taking any malicious content with it.
5) Develop an Incident Response Process
Your organisation needs to improve communication between your IT and security teams by developing and implementing a defined incident response process. In the event of a security breach, IT need to supply your security team with examples of malware that has successfully bypassed their system, so that security can update and improve their anti-malware software.
6) Analyse the Efficacy of Your Malware Defences
With new threats and vulnerabilities being identified all the time, it is important that your organisation is continually testing and evaluating its malware defences. To analyse the efficacy of your malware defences, you need to measure the following:
- How long does it take the system to identify malicious software that is installed or executed on a computer system?
- How long does it take the system to send notifications to your security team that malicious code has been identified?
- Does the system have the ability to block installation, prevent execution, or quarantine malicious software?
- Does the system have the ability to identify where in the organisation the malicious software was identified?
- How long does it take the organisation to completely remove the malicious code after it has been identified?
When it comes to malware defences, you can’t just ‘set it and forget it’. New threats are being developed all the time, so you need to be continually improving your organisation’s security.