Malware or malicious software applies to all software where the intention is to cause harm to the end user. Malware includes computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Malware plays a key role in assisting the fraudsters gain access to your personal and business information. It effectively opens up a “back door” to your laptop, PC or network and welcomes the fraudster into your business where they can harvest information without your knowledge of their presence.
Cybercrime is now the most common type of crime in Ireland after theft and it is estimated that 1 in 5 are victims. The key difference between theft and cybercrime is that you know when your house has been burgled but do you know when the information of your business has been compromised?
One terrifying fact is that Sophos Labs report seeing 250,000 new forms of malware code every day so it is critical that you know how to protect your business from infection.
How your business can become infected by malware?
- Opening attachments within phishing e-mails. These attachments carry malware. Once you click on the attachment, you will activate the virus on your laptop, PC or network if there are a number of computers connected. Whilst .exe files prove popular carriers of viruses, it was the .doc file which carried over 50% of malware in September 2014 according to Symantec’s intelligence report.
- Visiting compromised web sites. Whether it be shopping online or watching the latest films and TV shows; we all do it but caution is advised. Websites with a lot of advertising and pop- ups are breeding grounds for malware.
- Leaving software un-patched. Not applying the latest updates to your software leaves your business vulnerable and at risk of infection.
- Trojans can also masquerade as genuine software. The old adage; “if something is too good to be true”, comes to mind! So the next time you see an offer of a free accountancy software package, think again!
The Super Powers of Malware
- Divert you to a fake ‘look-a-like’ site controlled by the fraudster. Sophos Labs recently estimated that 30,000 new website infections are discovered per day.
- Insert bogus web pages. It may look like your bank website that you are on but is it really? Fraudsters use malware to hijack your genuine online banking session and insert bogus WebPages which ask you for security information which is not normally requested at login. Tip: Slow running screens are a key symptom of malware on your PC. If you experience this, logout immediately.
- Tamper with genuine web pages
- Spyware allows the fraudster to log key-strokes, video your web sessions and harvest confidential information remotely.
- Hold your information for ransom. Ransomware is on the increase. Once downloaded on your PC; all your business information becomes locked and a ransom for its release is issued by the fraudsters. The amount of the ransom can vary depending on the perceived value of the information.
How to Stay Safe Online
- Always keep your security credentials and passwords secure. Never write them down or share them and always change them on a regular basis. Use strong passwords with no obvious connection to you. The strongest passwords are those that contain a mixture of letters, numbers and characters, such as punctuation marks.
- If you allow remote working, remember that your business network can be accessed through the infected PC or device of a member of your staff. Ensure that the same security policies that are applied in the workplace are also applied at home.
- Regularly review user roles and privileges.
- Ensure you have a good IT infrastructure including anti-virus software and firewalls. Most importantly, ensure your software is routinely updated and run regular scans of your computer or network to check for the presence of Trojans.
- Be careful when using USB devices such as memory sticks as they may contain malicious software that can infect your computer and potentially bypass network firewalls. Never insert a USB device into your computer if you do not know where the USB has originated from.
- Be suspicious of unexpected emailed correspondence, even it claims to be from your bank. Never enter sensitive personal or business information, including security credentials, via a web link attached to an email.
- Be suspicious of all unsolicited or unexpected emails or telephone calls, even if they appear to originate from a trusted source. You should never provide your full security credentials over the phone. If asked for this information, end the call and contact your bank using a trusted telephone number from an alternative phone line.
- Exercise extra care when accessing public Wi-Fi. Refrain from carrying out business over public Wi-Fi. Fraudsters could be operating in the same space as you offering free Wi-Fi networks for you to connect to.