Find out more about how malware software has changed and evolved in recent decades or read on to find out what businesses should be looking to do in the here and now to best protect themselves. We’ll also be sharing insights from ESET experts on the future malware challenges later this week.
As a business, it is essential to be one step ahead of potential cyber threats to ensure the safety of both yourself and your employees. The use of malware to hack or infiltrate businesses is constantly evolving and this Antimalware Day is an opportunity to consider how your business can stay up to date with the ever changing internet security landscape.
Unlike singular victims of malware attacks, businesses can face far wider reaching financial and security related consequences. From employee’s personal details to payroll access, there is a heightened risk of financial and personal loss for businesses. Here we have compiled our top anti-malware tips for businesses, and what you and your employees should be looking out for in order to avoid attack.
1 – Invest in the right software and employee training
In order to stay one step ahead of the scammers, a companywide email monitoring system that picks up malicious spam is a vital part of a solid cyber security policy. In addition, if an email does slip through, the ability to report it as suspicious to the relevant IT department is vital.
As part of this, it’s important to train employees on what to look for and what not to open. While this may sound simple, is critical in the first line of defence against cyber-attacks. After all, if the email is never opened, the malware cannot be activated. Regular training and spam ‘test’ emails serves to highlight which areas of company security need to be addressed.
Businesses can also make use of ESET Cybersecurity Awareness Training which offers free online training courses and teaches employees cybersecurity best practices in under two hours. Available for businesses of any size, the training is interactive and makes learning effective and fun, while also delivering information on a range of key topics.
2 – Spot the suspicious email
Training your employees to recognise suspicious emails may be important, but where to start with such a complicated topic? And with phishing attempts aimed at companies becoming increasingly sophisticated, it’s crucial that employees across every level of responsibility are briefed on what to flag as suspicious in case something does creep through. It only takes one malware laden link to bring down the whole ship, so make sure your employees are aware of some examples of common phishing techniques aimed at businesses. These can include:
- Emails appearing as if they have been sent from corporate executives inside the company, asking for a request (often financial) from another department who they will have likely never met and therefore believe to be legitimate
- Email invitations to edit Google Docs which, when opened, redirect the recipient to a third party website where the user’s Gmail credentials are then stolen
- Emails purporting to be from an online store with ‘deals’ relevant to the company sector and, if purchased, allow the company’s banking details to be stolen
- Emails containing a shipping tracking number or receipt, with malware hidden in the link
It’s really important to give your employees real-life examples and challenge them to find the suspicious details. Why not start with the below email - what suspicious clues can you find that the email might not actually come from FedEx?
Click anywhere above for a summary of how to spot the scam. How many did you get right?
3 – The dangers of BYOD
A common weakness that leaves businesses vulnerable to malware attacks is the lack of consistent security across employees’ personal devices, and the tendency for employees to bring their own devices for work use. This is especially relevant to mobile phones. As employees use their personal devices to access company emails and data, the chances of falling victim to a scam email are much higher, and the potential consequences disastrous. Mobile phones are largely unprotected in comparison to computers, and scammers are taking full advantage of this.
It’s important to implement robust policies around BYOD which are regularly enforced by businesses to ensure your company is aware of the devices that are being used on your organisation’s network. Ensuring that employees use strong and proper passwords as well as two-factor authentication is another step in ensuring the safety of your networks from hackers.
Above all, it is important to take a proactive approach to the cyber security of your business, rather than waiting for the attack to happen and dealing with the aftermath. The effects of malware and hacking on businesses can be crippling, so ensuring a consistent and comprehensive companywide security policy is vital to the success of your business in a consistently evolving digital landscape. And Antimalware Day is the perfect opportunity to get up to speed.
Want to learn more about how to protect your business from malware? Find out more about ESET’s recommended solutions here.