Whether you run an airline, a clothing boutique, or a neighborhood café, your data is not just the lifeblood of your business. Your data is your business. Chances are you collect data from a variety of sources every day, including point-of-sale (POS) systems like the one pictured below if you are a retailer. However, hackers and other malicious actors lurk across cyberspace, lying in wait to steal your business’s most valuable information. They utilize several distinct types of malware, from adware to spyware, trojans, and viruses, to infiltrate and damage your company’s digital infrastructure¹. If your data falls into malicious hands, the consequences can be dire. Consider that the average data breach worldwide costs $4.45 million, according to IBM². Now, you may be asking yourself, “How can I protect my business from malware?”
(Image courtesy of https://fitsmallbusiness.com/convenience-store-pos-system/)
Fortunately, we at navitend are here to help. In this article, our mascot Shermie explores helpful best practices you can follow to prevent harmful malware from infiltrating your business’s computer systems.
Shermie: Hello, everyone, my name is Shermie. I am the mascot and Predictably Awesome IT Ambassador for navitend. Today, we will learn more about malware and best practices you can follow to prevent it from wreaking havoc on your organization.
Coach: All right, team, it is time for our pregame huddle!
Player #1: What is the plan, coach?
Coach: All right, everyone, remember that the Spiders have the best three-point average in their division. If our defense is not strong enough, they can capitalize and win this game in a runaway. We made it to the Big Dance, but if we lose, we will not advance to the next round.
Player #2: Good talk, sir.
Coach: OK. All right – “Shields” on three. Ready?
Coach and Players: One, two, three, Shields!
Coach: Who are you?
Shermie: My name is Shermie, and I am here at Madison Square Garden for the first-round game between the Northeast Cybersecurity University Shields and the Malware State College Spiders.
Coach: OK. Tipoff is in five minutes.
Shermie: Well, I finally made it to my seat. This is going to be a great game. Go, Shields, go!
Announcer: Welcome to Madison Square Garden for Round 1 of March Madness 2024. Tonight, the Northeast Cybersecurity University Shields and Malware State College Spiders face off in their first-ever appearance in the Big Dance.
Shermie: Go Shields!
Player #3 (on bench): What is this? “Dear Chris, this is your coach, Maxwell J. Security. Congratulations on scoring more three-point baskets than anyone else on the team. Click the link and you will find a $1000 gift card. Sincerely, Coach Security.” Wow, that is awesome. I guess I will have to click it and claim my prize.
Shermie: Holy malware! An email with a link to a $1000 gift card? Do these basketball players not know the havoc that viruses and other malicious programs can wreak on their team? This looks like a job for the one, the only, the predictably awesome Sherminator!
Chris: Who are you?
Shermie: I am the Sherminator, and I am here to tell you about best practices you can follow to prevent harmful malware attacks!
Chris: You look like a sheep in a superhero outfit.
Shermie: Yes, I am a sheep, but I have come to tell you and your teammates about the best practices you can follow to keep malware attacks at bay.
Chris: I just received an email claiming to be from Coach Security, with a link to a $1000 gift card as a reward for scoring the most three-point baskets of anyone on the team.
Shermie: I see, but this is a trap. Do you and your teammates regularly receive cybersecurity training?
Chris: Yes. It is even in our school’s name – Northeast Cybersecurity University.
Shermie: I understand, but all businesses – including colleges and universities – must train employees, students, and other key users on whom and what they should and should not trust³. Everyone in the organization must learn not to fall for phishing emails – like the one you just received – or other malicious schemes. Additionally, you must install multi-factor authentication (MFA) to safeguard your applications, data, devices, and networks from malware attacks³.
Chris: Well said. Are there any other best practices we should follow to prevent malware attacks?
Shermie: You must also follow the university’s policies and best practices for application, device, and network security. For example, you should create unique passwords with at least 16 characters³. Meanwhile, you must also use a password manager, so you can more easily keep track of passwords and prevent them from falling into malicious hands³.
Chris: Well, my teammates and I started using a password manager last year.
Shermie: Good. Do you know which type of malware is the most dangerous?
Player #4: Let me guess – ransomware?
Shermie: You are correct. Ransomware is the most dangerous type of malware to any organization, including yours¹. If you fall victim to a ransomware attack, your files will be encrypted, and your computer system locked until you pay the ransom to regain access thereto¹.
Player #4: That sounds scary.
Shermie: Yes, but the scarier part is that ransomware can be transmitted through email attachments, malicious websites, social engineering attacks, and vulnerabilities in the software you use every day¹.
Chris: You made a great point. I took a course in ransomware prevention last semester, and I finished with a 98 average.
Shermie: That is outstanding, Chris. However, I have another question for you. Do you know how important backup processes are for ensuring your team’s statistics and other critical data do not fall into the wrong hands?
Chris: Yes. This morning, Coach Security told us that with network-based ransomware worms and other cyber threats intensifying every day, data protection solutions are more important than ever before³. We update our desktops, laptops, and phones every time updates become available, so we can remediate any issues and recover from them more quickly when they do occur³.
Shermie: Excellent. Meanwhile, you must also have multiple security layers in place to defend the university’s digital infrastructure from harmful malware attacks³.
Chris and Player #4: Tell us more.
Shermie: Just as wearing multiple layers of clothing keeps you warm on a chilly March evening, installing multiple security layers better protects your applications, data, devices, and networks from malware³. For example, you must have AMP for Endpoints, an intrusion prevention system (or IPS, for short), next-generation firewalls, and other endpoint monitoring tools in place to protect the university’s digital infrastructure³.
Chris: We already have next-generation Sophos firewalls and AMP for Endpoints, and our university president told us that she plans to have an IPS installed campuswide before the Fall 2024 semester. Are there are any other best practices we should follow to prevent malware attacks?
Shermie: Yes. You must know that ransomware infections are primarily spread through malicious downloads or email attachments³. Therefore, you should use a university-sanctioned file sharing program like MS SharePoint, as well as the layered security approach I already mentioned, to diligently block malicious attachments, emails, and websites³.
Chris: Thank you, Mr. Sherminator. Coach Security told us that the entire basketball team has used SharePoint since the fall 2018 semester.
Shermie: Good for you. Anyway, are you familiar with zero-trust security?
Player #4: Yes. Back in January, our university president told us that we will have a campuswide zero-trust security framework starting next fall.
Shermie: Excellent. A zero-trust security approach secures access not just from you, but from APIs, containers, end-user devices, IoT (Internet of Things) appliances, microservices, and more³. Since you must verify their trustworthiness before accessing them, zero-trust security keeps your applications, data, devices, and networks secure, and prevents malware from infiltrating the university’s digital infrastructure³.
Player #4: Thank you so much, Mr. Sherminator! You were a tremendous help tonight.
Shermie: You are most certainly welcome.
Coach Security: Chris? Alan? The Spiders are a point ahead of us, so go out there and show them what you are made of!
Chris and Alan: Yes, sir.
Announcer: MFA has reached the three-point line – he shoots toward the Spiders’ basket, and it is nothing but net! What an incredible three-point shot from M.F. Armstrong! The Shields now lead the Spiders 40-37.
Shermie: Well, it is time for this digital-savvy sheep to enjoy the rest of the game. I paid good money for my seat, you know. Just remember the best practices I mentioned, and you can enjoy predictably awesome digital experiences while keeping malware at bay every day. Now, go, Shields, go!
Navitend can help you. Call 973.448.0070 or setup an appointment today.
Sources:
¹CompTIA. “7 Most Common Types of Malware” by Amanda Scheldt. Retrieved from https://www.comptia.org/blog/7-most-common-types-of-malware.
²IBM Security. “Cost of a Data Breach Report 2023.” Retrieved from https://www.ibm.com/downloads/cas/E3G5JMBP.
³Cisco. “How to Prevent Malware Attacks.” Retrieved from https://www.cisco.com/c/en/us/products/security/malware-protection-best-practices-detection-prevention.html.
Contact us at 973.448.0070