4 steps to prevent malware damaging your business

How to protect your business from malware

The biggest cyber security threat to businesses today is malware. This is how you can protect your business from it.

Standing for ‘malicious software’, it is a broad term for software that poses a threat to your cyber security. Viruses, which you’ll have heard of, are a type of malware, but there’s also worms, Trojan horses, ransomware, spyware and more.

Whatever it is, if malware gets into your network it’s not good news and can result in loss of data, money and reputation. Experiencing a cyber-attack or data breach can do irreparable damage to a business so it pays to make sure you’re doing all you can to be secure.

Rather than being a thing of the past, cyber-attacks are becoming more sophisticated, easily bypassing out of date defences. Reports vary on whether the number of ransomware attacks have increased recently, but the experts agree that the average cost of attacks to businesses has increased.

In this post we’ve covered 4 things you need to consider in your fight against malware.

  1. Use the best software

Cyber security software used to lean heavily on ‘anti-virus’. Anti-virus still makes an appearance but having a broader anti-malware approach is the priority.

The problem with an anti-virus approach is that it works by repelling pre-existing iterations of a particular threat. It’s signature based.

It’s a bit like a known bank robber walking up to a bank. The only defence mechanism the bank has is a security guard with a list of wanted bank robbers. In this case the robber has already been caught for robbing banks in the past, so they’re on the list and won’t be let in (stay with us…). This is how anti-virus works. It can protect local networks from threats that have already caused a problem somewhere else.

However, in this analogy, even if the robber showed up in a balaclava, holding a crowbar in one hand and a gun in the other, they could waltz straight in because they’re not on the list (ok we’re pushing it now).

But if the security guards were looking for suspicious behaviour, and had the skills to deal with it, they could stop the threat from going any further.

This is how anti-malware works; it looks at behaviour. And just as there are only so many ways to rob a bank, there are also only so many different types of cybercrime (approximately 28).


How software can detect ransomware

One of the most widely experienced forms of malware is ransomware. 37% of organisations surveyed were hit by a ransomware attack in 2021. Although this figure is actually lower than the year before, the costs of rectifying the impact of an attack have increased significantly to an average of $1.85 million.

A typical ransomware program, once on your system, will encrypt data on a computer and hold it ransom until you pay or find another way of getting them back. Different forms of ransomware will operate differently and such is the sophistication of some attacks these days that they will adapt to avoid detection.

If a previous attack was characterised by encrypting files really quickly, a subsequent attack may encrypt the data at a snail’s pace, attempting to go unnoticed until it’s too late.

The good news is the best anti-malware software such as the Sophos Intercept X will notice this happening based on behaviour it has seen in the past. It can also keep a cache of files and data to go back to if it detects a program running. The threat will be isolated, and the system can be rolled back to where it was before the attack.

  1. Think about access

Most computer viruses and malware work by attaching to a vulnerable unit and spreading from there to anything in proximity. Much like a human virus.

The most vulnerable points in a business are their endpoints. These are the points of a local network that touch the outside world. In many cases, this is an employee’s computer. You have less control of this and the person using it, so it is more vulnerable.

Most people in your organisation are connected to the same network so they all provide a way in for cyber-attacks. The key to making them less vulnerable is ensuring that they don’t have access to everything on the network.

In fact, we’d bet there’s probably a lot of data they don’t need access to. Giving employees different levels of access depending on their requirements is a great way of making your overall network more secure.

This isn’t necessarily going to stop malware from getting to one of your employee’s computers, but it could limit the spread of that attack, minimising the overall impact to your business.

It’s easy to set up different permissions for individual users on most software. You can also use VPNs and authentication as a way of maintaining security, even if staff aren’t in the office.

  1. Make sure your firewall is up to the task

Everyone knows what a firewall is and most home users will have one. At enterprise level the need is greater.

With businesses being a lucrative target for cyber criminals, an efficient and powerful defence system is needed. This is going to be more effective than the simple but adequate barrier provided by popular consumer software. It will usually take the form of hardware that could be bigger or smaller depending on the number of PC’s that need protecting.

Rather than just looking at what you can see on screen and taking things at face value, you need something that will stop you from accessing websites with malicious links or heading down a path which might look safe but which actually contains threats to your security.

An effective firewall should prevent anyone from remotely logging into your network without permission, accessing backdoor vulnerabilities in your system, launching successful denial of service attacks and more.

This is an absolute must for any business, but even with this there is still one vulnerability that’s a lot harder to secure. You.

  1. Training is your friend

Of course, we’re sure you’re a responsible and clued-up employee who would never click on a suspicious link. But that’s not going to be the case with everyone. Regular training is important to make sure employees are alert to the danger of cybercrime.

Most malware is distributed by email and the amount of email scams has increased since Covid. Email phishing attacks accounted for a whopping 90% of data breaches in 2021.

The reason for this relatively low-tech approach to cybercrime is that it involves a human.

Hacking a computer is hard and requires a significant number of resources (which some operations do have). It’s a lot easier to trick someone into clicking something they shouldn’t. And hackers are getting cleverer all the time.

Fake emails and texts can be made to look quite convincing and will often impersonate a trustworthy organisation such as the NHS, local government, Royal Mail, or something else.

Another common tactic is to pose as someone within your organisation. Hackers could obtain necessary info needed to impersonate someone’s boss and subsequently try and trick them. It happens with simple scams but it can also be used to initiate malware attacks.

Of course, one of the main things to do is look out for tell-tale signs. There will usually be some indication that something’s not quite right, whether it’s a dodgy email address, poor wording of the email or an unconvincing design. Even then, if this organisation or person is asking for money, it’s important to check to see whether it is a legitimate request. In most cases it won’t be.


Keep cyber security training up to date and make it fun

Good cyber security training goes beyond ‘be careful’, so it’s important to prioritise actually doing some with your staff. The other thing to note is that things change. Threats adapt and evolve and so it pays to make people aware of them.

That said, human behaviour will never change so the threat of phishing scams remains. There are ways you can keep your employees on their toes and remind them of the need to stay vigilant.

It’s possible to create internal email campaigns that get sent to employees pretending to be fake emails. If you click on the link, you’ll get taken to a page telling you what you’ve done and that you clearly need to do some training.

These can also be tailored to different teams, so the type of communication will fit the context of their role.

Stay vigilant and secure

Ultimately, if you do these four things then you’ve done a good job of securing your business from Malware. There’s no reason why you shouldn’t be able to run without interruption.

If an attack is attempted or malware gets into your network somehow, the damage can be minimised and the effect on your operations severely lessened.

We offer both the software and training needed to make sure your business is safe, so if this is something you need or you’re unsure you’ve got the best systems and processes in place, get in touch today.

Book A Free Cyber Security Review

— Free & No Obligation —

We’ll analyse the security of your existing IT network, your email domain, your website and, if applicable, your Microsoft 365 software to see how safe you currently are.

Request A Review Bottom

The HBP GroupWho Are We?

Our organisation consists of three businesses; HBP Systems Ltd. Kamarin Computers Ltd and Jugo Systems. HBP are based in Lincolnshire, Kamarin in Cambridgeshire and Jugo in Hampshire. Between us we cover the vast majority of the UK and work under The HBP Group name to provide a seamless service between our northern and southern offices.

About Us

We specialise in providing IT solutions and support to businesses to ensure they use technology effectively and efficiently and can focus on what they do best – running their business.

The HBP Group Structure showing HBP Systems, Kamarin Computers and Jugo Systems
Contact 0800 0433 106