The many faces of malicious software

32% of businesses admitted to having been a target of a cyber attack in 2019*. With the average annual cost of an incident being over £4,000*, education and preventative measures at work to protect personal data and critical infrastructure are vitally important.  

Malware was the third most common form of attack identified last year. The scam can come in many forms. What steps can you and your business take to avoid being a victim?

What is Malware? 

Short for ‘malicious software’, malware seeks to infect your devices or your network to gain access to vital files, funds and personal data. The software can be delivered by email attachments, websites or corrupted files stored on external devices like an external hard drive, phone or USB stick. Three common ‘guises’ of malware include: 

  • Spyware – this tracks all of your keystrokes, or watches and listens to you via your device’s camera and microphone. It enables the cyber criminal to access personal information that you’ve inputted on your computer – like banking credentials or secure company passwords. 
  • Viruses or worms – these infect your device by using a ‘legitimate’ programme and spread by copying themselves across programmes, files and drives. They also have the ability to spread onto portable storage devices, like USB sticks. 
  • Ransomware –this allows the hacker to encrypt files on your machine, rendering the device unusable. Hackers use this technique in an attempt to secure bribery payment. Once a machine is infected and encrypted, the hacker will demand payment – usually in a cryptocurrency which is difficult to trace – in exchange for the decryption key. 
How can you stay protected?

There are some important actions you can take to avoid malware infections on your devices:

  • Avoid unknown websites and programmes - A device can catch malware from an infected or malicious website/app/programme. Only use sites you know you can trust and close down websites which issue lots of pop-ups. Consider limiting web access on your network’s devices and only whitelist programmes and apps for download once they’ve been approved.
  • Install software updates – Make sure your infrastructure is always running the most recent software updates (including app updates on smartphones and tablets). Install these when prompted, as they often contain important security fixes to protect you.
  • Install security software - security software (also known as anti-virus software) plays a big role in protecting against malware infections. 
  • Use Firewalls - Firewalls act to restrict access to all resources by default, unless required to support known business activity. 
  • Limit application access - Access to business applications and systems should be carefully managed to ensure access is only granted where there is a business requirement. Good practice advises applying the rule of ‘least privilege’. This is where access is restricted, where possible, to only what is required to support someone’ss role.

If you believe your device or machine has been infected, it’s important that you contact your IT team/contact immediately and disconnect your computer from the company network and the internet. 

Are you running Windows 7? 

As of 14 January 2020, Microsoft withdrew support for their Windows 7 Operating System (OS). This means that machines still using the OS will no longer receive important security updates, potentially leaving them more vulnerable to cyber attacks like Malware. 

You can find out more information and the support available on Microsoft’s dedicated Windows 7 transition page here.

For more information

To find out more about the forms of malware and the preventative measures you can take, head to the National Cyber Security Centre

STAY ALERT TO CORONAVIRUS SCAMS: Be aware that hackers are starting to use the Coronavirus outbreak for Phishing scams. There have already been examples of malicious emails that appear to be providing updates and information relating to the Virus. Be vigilant and take precaution before clicking any links from emails that appear to be suspicious. Read our tips for spotting Phishing emails here.

*Figures sourced from Cyber Security Breaches Survey 2019 


Post a comment

Please Log in to post a comment.

Log in to save this page to your favourites.