A cursor with a life of its own, a new and unexpected toolbar, a redirected browser search, random popups, a series of calls from concerned colleagues who have been asked to send you money in Moscow…
If these sound familiar, your computer or network has probably been hacked. It’s not something you’d wish on your worst enemy, so why take the risk of inflicting it upon your own business?
The inventory of malicious programs - malware - in a hacker’s 24/7 armoury reads like the script of a Wes Craven movie - things you may never have heard of and certainly don’t want to wake up to: viruses, worms, Trojans, key loggers, rootkits, botnets, adware, spyware, ransomware, phishing, social engineering, malicious LSPs and BHOs…the list goes on.
What’s the fix, you ask? Of course…an anti-IT-nightmare software package!
Sadly, there’s no such product. Just as hackers can inflict a multi-pronged attack to a system, your business needs a multi-pronged defence.
• Anti Virus software. As the name suggests, these programs are used to detect, prevent, and remove viruses and malware from infected email, files and websites. AV software uses anything from lists of known malware ‘signatures’ to complex detection algorithms to determine whether a piece of code is legitimate or not. They come in varying degrees of sophistication, from simple virus detection to protection against a full, broad spectrum of attack vectors. Choose one that offers real-time monitoring. Recommended: AVG | Free, BitDefender
• Anti Spyware. Spyware is software that monitors a user’s internet browsing habits for the purposes of tailored advertising. This may sound harmless, but it is a security threat as it can also monitor key strokes, email addresses, and passwords; indeed, anything on the hard drive. It is typically downloaded unintentionally from free, or trial, software (‘freeware’). Information gleaned is then passed on to any number of third parties, expanding the scope of threat. As spyware cannot usually be removed by standard uninstall methods, you’ll need a fit for purpose anti spyware product. Recommended: Malwarebytes, Lavasoft Ad-Aware
• Firewall. This is a piece of software or hardware that prevents unauthorised access. Software programs protect individual computers against malware that has, for example, been picked up by employees from files used at home, or from a USB stick, or after using an unprotected public network. Hardware firewall devices protect the network itself. A combination of these provides a higher level of security and both types are straightforward to install. Recommended: ZoneAlarm, Comodo Firewall, Windows Firewall
• Password manager. Passwords are first prize for hackers as they provide the quickest access to a system. Most employees have multiple login accounts, all of which should have unique, strong passwords but, being fallible, people tend to use universal or obvious passwords that are easily hacked. A password manager affords an employee safe storage of all their passwords, PINs and telephone pass codes. Ensure that your Password Manager encrypts your data, and that it offers 2-factor authentication for added security. Recommended: This is what we do!
• Encryption. This is the final step in the defence plan, the place where the buck stops; even if the other barriers have been bypassed, data encryption leaves hackers scratching their heads. Encryption can be applied to anything from a USB stick, to emails, to a company’s full array of stored information. Recommended: DiskCryptor, VeraCrypt
You don’t need to be a physicist to know that nothing stays the same. Like physical walls on physical premises, security measures need ongoing maintenance if their effectiveness is not to degrade.
Software will need upgrading or patching from time to time, so keep abreast of any changes required. Do this by signing up for notifications from the product or service suppliers.
Choose automation over manual intervention. If possible, make sure that any updates are done automatically as this not only alleviates the effort involved in program maintenance, but makes the system less prone to attack.
There is no stand-alone solution for IT security, no one product that can perfectly detect all possible threats, no magic wand that can singlehandedly fulfil all the requirements to prevent a breach, but by building a comprehensive, layered defence with this five point plan, you can come as close as it gets to achieving peace of mind.