Malware is any software with a malicious intent. This encompasses such things as computer viruses, worms, trojans, ransomware, spyware, adware, and other malicious programs. Regardless of the type of malware we’re talking about, they all share the same intent.
Do. Bad. Things.
Today we’re going to talk about how to avoid a malware infection and what to do if you think you might be infected.
Welcome to the first of another new video series we’ve created called “learnIT.” In learnIT videos we discuss technical topics at length to keep you informed about the world of IT. Think of these videos like webinars you can watch or rewatch when it’s convenient for you!
So, how do people get infected with malware? There are a few common points of entry for malware and once they get onto your system or network, most of them will spread like wildfire. So, remember, if even one system gets infected, your entire company is at risk.
Malware Entry Point: Email
Email is the most common way malware is spread these days, using two different infection methods.
The first uses email attachments. Malware is often disguised as, or embedded in, normal, everyday files. So, people will receive an e-mail, open an attachment on it, thinking it is safe, and then boom, they’re infected.
The second uses phishing links. These are hyperlinks that appear inside your e-mail usually disguised to make it look like they would take you to a valid website but instead will redirect you to a malicious website and infect you there.
Malware Entry Point: Websites
Wait a minute, websites can infect you with malware? Oh yeah, they can. You see, whenever you visit a website, your computer or device downloads a copy of the files from that website, so it will display faster next time you visit it. This is called “caching”. While this is a normal and beneficial practice that keeps the internet speedy, it does mean you are downloading files from that server that could be infected with Malware.
Another way that websites transmit malware is through scripts. For many modern websites to function properly and perform some of the amazing things they can do, your web browser is constantly interfacing with the website server. Asking and answering questions back and forth to customize your experience with the website and display the right images and content to you. All of this happens very quickly behind the scenes, and it is possible that the website could contain a script that forces you to download unwanted malware.
And it’s not only malicious websites on the dark side of the web that spread malware. This can also happen to legitimate websites that sometimes get infected due to a security flaw in its design. A hacker could exploit a flaw and implant malicious code on the site without the owner even knowing it. Infected websites are often accompanied with pop up error messages, or rapid redirection to other malicious websites.
Malware Entry Point: Mobile Devices
And when it comes to downloading, malware doesn’t limit itself to just websites. In 2018 McAfee reported on over 28 million cases of mobile malware attacks. We’re talking about infected apps people download onto their mobile devices. So, no, not even your phone or tablet is safe from malware.
Malware Entry Point: Unsecured Network
Another entry point for malware is your network itself, if it’s not properly secured. Anyone infected with malware, could potentially spread that malware from their computer to yours if they are on your wired or wireless network and the proper security is not in place to protect you.
Malware Entry Point: Connected Devices
And just as your smartphone can be infected and potentially spread that infection to your computer, so too could any device you plug into your computer or network. Including things like data DVDs or USB flash drives. In this ever-growing world of the Internet of Things, it’s important to remember that all these devices we use to stay connected all run software, so they could potentially be targets for malware.
Best practices to protect yourself
There are some easy things you can do keep your systems safe.
1) Don’t open unknown attachments
If you receive an e-mail from someone you don’t know with an attachment, it’s best not to open it, even if you might be curious.
2) Verify attachments with the sender
Be cautious about opening attachments from people you DO know. Verify with them that they truly did send something that is safe to open before you do. There is a common practice among hackers called “spoofing” which allows them to send you an e-mail that LOOKS like it is from your friend, family member, coworker, or even your boss. And because we know malware is programmed to spread to as many people as possible, it’s also possible that the person you received the message from might be infected themselves. So, asking them to verify before you open the attachment could save you both from danger.
3) Be wary of the websites you visit and links you click on
Just like attachments, any links you get in e-mail or even some you see on social media should be verified before you click on them. But even some regular and normally safe websites can still pose a threat. Internet advertisements themselves can be hijacked and contain malware. So, sites that contain a lot of ads are less safe than ones with fewer ads.
4) Ensure your networks are secure
Your company network needs to be secured. Both the physical wired network and the wireless one. No one should be able to come into your office and get on any of your networks without a password. Even then, it is a good idea to set up a separate “guest network” that is not connected to your main network so that if that person’s computer is infected, it can’t spread to other computers on your network.
5) Use Firewalls and Content Filters
A good IT department or provider will use devices like firewalls and content filters to keep your network protected and help stop users from visiting the more dangerous parts of the internet which can lead to infection.
6) Don’t download Apps without verifying they are safe
You need to be vigilant about your own computer and devices as well. Don’t download untested or unverified apps without contacting your IT provider to make sure they’re safe.
7) Don’t load unknown media onto your computer
Be wary of using unknown Flash Drives or other media people bring into your office and ask you to load on your system. Many people enjoy the convenience of using USB flash drives to store files or presentations. But you have no way of knowing if that drive is also carrying an infection as well.
8) Keep your systems patched and updated
Some malware is written to exploit specific security flaws and software companies often release new updates and patches to fix these flaws. If your operating system and software applications are running the latest updates and patches, they are less likely to be able to be infected in the first place and less likely to be exploited should any infection occur.
9) Run updated Anti-Malware and Anti-Virus software
This software scans for malware and viruses both in real-time as files are coming into your computer and can be set to schedule full deep scans of your files at night or when it is convenient to add an extra layer of security. These types of software are constantly being updated with new definitions of what all the new malware and viruses look like and how to spot and stop them, so they’re a great way to protect yourself and your company’s data.
10) Back up your data regularly!
This might not prevent a malware infection, but it might be the only thing that can save you if an infection occurs. Sometimes an infection can be spotted and cleaned before too much damage is done, but sometimes, it can’t be. And it’s possible that the only way to get your system back up and running is to set up a fresh installation and restore your data from a recent backup. If that must happen, the life of your business might depend on how often and how accurate your backups are.
What do you do if you think you’re infected?
Accidents happen, and sometimes infections might occur even if you are being vigilant. So, if you think you might be infected with malware, maybe your web browser is locked on a screen with an error that won’t let you close it, you’re being overwhelmed with pop ups, or you openly see your mouse moving without you touching it. Well, you need to do two things right away.
1) Turn off the computer or device immediately
First, turn off the computer or device immediately. Also, unplug the network cable if it uses a wired connection.
2) Contact your IT Support
Walk the technician through what was clicked on or what symptoms you’re having in as much detail as possible for them to isolate the type of infection you might have and determine the best course of action.
Still Need Help?
We know implementing some of these changes to your network or finding the best protection software can be a little daunting. So, we just wanted to say, we’re here if you need us. ONE 2 ONE offers comprehensive protection tools as well as monitoring, patching and update services for PCs and Servers.
We even offer a mobile device management plan to keep your tablets and phones protected as well as an industry-leading data backup and disaster recovery solutions. Contact us for more information. We’d love to learn about you and your business and help to keep you safe.