For many small businesses, keeping the IT infrastructure virus- and malware-free can be a daunting task. Hacking attacks, security breaches and data theft are keeping security on the SMB radar. So what do they need to know about IT security?
Organisations make the error of handling malware infections as a sequence of independent incidences. But just cleaning up systems is not enough to keep up with criminals who are using increasingly hostile and innovative tactics.
Keeping IT infrastructure free of malware means not only finding dubious code on servers and PCs, but finding and stopping malware on the network. IT teams need to contain infections before they escalate.
When viruses are detected, organisations must treat each occurrence as part of a complete security incident sequence. There are four parts to this: plan, defend, identify and react.
As you design a way to defend, identify, and react to malware, start by understanding the threats relevant to your IT infrastructure.
Malware finds its way onto business systems through a variety of routes: vulnerabilities in workstation software, network-accessible software on servers, social engineering – in which a hacker users deception to obtain a password - USB sticks and weak passwords.
Keeping financial restrictions in mind, catalogue potential malware targets across the infrastructure and place them in order by sensitivity, confidentiality or any other measure relevant to your business. Then design your malware security framework accordingly.
Don't forget to include in your design not only preventative security controls, but also measures for detecting malware and responding to the associated security incidents.
When implementing policies from the planning stage, organisations must defend against virus outbreaks. It's relatively easy to defend a single machine through installing security suites, locking down operating systems, restricting software installation and the flow of data in and out of the computer, but when more machines are added the task can be cumbersome.
Also, different users have different requirements and machines, often spread over multiple locations. In order to manage these properly, IT organisations have to deploy a management system to administer multiple systems in a scalable manner.
While this won't stop all infections, the ability to respond quickly to such events will help to minimise any damage.
The quicker malware can be detected the quicker you can react to it and slow down the infection. But anti-virus tools are not enough nowadays to stop as criminals can design malware to evade such defences.
To fully protect the infrastructure, organisations must use other methods to find and track malware. These include: using change detection tools to find unauthorised file system modifications; educating users on how to spot and report the signs of virus infection; reviewing security logs to discover suspicious activities; and implementing intrusion detection systems.
When reacting to a malware outbreak the key steps are containment, eradication, and recovery.
Containing malware – in other words ensuring that it won't spread - could involve telling users not to click on links, or shutting off services that malware uses to spread. At the worse, it may be necessary to disconnect the machine until it is cleaned up.
Eradicating the malware involves getting rid of the virus, restoring a back-up or rebuilding the entire machine.
Recovery involves returning to normal operations in the infrastructure. It's necessary to keep an eye on the affected systems to make sure that the malware is no longer present, and inspecting the whole IT infrastructure to see if there are any other signs of infection.