Malware: What it is and How to Avoid it.

Posted on by Megan McGinty
Written by: Megan McGinty
Share on Social

Have you ever seen an antivirus alert pop up on your screen, or mistakenly clicked a malicious email attachment? If so, you’ve had a close call with malware.

Hackers use malware to gain a foothold in users’ computers—and, consequently, the offices they work in—because it can be so effective.

“Malware” is designed to operate covertly on your computer system without your consent.

It is deployed with an objective in mind – stealing data and credentials, actively working to cause issues for the target ranging from launching a virus on a single computer to corrupting critical files and then demanding payment from the target to give back the data or resume normal behaviour.

Malware comes in various forms

Trojan horse: This is a program which appears to be a useful application but is in fact a delivery mechanism for malware. This doesn’t infect other software.

Virus: This infects other programs or files by injecting itself into existing software or data.

Worm: A worm actively works to infect other targets sometimes without any interaction on the user’s behalf.

Attackers will use a variety of methods to get malware into your computer, but at some stage it often requires the user to take an action to install the malware. This can include clicking a link to download a file, or opening an attachment that may look harmless (like a Word document or PDF attachment), but has a malware installer hidden within.

How to avoid Malware

Continually training employees on best practice for avoiding malware, such as not downloading unknown software, as well as on how to recognise phishing scams can go a long way to protecting your business.

Back up your systems on a regular basis. By having a back-up available, you’ll be able to restore your system should you suffer an attack.

Cyber Essentials is one of the best ways to protect your business.

The Cyber Essentials scheme is a cyber security standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from internet-based threats.

The scheme focuses on five essential mitigation strategies within the context of the 10 Steps to Cyber Security guide:

  • Boundary Firewalls and Internet Gateways
  • Secure Configuration
  • Access Control
  • Malware Protection
  • Patch Management

It provides organisations with clear guidance on implementation as well as offering independent certification for those who want it.