Webroot, has issued a white paper entitled ‘How to Protect Business from Malware at the Endpoint and the Perimeter’ that includes four key tips to protect enterprises and SMEs against malware infection.
The numbers of malicious programs in circulation have now reached epidemic proportions with the Webroot® Threat Research Centre identifying almost 5.5 million individual malicious programs during 2007. At its peak the team found 1,000 new variants of existing malware in just one day.
Based on independent industry research from analyst firms worldwide, such as IDC and Forrester Research and the expertise of the Webroot Threat Research Centre in Boulder, Colorado, the white paper identifies the top four threats to enterprises and SMEs; outlines the criminal creativity behind malware; provides a glossary of terms used within the industry and highlights the need for businesses to focus on email security, as well as drawing attention to regulatory requirements and recommendations.
The top four tips to protect your business against malware are: 1. Be Above Average with Standards: follow best practices provided by the Payment Card Industry (PCI) Data Security Standard, the widely accepted British Standard BS7799 for information security management or the International Standards Organisation issued ISO/IEC 27001.
2. Get an Edge with Technology: maintain up-to-date detection patterns and software updates of anti-virus and anti-spyware products; select desktop security software that can be centrally deployed and managed; maintain current operating system and browser patches to minimize vulnerability to security exploits; ensure web browsers are set to at least ‘medium’ in the security and privacy settings; do not allow users to surf the internet while logged on with ‘administrator’ privileges to the network; maintain a list of allowable software and/or executable files and run a weekly scheduled check against PCs in the network, check results for non-standard entries and take appropriate actions to remove unapproved programs; consider re-imaging chronically spyware-infected PCs.
3. Block Spam at the Perimeter: if you don’t have internal expertise, consider a SaaS-based email or web security solution; configure gateway proxies and firewalls to prevent ‘drive by’ downloads, executable downloads from known spyware sites or PC communication to known spyware ‘phone home’ sites or large numbers of email emanating from one PC, i.e. Spam; scan files at the perimeter for known spyware and virus code; maintain strong anti-spam protection with filters to prevent drive-by attacks, DoS, registry harvesting or network slow-downs.
4. Proactively Educate Employees and Staff: require network users to agree to an ‘Acceptable Use Policy’ indicating unauthorized programs can be blocked; teach employees and other computer users to understand that many ‘free’ programs and services on the internet install spyware that drastically slow PCs, install annoying pop ups and steal private and corporate information; ensure IT support staff are trained to recognize the less overt spyware symptoms, including very long boot up, slow and erratic application performance and frequent computer crashes so that proper remediation can be taken.
Nick Banks, EMEA managing director, Webroot says, “Awareness of the impact of malware has increased greatly over the past couple of years. Dealing with spyware, viruses, spam, phishing and Denial of Service attacks have become part of the average working day within IT departments.
One of the biggest risks in the future is that this increased familiarity with the problem could breed complacency. We predict that malware will continue to evolve and become even more dangerous. It is important for those with a responsibility for the security of their business to understand the threats. This white paper will provide them with the necessary information.”
