Top four malware security tips

Webroot has issued a white paper entitled ‘How to Protect Business from Malware at the Endpoint and the Perimeter’ that includes four key tips to protect enterprises and SMEs against malware infection. The top four tips to protect your business against malware are:

Be Above Average with Standards: follow best practices provided by the Payment Card Industry (PCI) Data Security Standard, the widely accepted British Standard BS7799 for information security management or the International Standards Organisation issued ISO/IEC 27001.

Get an Edge with Technology: maintain up-to-date detection patterns and software updates of anti-virus and anti-spyware products; select desktop security software that can be centrally deployed and managed; maintain current operating system and browser patches to minimize vulnerability to security exploits; ensure web browsers are set to at least ‘medium’ in the security and privacy settings; do not allow users to surf the internet while logged on with ‘administrator’ privileges to the network; maintain a list of allowable software and/or executable files and run a weekly scheduled check against PCs in the network, check results for non-standard entries and take appropriate actions to remove unapproved programs; consider re-imaging chronically spyware-infected PCs.

Block Spam at the Perimeter: if you don’t have internal expertise, consider a SaaS-based email or web security solution; configure gateway proxies and firewalls to prevent ‘drive by’ downloads, executable downloads from known spyware sites or PC communication to known spyware ‘phone home’ sites or large numbers of email emanating from one PC, i.e. Spam; scan files at the perimeter for known spyware and virus code; maintain strong anti-spam protection with filters to prevent drive-by attacks, DoS, registry harvesting or network slow-downs.

Proactively Educate Employees and Staff: require network users to agree to an ‘Acceptable Use Policy’ indicating unauthorized programs can be blocked; teach employees and other computer users to understand that many ‘free’ programs and services on the internet install spyware that drastically slow PCs, install annoying pop ups and steal private and corporate information; ensure IT support staff are trained to recognize the less overt spyware symptoms, including very long boot up, slow and erratic application performance and frequent computer crashes so that proper remediation can be taken.