Canadian IT Blog

Malware Mitigation and Recovery Strategies

Written by Team CITI | March 26, 2019

Malware infections pose a huge risk to the operations and financial security of your company. Malware can lock up your data and hold your information hostage until you pay a ransom. It can take weeks for your business operations to get back on track. Even once you have righted the ship, the lingering stress of being targeted can take an emotional toll with lasting effects on your organization. 

There are many types of malware that you should become familiar with, ranging from trojans, adware, to ransomware. Some of these, like trojans, pose as useful software that is encrypted with malicious code. Malvertising is the use of online advertising to spread malware. These adverts are pop-ups on unsecured websites that prompt unwitting users to click on their links. There are always early signs that something might be malware, but it is often very easy to overlook the signs—and that is how cybercriminals continue to reach their targets.

A strong malware mitigation strategy encompasses both steps to help with the prevention of attacks and proper recovery planning in the event of an attack. Having a strategy that looks at both areas is key to keeping you and your company safe from malware attacks.

 

1. Malware Prevention

 

Prevention is not only the first line of defence from malwareit is the most important aspect of an anti-malware strategy. WIthout proper prevention, you are putting yourself and your business in the line of fire with no protection. It's only a matter of time before you get burned.

 

Anti-malware Software

 

Installing reputable anti-malware software is a great place to start. But once it is installed, it is often neglected, which results in weakened security and increased risk. Once you have chosen and installed your software, it is key to configure the software to do the following:

  1. Run periodic scans of all files from external sources and downloads
  2. Update the software automatically to its newest and most efficient version
  3. Quarantine all suspicious or infected malware code and alert the company's security or IT services
  4. Ensure the software isn't being blocked from running on certain applications and browsers on your computer

 

Principle of Least Privilege (PoLP)

 

It is also a good idea to look at who within your company has access to what data. Using the Principle of Least Privilege (PoLP) minimizes access to every layer of the computer environment, including software, data, and programs, to only those that actually need to have access. This not only helps keep your sensitive data secure, but it also ensures that certain programs and applications aren't being misused or accidentally altered as a result of having too many people with unnecessary access.

Introducing PoLP also lends itself to educating and informing all employees of safe Internet practices and ensuring everyone is aware of their role in keeping a watching eye for potential threats and suspicious activity. 

 

2. Recovery

 

If you have taken the proper steps to prevent malware including documenting procedures, the recovery process will undoubtedly be easier to execute. 

 

Backups

 

Backing up is a tried-and-true way to not only to mitigate the damage caused by malware attacks, but it also helps ensure a smoother recovery should an attack happen. However, backing up is not a simple one step process. It is important to actively test your backup and ensure that when using the restore process that the files are still readable and usable. As often as you back up, take the extra time to run a testit can prove to make all the difference in a time of crisis.

Unfortunately, without backup, it could be a matter of whether your data is worth the struggle of trying to involve authorities and launching a criminal investigation. Most security professionals will likely tell you not to pay the ransom and try to recover from the attack with as minimal interruption to your business' day-to-day operations. Note that paying a ransom is not a guarantee of getting your data back.

Having to give into cybercriminals is the absolute worst-case scenario and one that no company should have to face. Aside from the financial loss, the disruption in your workplace, it also results in emotional distress. There is a sense of accountability and "I failed to prevent this" that can really bring down the efficiency of the workplace. That is why taking the time to that ensure you have a stable and well-rounded malware prevention and recovery strategy in place is so important. While it takes a bit of time to put together, being able to operate your business with ease, comfort and confidence is worth it in the long run.

If you you are interested in malware mitigation and recovery strategies for your organization, please reach out to us. We're always happy to help.