Thursday, November 23, 2017

How to protect against malware!


I recently answered a question in Quora about how to protect against malware and wanted to share it here as well. Here it goes: 
Overall, I would recommend a multi-layered approach for an enterprise in mitigating the risk of malware as follows:
  1. Train your user community: It’s a well-known fact that people are your weakest link when it comes to information security risk. Security awareness training will help reduce the likelihood of someone clicking on a malicious link or visiting a harmful site that contains malware.
  2. Implement the right tools: Examples of commonly used tools to help mitigate the risk of malware include Symantec AltirisNovell ZENworks, and Microsoft System Center Configuration Manager.
  3. Improve your email filtering: This will help the organization filter out phishing emails containing attachments or links which attackers would like to use to inflict your systems with malware.
  4. Create a reliable system asset inventory: If you have a good idea of what assets are in your environment, you’d be much better prepared to protect them. This sounds like a no-brainer, but a lot of enterprises struggle with creating, maintaining and updating their system asset inventory.
  5. Patch all your systems: Most malware attacks exploit known vulnerabilities in your network, operating systems, applications and databases etc. Implement a formal program that focuses on patching all key systems in your environment. Be mindful to include systems you may not be patching traditionally such as printers, because attackers may use the vulnerabilities on unpatched systems to infiltrate your network.
  6. Detect early: Chances are you will encounter malware in your environment at some point regardless of what protections you put in place. In that case, regular vulnerability/malware/virus scanning will prove to be useful in detecting and addressing malware (and other) issues early on.
  7. Validate with a third party: Hire an independent third party to perform penetration tests so that you can validate if your anti-malware controls (among other controls) are working effectively.
What else do you do in your organization?