The first steps toward improving your IT security can feel like a long trudge. Alarming facts, boundless opinions and "solutions" can make actual answers feel out of reach. By following these straightfoward guidelines, you and your business will be on it's way towards improved IT security.
The Microsoft Office team have a few quick tips on staying safe from malware, here's our take:
1. Update your software
Keeping software up-to-date is essential. It is the go-to advice from software makers after any new threatis revealed. Take the recent WannaCry attack as an example. Many software makers quickly released patches, or already had updates available. For your personal devices, these updates can be simple. Windows, macOS, iOS & Android can have updates set to install automatically. You can even manually update if you're immediately concerned about a threat.
Software updates in a business environment are a bit more of a balancing act. Updates can break essential software functions if they are not tested adequately, and this occasionally happens. Enough that it requires consideration by IT departments. Even updates from software companies like Microsoft and Apple can cause issues. Sentrian rolls out updates at regular intervals, trying to meet the balance between business continuity and software security.
2. Keep a backup
In the event of a malware attack, a backup may be the only way to recover lost or encrypted data. It's easy to think of backups as being straightforward, but there are many different options. But it is vital to make sure your backups are practical and reliable.
A vague backup policy offers little benefit over no backup at all. Occassionally copying your business data onto an external drive at the end of the day is unreliable. A regularly scheduled backup, preferrably on-and-offsite, is a good start. And ensure your backup is not connected with your day-to-day storage! A ransomware infection may also spread to the backup if this is the case.
3. Be a detective
Even with anti-virus and firewall solutions, malware and other unwanted software can still take over your computer. Every email, every link that wants you to open or click-through to something should be treated with a healthly level of suspicion (see our Learning What to Trust tips).
Thankfully there is a reasonable rule: if in doubt, don't.
Make sure the source of the email is legitimate, know where the USB drive is from, verify information through another source. It's perfectly acceptable to pick up the phone and contact someone to ask if they've sent you an email with an attachment. Malware infections and scams usually arrive in waves, it's important to be aware of the new and common tricks that criminals use.
4. Update your knowledge
Having a basic understanding of good practice and awareness of current threats can reduce human error as an IT security factor. We mention IT security education regularly because it is essential to not allow good habits to lapse.
To keep yourself up-to-date, see our previous post on how malware spreads and have a quick read of these resources:
- Our gallery of current email security threats (these have targeted or are a high risk to our clients)
- Scamwatch (from the ACCC)
- Microsoft Malware Protection Center - Definitions and Current Threats
- Our Hosted Disaster Recovery/Backup solutions to mitigate malware infections