7 ways malware can infect your business

7 ways malware can infect your business

Matt Blowes April 21, 2017 Security

Cryptolocker, other types of ransomware and malware generally, are nothing but a pain. An infection can impact a business for hours or days depending on how far it spreads. For unprepared businesses, the downtime or data loss can mean disaster.

Ransomware spreads in a variety of ways but there is increasing recognition that one factor is consistently to blame: people. 

Human error is increasingly being identified as a key element of successful ransomware attacks. 

Almost everyone is aware there are dangers online, yet many people go unaware of how malware spreads. Few can point to the latest threats and tactics used by criminals. Informed users are less likely to be tricked compared to uninformed users.

How malware spreads

Malware can spread in many ways. It is generally found in suspicious emails. The email itself will not infect your machine with malware. Instead it's the attachments, images and links that are dangerous. Here are some examples:

  1. Attachments and links in an email
  2. Spreading from one infected computer on a network
  3. Malware infected USB drives
  4. Opening a webpage containing a malware-containing ad
  5. Fake mobile apps (particularly on Android)
  6. Fake social media pages/apps (think JB Hi-Fi/Qantas/Coles/Woolworths giveaways)
  7. Fake Microsoft Windows Support

The reality is, popular software is targeted by malware creators. Adequate anti-viral software, router-level firewalling, and keeping software up-to-date is essential to avoiding dangerous software. 

Learning what to trust 

So when malware spreads in lots of ways, from different sources, how can you know which emails or websites will be safe?

Trusting content online can be scalable. Take a contact you regularly communicate as an example. Each communication frequently references previous conversations (from online and the real world). Naturally, you will spend little time scrutinising their emails before interacting. This is logical. 

Take a few steps back, a contact you communicate with only every few months. They include details from your last conversation. While likely safe, you may want to consider the aspects of each email a bit more closely. Do they mention anything you've discussed in conversation outside email (phone, text, in-person)? Did you request a PDF attachment or are they sending it out of the blue? If in doubt, contact them in a different format. 

Now let's take a few more steps back, you receive an email from a brand or contact you recognise. There is nothing in the email from past communications. The email is trying to get you to make an action, by calling a number, clicking a link or opening a file. Alarm bells should be sounding. 

Resources

What can you do? Allocate a period of training for all employees on computer safety, particularly if they've never had a session before. Even 15 minutes can make a difference. 

Here are a few resources that can help:

Tip: When forwarding or replying to an email in Outlook, you do not have to click yes to download pictures. You can still click through to draft an email, albeit with images from the original email removed. 

Take the Email Security Quiz

 

Recent Posts

New call-to-action

Subscribe to our Newsletter

SHARE THIS