After the piece I published on Tuesday covering ‘What you need to know about Macs and malware’, my IT support guys asked me to do the same for Windows. After all, if Windows us more susceptible to malware than Apple it makes sense to let every business in New Jersey know. That’s what today’s post is all about, protecting your business from viruses and malware.
Windows computers have always been targeted by hackers and malware. That is partly down to how popular Windows is. With Windows 10 alone having almost 1 billion downloads, plus lots of Windows XP, Windows 7, Windows 8, Server 2012, Server 2016, Exchange and other machine types out there, it’s no wonder Windows is targeted so much.
It is also partly down to how Windows was designed. It was originally designed before viruses and internet threats. The intent was to share files and resources and be efficient with them. That left an obvious weakness that malware could exploit. As Windows matured, so did its security, driven either by Microsoft themselves or by third party providers such as Avast, Kaspersky, McAfee and others.
Protecting your Windows computers
Any business that uses Windows desktops, laptops or servers needs to install defense in depth. This means having multiple protections in layers to stop the threats ever reaching your computers or your staff.
In a typical office or small business setup our IT support team recommend you have the following defenses:
- A hardware firewall at the internet point of entry.
- A router with software firewall and Network Address Translation (NAT).
- Software or cloud antivirus on every machine.
- Software firewall on every machine.
- Malware scanner on every machine.
You can also elect for a solution such as Cisco ASA, which is a hardware device that includes a firewall, antivirus, malware scanner, email scanner, VPN server and more. It’s a modular solution so you add whatever features you need to protect your business. Even with ASA or its alternatives, you would still use security software on each device for defense in depth.
To reach a computer, malware would first have to pass through the firewall, then the router, then the security software to be able to work. Some will still be able to do that but by using this kind of setup, you’re eliminating 99% of threats. If a threat is sophisticated enough to get that far, there is nothing to stop it anyway.
Tips for avoiding internet threats such as malware
As well as physical defenses, there are other things you can do to lower the chances of malware infection. Here are some practical tips our IT support team shares with all our clients.
Have a clear internet use policy
Having a clear, concise internet use policy will show your staff what they can and cannot do on your computers. As most malware infections use the human element to work, having clear policies on where they can and cannot go online and why they cannot download any file they like onto your machines is a great first step.
Once you have a policy, communicate it to everyone and outline potential penalties for non-compliance. Be firm but fair and explain why this policy is in place and the importance of working within it. That way staff are more likely to buy into it and obey the rules.
Many malware attacks begin with social engineering. A fake email pretending to be a client, bank, credit card company, UPS or other official entity can include links to malware downloads, fake infected websites and all that good stuff. Training staff in what to look out for and what to do if they see a phishing email or scam will also offer significant protection.
Have a strict update schedule
Enforcing a strict update schedule with your IT support team is also essential. They can keep Windows up to date, update all your programs and apps and make sure all systems are running the latest versions of software.
There are systems that can automate this process but it can be done manually too. Often called patch management suites, you can set them up to keep your systems up to date on a regular basis. Examples include SolarwindsMSP, Captera Endpoint Management and Comodo ONE.
Have a regular backup system in place
Plan for the worst and hope for the best. The mantra for most IT support teams in the world. One way to do that is by having a robust, reliable backup system in place. Data loss is a typical symptom of a malware attack so having your data backed up regularly should mitigate the worst of that.
Always have three copies of your data. The original, the onsite backup and the offside backup. That way you’re covered whatever happens.
Keep abreast of threats
You don’t have to do this yourself, delegate it to your IT support team if you like but make sure someone who has input into your IT security keeps on top of emerging threats and ensuring your defenses are ready for them. There are lots of publications online that publish emerging or newly identified malware or viruses so there is no excuse for someone not to know what you’re facing.
Regularly reassess your security
IT security is not a set it and see solution. It is an ever-evolving game of cat and mouse where your business data is the cheese. Any security solution has to be continually evaluated to ensure it is still effective at protecting your business and still offering cutting edge defense and value for money.
Protecting a business is an expensive business whatever type of computer you use. However, being proactive in its security is much, much cheaper than doing nothing and having to contend with data loss or security breaches!
If you need help with your security, contact the IT support team at New Jersey Computer Help. We have the knowledge and expertise you need to stay protected.