Fraud prevention
Malware
Malicious software is coded with the intention of harming its target. Affecting private and corporate users alike, it can steal information, damage data, hijack website visits and spy on internet activity. Fraudulent redirection of internet banking users is an increasingly frequent form of attack.
What is malware?
Malware can hide inside innocuous-looking software (trojans), or spread between machines without relying on user interaction (worms). It can be custom-designed to evade defences and execute specific tasks.
Once inadvertently installed, malware can carry out many activities unseen. It may spy on website visits, destroy data, or piece together passwords. Increasingly, it’s being used by criminals to encrypt important business information until the organisation pays a ‘ransom’. Internet banking users might also be redirected to fake sites which record their login data to enable financial theft.
Malware is usually delivered via email ‘phishing’ or fraudulent links. Malicious apps and USB memory sticks can also compromise smartphones and computers respectively. Malware can stay hidden for months until activated.
The risks to business
- Data loss
- Financial loss
- Hardware damage
- Paralysis of business activity
How can I defend my business against malware?
- Put in place strong response, recovery and back-up processes.
- Run up-to-date anti-virus software on all machines, and consider systems that use file reputation / behaviour analysis within a safe sandbox system. Network behaviour anomaly detection (alert to attacker commands) is another systems security option.
- Keep your PCs, servers and associated hardware up to date, installing the latest security patches as they become available.
- Make sure that your staff avoid questionable websites, and know not to download free software / apps, run MS Office macros on email attachments, or use USB sticks, from unverified sources.
- Consider application whitelisting (blocking any software not already authorised).
- Use different passwords for different business logins.