When you go to sleep at night after leaving you PC turned on is a United Nations of Malware convening negotiations to find out who will get control of your technology, data and identity?
Or, perhaps is there a collection of Zombieware on your PC currently lying dormant and just waiting to reactivate and cause mayhem at the least opportune time?
You may think that virus scanners and firewalls will save you, but neither of these tools can offer a complete defence. A virus scanner is only as good as the signatures it contains and some malware may not be incorporated into the signature database yet. Firewalls are heavily dependent on the proper configuration and expertise in setting them up.
To improve your cyber security posture you need to do three things: be risk aware, take preventative measures and know what to do in the case of an infection. This article looks at these three things.
- Be risk aware. We have already covered this topic in the article titled Catch me if you can – Phishing for Phools.Understanding what causes infections is only one side of the coin, the other side is identifying the signs that you have been infected. If you experience any of the following symptoms your PC may have been infected: dramatically slow speed; dialogue boxes in poor English; files disappear; your computer operates erratically and seems to have a life of its own; the connection to the internet is slow or you are not be able to connect at all; applications don’t start; browsers open many tabs or there is a proliferation of pop ups; antivirus or firewall software stops working or disappears altogether; and in some exceptional circumstances your computer may start talking to you.
- Take preventative measures. We have already covered this topic in our article titled Make your Business Ransomware Aware in 10 Easy Steps.While all the steps in that article are relevant and important, I would like focus on a backups and systems configuration here. Being infected with malware is a huge inconvenience as a result of having to re-build PC’s systems. Additionally, infections can put sensitive data at risk. For these reasons you should aim to have your data securely stored in the cloud and only download files to your PC when you need to access them offline (by checking them out). Once finished, check them back into the data store immediately. This way you keep a separation between your PC and your data. Secondly, you or your organisation should keep your operating environment standardised and simple. Use exactly the same applications and to the extent possible configurations across the whole business. In this way you can image pristine copies of PC’s and store them in a safe location so they may be re-installed on affected PC’s immediately with little time and effort. This can be done by small business as well as big businesses. There are plenty of tools out there that can assist with this process. Make sure that once you re-image the PC all new patches (that may have not been included in the images) are re-applied. Also make sure you update your virus software, particularly the signature database
- Know what to do in the case of an infection. Agilient’s suggestions are as follows. Disconnect from the internet. Boot in safe mode or with a rescue disk/USB if you have created one. Using another computer download a few virus scanners or similar tools and run scans on your infected PC to identify the problem (be careful not to infect the working PC when transferring information). Try to find the actual malware that is causing problem and search the internet for fixes from reputable sources. Clean up you pc. Reduce the number of programs that auto start when you turn your PC on. You can check installed programs and remove anything that is not absolutely necessary. Run task manager in windows to see what applications and services are running – remove anything that is unnecessary. You may also download some tools to assist with is process. Remove any system restore points (just in case they are infected as well). If none of this steps resolve the problem take your PC to a specialist computer shop or just re-build the system. If you created an image, you probably would have just re-installed that in the first place and saved yourself hours of frustration and inconvenience. A final, important point is that all your passwords should be changed.
The above strategies are by no means fail safe and you may need to do further research, but they are a useful starting point for ideas. In writing this article we have focussed on the smaller end of business as it is assumed that most big companies will have in-house expertise to deal with malware. We have also focused predominantly on Microsoft Windows based systems due to their high uptake in business and in response to recent attacks targeting them. If you need any assistance in implementing any of the strategies outlined above please contact Agilent.
The Agilient Team