"Attention! We've detected malicious activity on your computer. Download antivirus now."
Spyware, Keyloggers, Scareware (described in example above), Ransomware and more. It seems like malware, or malicious software, lurks around every corner of the Internet, be it in a threatening email attachment or false online advertisement. There are now newer, subtler ways for your clients to have their personal data stolen, and few will be able to detect the warning signs of the various types of malware attacks before the damage is done and the data is lost. It is time to teach yourself and your clients how to prevent malware from causing unnecessary problems on your computers and servers.
As your customers' MSP and trusted IT advisor, malware protection must be top-of-mind. In order to reduce the amount of infected client machines and mitigate the impact of attacks, however, continuous vigilance must be exercised by all. To prevent their businesses from falling victim to cyber-attacks, end users will have to learn secure browsing habits and likewise, IT solutions providers will have to install the highest grade endpoint protection, all while reading up on the latest malware news for security patches and critical malware updates. We explain further in this go-to guide for protection against the viruses, worms, Trojans, etc. that fall under the malware umbrella.
Part 1: How Clients Can Reduce the Risk of Malware Infection
As you know, malicious programs are engineered to compromise systems, steal and exploit personally identifiable information (PII) like financial data and credit card numbers, as well as hold this information captive to extort payment or intel from victims. The costs of downtime and data loss combined with the shattered reputation that results from a malware breach are far too great for small-to-medium-sized businesses to take their online safety for granted. Because of this, you must urge your clients to be cautious in all their web-based dealings, and stress that they adhere to the following security measures, which we've compiled from sources, such as McAfee, Kaspersky Lab and PCWorld:
1. Be suspicious when prompted to download or install software
Even if you think you can trust the program because it's well-established or appears legitimate, that is not always the case. Attackers have become cleverer and know how to cloak their schemes in well-crafted, credible language. The takeaway here is that clients must verify that the software is valid before taking action. Encourage them to open up another browser tab and research the program. Make sure they understand not to click into the original prompt for more information. If the intent is malicious, with any luck, your user will see search results of posts by others warning users not to download the software. To be safe, you may choose to have them run the mystery application by you first. Overall, you should be the main purveyor of their cyber health.
What about for cases where the software itself is legitimate, but the version offered isn't? Unfortunately, attackers have been successful at impersonating common, harmless applications or services, such as Microsoft support. Train your clients to be wary of any—website pop-up ad, email, social media message, etc.—attempt to have them download something. If they'd like to download well-known software like Microsoft, instruct them to visit that company's website to do it—insist that they don't click any email links or ads, as these could be phishing schemes and malvertisements in disguise. Furthermore, teach them to look for websites with secure sockets layer (SSL) security. As we describe in How to Keep Clients Safe from Phishing Attacks and Online Scams this Holiday Season, that just means the URL for the page begins with "https://" and not "http://.
2. Avoid websites whose legitimacy and security can't be guaranteed
This is fairly self-explanatory, but still necessary to reiterate. We’ve seen how Internet users are 28 times more likely to be infected by malware if they use content theft sites. Piracy websites aren't the only ones with low security, but it just goes to show that destinations like these are hotbeds for cybercriminal activity. Look into software that detects the safety of websites before your clients accidentally click on risky search results. Additionally, encourage your clients to never click any link without knowing its destination. Have them hover over the anchor text to see the link URL as an additional security precaution. It's simple steps like these that can easily bolster up your clients' protection from malware and reduce headaches down the road.
3. Stress that malware can be installed without user intent to download anything
It's very easy for people to downplay malware concern and dismiss these tips by saying "Fine, I just won't download anything then." But your users aren't in as much control as they'd like to think they are. Drive-by downloads can infect a user's machine if he or she merely visits a site with malicious code, but doesn't take any action. Attackers are savvy enough to recognize that their victims may not be easily fooled and that they may have to target other behavior. Take a pop-up malvertisement—yes, they can still get past browser ad block plugins—that offers a software download. Upon reading the first tip above, your user is aware of this scam and knows not to fall for it. What do you think they do? Click the X to close out of the window. No, they didn't click the link, but they still engaged with the malvertisement ad and could therefore be compromised. Instead, teach them to close out with:
- Windows Task Manager, if using a PC or
- Activity Monitor, if using a Mac
4. Take caution when sharing files or opening attachments
Whether they intend to open or share files across email, instant messaging applications or popular file-sharing programs, clients must be certain of the source's legitimacy. Through intelligent social engineering tactics, attackers often impersonate a trusted authority—such as a coworker—to manipulate and compromise a company's system. For extra guidance in detecting fraudulent files, McAfee warns not to download files with the extensions .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.
Part 2: Malware Detection, Protection and Removal
With your users adopting this safer, preventative behavior, the chances of being attacked by malware are slimmer, but not impossible. To minimize the volume of threats that reach your clients' network, strengthen your remote monitoring and management (RMM) solution with a solid endpoint protection solution. Be sure to maintain regular management of both, checking that they're active and up-to-date.
Endpoint protection, also known as endpoint security, is a solution that secures and protects various endpoints (servers, workstations, mobile devices) from getting infected and prevents infections from spreading throughout a network. Endpoint protection is an integral component of a multi-layered security solution because it helps secure every endpoint connected to a specific network, block malicious activity and provide protection against unauthorized access to sensitive data.
Today, endpoint protection can consist of multiple types of solutions and typically includes antivirus, anti-malware, encryption, firewall and other security measures such as patching and configuration management.
By monitoring your clients' networks for incoming threats, endpoint protection is your end-to-end malware security defense. You can configure scans to run regularly and automatically to search files for known cyber threats and evidence of suspicious activity that could signify an infected system, helping detect new threats or ones that may have been sneakily encrypted. Lastly, endpoint protection can take care of malware removal. Once a corrupted file is flagged, the solution can either delete the file, quarantine it so that the file is inaccessible to other programs and unable to spread, or attempt to repair the file by removing the threat itself.
Part 3: Malware Updates and Security Patches
Today, IT service providers must continually offer proactive technical support to stay ahead of the malware curve and avoid malware removal altogether. To protect client data, you have to keep your finger on the pulse of the latest cyber threats and malware news.
Every month there seems to be new updates released, meant to correct existing flaws in applications and programs that hackers can exploit. Patches correct new bugs and legacy vulnerabilities, alike. What you think is safe one month may be a breach waiting to happen the next if you don't stay on-top of these security updates. One report all system administrators should follow religiously is Microsoft's Patch Tuesday.
Warning: Not every patch should be deployed. Each one must be tested to ensure it's safe to apply to clients' systems. If you're a Continuum partner, our Network Operations Center (NOC) performs this service for you.
In order to be eligible to receive the latest security defenses and patches, your clients must update their operating systems and browsers. If, for instance, they haven't migrated away from Windows XP OS, they won't be able to receive Microsoft support or future patches, which spells trouble—and potential noncompliance penalties—if they get hit with a virus.
Part 4: MDM for Mobile Malware
Mobile malware is on the rise. According to a McAfee Labs Threats Report, 2017 saw a total of over 16 million mobile malware variants, as well as over 1.5 million new mobile malware variants at the beginning of 2017.
With increased data mobility and the Internet of Things (IoT) fostering more complex IT environments, it's time for MSPs to get on board and offer mobile device management (MDM). Personal and private data have converged in the modern office. Now, using the same device, an SMB business owner can check his Facebook, download apps and read confidential work emails. While convenient and arguably necessary, this ease of access is also extremely dangerous. One wrong move, and the company's files could be stolen, encrypted, sold, etc. MDM is the only way to protect against the threat of this bring your own device (BYOD) workplace trend. By offering the right MDM solution, IT service providers can remotely wipe an individual’s data when he or she leaves the company or when a device is compromised.
If you'd like to learn more about this lucrative opportunity for MSPs, here's everything you need to know about mobile device management (MDM).
Part 5: Backup and Disaster Recovery (BDR): The Malware Failsafe
One malware remediation strategy involves localizing the issue by disconnecting the user and device with the issue to prevent the bug from spreading and compromising more company data. But how can an MSP recover that user's lost data if there isn't a secure and reliable backup and disaster recovery (BDR) solution in place? If you're not currently offering business continuity as one of your managed IT services, you're not only missing out on a sizable revenue stream, but you're gambling with the protection and security of your clients' data. Today, malware attacks like those belonging to the CryptoLocker and CryptoWall families, in which cybercriminals encrypt or lock files and demand payment for the decryption key, make it virtually impossible to recover data in the absence of a BDR solution.
The alternative is funding the development of future attacks by paying the hacker, who may not even choose to comply. For obvious reasons, we don't recommend leaving that as your user's only solution. By offering cloud-based BDR, however, you can take frequent backups to minimize the backup window and optimize your end user's recovery time objective (RTO) and recovery point objective (RPO), all while restricting the access of and securing their stored data. That's why BDR is the ultimate malware failsafe.
By Lily Teplow
By Brian Downey
By Dave LeClair