Cyber Essentials - The Five Controls – 3. Malware Protection

25 Oct Cyber Essentials – The Five Controls – 3. Malware Protection

Posted at 15:32h in Cyber Security, IT Support by admin

The Cyber Essentials accreditation has five key controls that need to be implemented and maintained in order to guarantee successful certification. We have explored two of the five controls already (Firewalls and a Secure Configuration) and will now delve deeply into the third – Malware – in this article.

What is Malware?

“Malware? What’s that?”, I hear you say. You wouldn’t be blamed for not having heard of it as it is rarely referred to by its technical name – but have you heard the term ‘virus’? Malware is one of the world’s most common forms of virus – it is defined as any software that is designed with the intention of causing damage to a server, computer, client, or network.

Malware is developed to attack software. It then makes copies of itself and spreads around your entire network, to any other computer or device associated with the initial device that was attacked.

What are the consequences of a Malware attack?

As we are sure you already know, viruses are never a good thing for your computer – and Malware is no different. It can cause many different problems – depending on its sophistication and how far it has managed to intertwine itself into your vital systems.

Most attacks are financially motivated. Ransomware attacks, for example, (one of the most common forms Malware takes) have risen in popularity due to the sheer number of successful attacks and the ease of carrying out such an attack. According to Cognyte, “Ransomware attacks nearly doubled in the first half of 2021; 1,097 organizations were hit by ransomware attacks in the first half of 2021. In contrast, our(their) 2020 report found 1,112 ransomware attacks for the entire year. These attacks involved data exfiltration and the leakage of victim’s data.” ¹ You could be next!

How does it work?

Malware is tricky. It uses many different methods to gain access to your system and comes in many different forms. One of your users could have – inadvertently – browsed a compromised website, they may have opened a file from a removeable storage media, or (most likely) it comes down to something as simple as opening an email that, unfortunately for the user, is infected and allows the Malware to take control of the entire system. If the Malware is successful, it has the power to cause business-defining damage to your entire system.

The fight against Malware

Understandably, you are concerned – Malware could reap untold havoc on your entire system. But but don’t worry – there are measures you can take to give your systems the best possible chance of fending off an attack.

Approved purchases

Only download apps for devices that are from the manufacturer approved shops. Apps from unknown or unreputable vendors may not have been checked for Malware before your purchase. Your staff must be warned of this; under no circumstances should they purchase tools from unreputable vendors. Apps from widely known manufacturers are supported and are safe to use (some examples of these include Google Play store and the Apple App Store); these are safe because they have dedicated teams monitoring them to ensure that they are as secure as possible – making them very difficult to penetrate by Malware.

Anti – Virus software

You must have anti-Virus software implemented on all computers and devices both at home and in the office. Yes, most of the popular brands of operating system come with a free type of anti-virus software as standard, but this is NEVER good enough to protect your systems – especially not on a business level. These tools are typically very basic and offer limited protection against the sophisticated threats you are likely to face in your business. Smartphones and tablets require a completely different method – these methods are easily found online; just search the name of your device followed by ‘end-user security guidance’ and follow the instructions, which should put you in good stead.

Sandbox

No, we haven’t lost our minds – we aren’t referring to a Sandbox in a playground but to a Sandbox security mechanism that separates programmes from other parts of the network – in the process stopping them from being harmed.

The Cyber Essentials accreditation requires that you implement one of the bullet points above in order to ensure your devices are as protected as possible from Malware, whilst simultaneously gaining you the certification.

¹ https://www.cognyte.com/blog/ransomware_2021/

Cyber Essentials Accreditation achieved

We understand the importance of top-level cyber security in your organisation. Our team of experts will help guide you to Cyber Essentials Accreditation and a secure future. We will ensure that you feel confident with the new tools that were implemented which made achieving the certification possible. Contact us now and find out how we can help you transform your digital landscape into a fortress that cyber criminals haven’t got a chance of being able to penetrate.

Tags:

Cyber Essentials, Cyber Security, Data Protection, Modern Workplace

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.