- IT Support
- About Us
The increasing sophistication of virtual security threats being used to infiltrate company networks has resulted in businesses across the globe having to tighten their security strategies, but even the most rigid systems are rendered useless without understanding from all employees.
Companies that adopt bring-your-own-device policies, or allow staff to access personal email accounts from company systems, run the risk of falling victim to malware and phishing attacks if they don’t have proper precautions in place.
Here, we give you the rundown of some of the most common issues business and personal computer users are facing as threats continue.
Before we begin, it’s important to understand some key terms relating to IT security.
We often get asked what the difference is between a virus and malware, and the truth is that in actual fact, there is no true difference.
The term ‘malware’ is short for ‘malicious software’, and includes spyware, trojans and viruses. Each one of these acts in a different way, so protecting your system from all of them is important to all businesses.
Antivirus or anti-virus software (AV), sometimes known as anti-malware software, is software that prevents, detects and removes this type of malicious software from your computer.
Training your staff on what to look for is the most important way of preventing these attacks on your system. If, however, someone does click something suspicious, having a program to catch this is a secondary line of defence; it’s a further step in the right direction to preventing disruptions.
There are plenty of different AV programs available, but how do you know which one is right for you and your business?
Malware is spread through malicious links and attachments in emails. Unfortunately, no one piece of AV software can catch everything. So, a lot of businesses go for a layered approach; they have an AV program to catch the standard threats that people face on a day-to-day basis, and then an anti-malware program for the more advanced threats that arise.
A botnet is a collection of infected computers that are remotely controlled by a hacker.
Once a computer is infected with a bot, the hacker can control the computer remotely via the internet. From then on, the computer is a “zombie,” doing the bidding of that hacker, although the user is completely unaware. Collectively, such computers are called a botnet.
The hacker can share or sell access to control the botnet, allowing others to use it for malicious purposes.
For example, a spammer can use a botnet to send out spam email. Up to 99% of all spam is now distributed in this way. This enables the spammers to avoid detection and get around any blacklisting applied to their own servers. It can also reduce their costs because the computer’s owner is paying for internet access.
Hackers can also use zombies to launch a ‘distributed denial-of-service’ attack, also known as DDoS. They arrange for thousands of computers to attempt to access the same websites simultaneously, so that the web server is unable to handle all the requests reaching it. The website thus becomes inaccessible.
Email malware refers to malware that is distributed via email.
Historically, some of the most prolific virus families (eg: Netsky or SoBig) distributed themselves as file attachments in email. These families relied on users double clicking an attachment, which would run the malicious code, infect their machines and send itself to more addresses from that computer.
Nowadays, hackers have changed their focus and predominantly use the web for malware distribution. Email messages are still used, but mostly as a way of distributing links to malicious sites, not for carrying malicious file attachments.
A lot of the spam sent from a botnet is for the purpose of increasing the size of that botnet.
Effective anti-spam security, in conjunction with endpoint security software, should be used to defend against email malware. In addition, user education can raise awareness of email scams and seemingly innocent attachments from strangers.
Phishing scams are attempts by scammers to trick users into giving them personal information such as passwords, bank details, and card numbers. In some cases, they encourage the user to make payments to false accounts.
What should you look out for when identifying phishing scams?
Scammers also use phone calling techniques to gain access to your computer and network. They may ask you for your username and password, or to go to a website and install software to gain access to your machine. Once they have access, your personal information is vulnerable.
These types of scams can never be completely stopped (as much as we may want to!). User education is key to preventing businesses from being duped by these scammers. Knowing what to look out for and being vigilant will help thwart these intrusions into everyday life.
The most important point to remember is if the email is asking for payment, phone the person in question - a quick call will confirm if the request is genuine or not!
Spam is unsolicited commercial email, the electronic equivalent of the junk mail that comes to your mailbox.
Spammers often disguise their email in an attempt to evade anti-spam software.
More than 99% of all spam comes from compromised computers - infected machines that are part of a botnet. Spam is often profitable: spammers can send millions of emails in a single campaign at a negligible cost. If even one recipient out of 10,000 makes a purchase, the spammer can turn a profit.
So, why does spam matter?
Spammers are now also exploiting the popularity of instant messaging and social networking sites such as Facebook and Twitter to avoid spam filters and to trick users into revealing sensitive and financial information.
Do you need help with IT security? If so, t experts at Evaris are on hand to ensure your business has a good knowledge of the increasing threat of cyber attacks, and how to avoid them. Get in touch with us today by calling 0330 124 1245, or email email@example.com.