Posts

 

Staffing should address risk first and foremost

For any business, but especially a smaller one without deep pockets, the consequences of some disaster may mean the end of the business. As a result, risk evaluation becomes critical. There are an endless variety of events, from mishaps to major disasters that challenge your viability. Risk management inventories all of the possible risks that could befall the organization and places them in a hierarchy of significance. At the top are single points of failure disasters or extreme events that would shut down the business, at least temporarily. Risk management then works to channel limited resources toward mitigating the most serious risks. Here are some examples of risk in the IT area that could be especially damaging if left unprotected

  1. Data Security and Cybercrime –
    1. Loss of data – Failed backups or human error can lead to lost data. Every business needs to have the IT expertise to ensure that quality backups are maintained, preferably in real-time
    2. Data breaches – More significantly, data is constantly at risk from crime. From malware to ransomware, viruses and cyber attacks can destroy a small business. Consequently, quality IT support is most critical in this area. It should be an issue of highest priority.
  2. Hardware redundancy – Your entire physical IT infrastructure represents a vulnerability. Single points of failure could shut down your business. Proper design of your infrastructure, and 24/7 monitoring of it is, again, a risk mitigation factor. How much evaluation has been done to determine your level of risk?
  3. Natural and human-made disasters – How prepared is your IT infrastructure to continue operations in the event of a flood, fire, or natural disaster that prohibits access to your physical location? How would you handle a long-term power of broadband outage? IT professionals skilled in disaster recovery can help you mitigate the risk in the face of a major event.The point here is not to list all the possible risks you face, but to recognize that IT support should be focused on the most critical areas. Whether you bring them in-house or use the services of an MSP, resources should be directed first at areas where the risk is greatest.

How can an MSP help support a risk-focused IT strategy?

  1. Hiring individual in-house support can be expensive and slow – Given the tight labor market, finding ideal candidates can be exceptionally difficult, and as a consequence, too expensive. An MSP represents a faster way to bring on support and can be utilized only when and where the most critical services are needed.
  2. Up-to-date support – Over-worked in-house IT staff in a small company may be too busy putting out fires to keep up with the latest developments in specific corners of their field. As a result, you may lack the knowledge depth needed on narrow but critical areas. IT is a very broad field, and only a diverse IT team has the depth to cover all of the different areas. With an MSP, you don’t have to worry about how technology is changing. A good MSP will not only be up-to-date with the latest in tech but also advise you on what tech changes you need to make to stay ahead.
  3. Scalability – The size of your in-house IT support staff is, in the short term, static. If you experience peak demand times, resources can be stretched to the point of being overwhelmed. .Choosing a managed services provider, however, provides the flexibility to scale up or scale down your IT investment to suit your business needs.
  4. 24/7 monitoring and availability – Until your organization gets big enough, an in-house IT staff cannot be available 24/7. Nor can it provide 24/7 monitoring for that part of your business that must be functional all the time. An MSp has the resources, because of economies of scale.

In the end, don’t think of IT support as “IT Hiring” instead, think of it as staffing. What is the best use of limited resources to meet your most immediate vulnerabilities? That is the best perspective to take on IT support when resources are limited.

Smaller firms may hear about AI and how data is driving the big corporations of the world, but they often don’t realize that they can do the same. The size and age of your business doesn’t have to be a limiting factor in whether you use data. Today’s blog is a quick look at data management for the small firm.

The first lesson is: don’t take your data for granted. The basic business model for some large IT companies is monetizing the data that they collect. While this may not be your goal, you probably collect a great deal of data about your customers, prospects, and operations. An MSP can help you make better use of that data. Here are just three examples:

Marketing

Data tells you who is interested, when they’re interested, and in what they are interested. Data can tell you where each individual prospect sits in the sales funnel, so your marketing messages reach them exactly where they are. It can also track the performance of your online marketing initiatives.

Forecasting and Sales

Customer Relationship Management applications exist because of the data that can now be collected. They monitor sales efforts, nurture leads, and work to improve customer engagement.

In-house and Operations

Data can track all manner of things in your production of goods or services, identifying where resources are being spent in each step of the process. Data can also be used in scheduling and pricing, although these tools can have human resource and customer relations implications that need to be carefully considered.

Planning and the Future

Technology is more than just something to run your business today. It can be a source of innovation for the future of the business, pushing it in new directions. You should be taking a proactive view of technology as a strategic tool for the long-term growth of the business. How can new technology help with in-house software development, infrastructure upgrades, digital transformation, and product innovation? Questions to ask in this context would be “can technology improve the delivery of products and services, or improve qualitatively the nature of the product or service itself?” As part of C-suite plans to stay competitive and thrive in the market, leadership needs to understand what new technologies are available for future innovation. However, that means you need technology support that is focussed on strategic planning; understanding new technologies that can move the business forward. For an SMB, Managed Service Provider can be the CIO/CTO that understands your business and helps plans for the future.

In summary, most SMBs are limited in how they can make use of technology in their strategic planning. As a result, this may compromise their capacity to remain competitive in the long-term. Consider using an MSP as a strategic partner in your long term planning.

 

Many small businesses tend to view an MSP as the local fire truck. Available when an emergency happens, they rush in, put out whatever tech fires broke out, and then leave. This is also known as the “break-fix” approach to technical support. However, an MSP can bring many types of value to a small business. In particular, an MSP can function as a strategic partner for a small business. Technology needs to be part of your long-term strategic planning. MSPs have the ability to devote energy to understanding emerging trends that can help your organization develop a “technology roadmap.” This is a long-term strategy document that outlines how and what technology should be used going forward. The roadmap takes a proactive view of technology as a strategic tool for the long-term growth of the business. Individual parts of a technology road map will address specific aspects of the company’s “technology” such as software development, infrastructure upgrades, digital transformation, and product innovation. A technology roadmap that includes product innovation is especially important. Questions to ask in this context would be “can technology improve the delivery of products and services, or improve qualitatively the nature of the product or service itself?” The roadmap may also include research and development initiatives. As part of C-suite plans to stay competitive and thrive in the market, leadership needs to understand what new technologies are available for future innovation.

Here are just a few examples of how an MSP’s specialized staff with expertise can help.

Software Development – Strategic IT should be evaluating the present software applications and addressing improvements and re-designs that will address potential customer demands.

Infrastructure Upgrades as the Business Grows – There are many examples, but a simple one is redundancy. As a business grows, it becomes increasingly important to address redundancy. The larger the business, the more complex the infrastructure becomes. It is important that businesses look throughout the infrastructure and identify the single points of failure that need to be addressed and developing real-time work arounds and disaster recovery plans is an increasingly complex task that requires significant resources and attention.

Digital Transformation – Digital transformation refers to taking tasks and using digital tools to improve efficiency and response. This can mean anything from moving from in-house servers to the cloud, using SaaS, creating online portals for sales and marketing, to just about anything you can imagine. A new example is the use of AI, especially machine learning which can be used to develop more effective inventory planning and offer more precise marketing responses to individual prospects.

Security Roadmaps – A security roadmap is similar to a technology roadmap, but with a very tight focus. Ensuring your data remains safe from cybercriminals, internal error, and software or hardware breakdowns is the goal of a security roadmap. Your data is critical to your business. It is proprietary and it is also very vulnerable to theft. A data breach can be a real threat to the viability of your business. The legal and reputational consequences can take down a small business. A security roadmap can include:

  • Determining what regulations govern your data (HIPAA, GDPR, FERPA, etc.)
  • Developing access protocols
  • Training employees about human vulnerabilities to cybercrimes, such a phishing
  • Creating effective backup procedures, which are particularly important defense against ransomware attacks

Data Management: Everyone knows that data is valuable. The basic business model of some of the largest IT companies hinges partly on the value of data for advertising. But for even the smallest business, significant amounts of data can now be collected. An MSP can help an SMB use that data to tighten inventory, for example. Three ways data helps your business succeed.

Marketing – Data tells you who is interested, when they’re interested, and in what they are interested. Data can tell you where each individual prospect sits in the sales funnel, so your marketing messages reach them exactly where they are. It can also track the performance of your online marketing initiatives.

Forecasting and Sales – Customer Relationship Management applications exist because of the data that can now be collected. They monitor sales efforts, nurture leads, and work to improve customer engagement.

In-house and Operations – Data can track all manner of things in your production of goods or services, identifying where resources are being spent in each step of the process. Data can also be used in scheduling and pricing, although these tools can have human resource and customer relations implications that need to be carefully considered.

Every business relies on technology to function. From simple things like email, VoIP, and the internet, all the way to predictive analytics for inventory and sales, digital technology is at the root of every business. Unfortunately, no matter how much small- to medium-sized businesses may rely on their IT infrastructure to operate, they often try to “get by” with their in-house IT staff to keep things running. In this blog, we will discuss the value a Managed Service Provider brings to an SMB: a value that cannot be replicated in-house.

First, it is important for a business owner to realize that an IT infrastructure is not a static entity. Nothing is “plug-and-play” in today’s business environment. There is no “build it and forget it.” Because everyone relies on technology that must be running 24/7, businesses need to be proactively monitoring the performance and availability of critical infrastructure, such as servers and networks. There are just so many things a business has to worry about. Cyber criminals are always coming up with new threats, so anti-virus software isn’t enough. Consequently, active endpoint monitoring needs to be happening around the clock.

So, why is an SMB limited in its ability to meet all of its technology needs in-house? One reason is management focus. Business owners need to focus on core competencies. They need to focus on running the business and producing revenue-driving goods or services in their area of expertise. Diverting focus to managing an IT team in-house may not be an ideal use of their time. It may also not be an ideal use of their skills. Additionally, resources are limited, and an SMB loses the advantages of economies of scale when it tries to do everything in-house. In a smaller operation, IT staff often need to focus on day-to-day functions, including putting out fires. This limits their time to think strategically and determine ways that technology can innovate and keep the business competitive in the longer run.

So what can an MSP offer that the in-house IT staff cannot?

A Managed Service Provider is staffed by IT practitioners whose sole focus is technology. Many focus only on specific industries. This means that your MSP organization is composed of individuals who have specialized experience and training in one specific area of technology such as cyber security, cloud computing or network infrastructure. MSPs also have the resources to invest in continuous training and professional development. That means keeping up with the latest developments in technology and emerging trends. If focused on one industry, they analyze competitive changes in that industry and how technology can provide strategic advantages for their clients. MSPs also can set aside time for attending conferences, webinars, and networking events to share knowledge and stay ahead in their field. They are also more likely to have the resources to provide their consultants with access to professional publications and newsletters.

Why is this so important? First, analyzing present problems and performing routine maintenance tasks isn’t necessarily “routine.” New threats and changes can create disruption in existing configurations. (Anyone who has downloaded a new software upgrade is aware of that!) Secondly, in-house tech staff, except for those in the largest organizations, are more task focused than strategic. This isn’t due to a lack of awareness of the value of planning and development. It is primarily a resource problem that is inherent to SMBs. Unfortunately, the result is that in-house staff may not be able to contribute at a strategic level, thus limiting the ability of the organization’s leadership to incorporate new technology into long term plans.

Demystifying Ransomware: Understanding its Impact on Businesses

In today’s interconnected digital landscape, cyber threats continue to evolve and pose significant risks to businesses of all sizes. Ransomware, in particular, has emerged as one of the most notorious and destructive forms of cyberattacks. In this blog post, we will delve into the world of ransomware, exploring what it is, how it works, and the profound impact it can have on businesses.

What is Ransomware?

Ransomware is a malicious software designed to encrypt files on a victim’s computer or network, rendering them inaccessible until a ransom is paid. It infiltrates systems through various means, such as malicious email attachments, infected websites, or vulnerabilities in software. Once executed, ransomware quickly spreads throughout the network, encrypting files and displaying ransom notes that demand payment in exchange for the decryption key.

The Impact on Businesses:

  1. Financial Losses: Ransomware attacks can inflict significant financial damage on businesses. The ransom demands can range from a few hundred to millions of dollars, and even if the ransom is paid, there is no guarantee that the attackers will honor their end of the deal. Moreover, businesses often face additional costs, including incident response, system restoration, legal fees, and potential regulatory fines.
  2. Operational Disruption: Ransomware attacks can bring business operations to a grinding halt. When critical systems and data are encrypted, employees are unable to access vital information or perform their duties, leading to productivity losses and disruption of customer services. The downtime can have a cascading effect on revenue, customer satisfaction, and business reputation.
  3. Data Loss and Breach: In some cases, ransomware attacks involve exfiltrating sensitive data before encrypting it. Attackers may threaten to publish or sell the stolen data if the ransom is not paid, exposing businesses to the risk of data breaches. Data breaches can result in severe legal and reputational consequences, including lawsuits, regulatory penalties, and loss of customer trust.
  4. Reputational Damage: The impact of a ransomware attack extends beyond financial and operational consequences. News of a successful attack can tarnish a company’s reputation, erode customer confidence, and deter potential business partners. Rebuilding trust and restoring the company’s image can be a long and arduous process.
  5. Legal and Regulatory Ramifications: Depending on the industry and geographical location, businesses affected by ransomware attacks may face legal and regulatory implications. Data protection laws, such as the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), mandate organizations to protect personal data adequately. Failure to comply with these regulations can result in substantial fines and legal repercussions.

Mitigating the Impact:

While the threat of ransomware is persistent, businesses can take proactive steps to mitigate its impact:

  1. Regular Data Backups: Maintain secure and up-to-date backups of critical data. Ensure backups are stored separately from the main network and regularly test restoration processes to verify their effectiveness.
  2. Robust Cybersecurity Measures: Implement a multi-layered approach to cybersecurity, including firewalls, intrusion detection systems, antivirus software, and regular patch management. Utilize email filters, spam detection, and employee education to minimize the risk of infection.
  3. Employee Awareness and Training: Educate employees about the dangers of phishing emails, suspicious attachments, and malicious links. Promote cybersecurity best practices, such as strong password hygiene, two-factor authentication, and reporting any potential security threats promptly.
  4. Incident Response Planning: Develop an incident response plan that outlines the steps to be taken in the event of a ransomware attack. Define roles and responsibilities, establish communication channels, and conduct regular drills to ensure readiness.
  5. Regular Security Audits: Conduct comprehensive security audits and penetration

Cyberattacks on individuals and businesses for nasty purposes is nothing new. Stealing data, disrupting business, national activities, and just causing general mayhem has been going on for as long as there has been a digital world to attack. Ransomware, however, seems to stand out as a particularly unique and especially troublesome form of crime. For one thing, once an attack has happened, there is likely nothing to do to retrieve your data until you have given in to the demands of the criminals.

As a small- to medium- sized business owner, you should never just rely on off-the shelf virus protection programs as the sole tool to protect your organization against cyber crime. In all cases you should rely on an IT professional to look at every aspect of your IT infrastructure to ensure that everything possible is being done to protect your data. Beyond that, ransomware attacks are a particularly troublesome form of crime that requires special attention. Some of the routine tools to protect data may still be vulnerable to ransomware. This e-guide will talk about seven specific ways that an MSP is best positioned to help protect you from a ransomware attack.

Before talking about how an MSP can help. Let’s define ransomware. Ransomware is an especially nasty software whose MO is as old as crime: Kidnapping ( in this case, datanapping) Ransomware does this by infiltrating your computer systems and encrypting all of your files, making them unreadable to you. Then like any kidnapper, they post a ransom and hold your data hostage until they get paid. They encrypt your files, rendering them inaccessible to you. The attackers then demand a ransom payment. Ransomware attacks are typically carried out through phishing emails, compromised websites, or exploiting vulnerabilities in software. ( please check out some of our other e-guides on training your employees to avoid phishing emails, and avoiding other easy tricks that criminals use to infiltrate your IT systems.)

What happens once they have encrypted your data? You are probably stuck either paying the ransom or losing the data. In the case of ransomware, sometimes routine backups may be infiltrated. This is why an MSP can be of such value in securing your data against this particular form of cyber crime.

The impact of this crime is pretty obvious. Your data–and your customer’s data–is inaccessible. You have almost no choice but to pay the ransom. The loss of data can disrupt daily business activity and damage customer trust. A successful ransomware attack can lead to brand damage, regulatory penalties for data breaches, and potential legal consequences. The overall consequences can be devastating, making it especially important for you to take proactive measures to prevent such attacks.

The basic preventative measures. Are they enough?

In general, there are some basic textbook best practices you can follow

  • Educate employees about cybersecurity best practices, including identifying phishing emails and suspicious links.
  • Regularly back up data and ensure offline or offsite storage to prevent data loss in case of an attack.
  • Keep software and systems up to date with the latest security patches.
  • Implement robust endpoint protection solutions, including firewalls, antivirus software, and intrusion detection systems.
  • Segment networks to limit the spread of ransomware and restrict access to critical systems.
  • Develop and test a disaster recovery plan to ensure an effective response to an attack.

However, straightforward as these appear, these aren’t as simple to implement as they sound and you may not have the time and labor to devote to designing, implementing, and maintaining these procedures. As an MSB, your focus is necessarily focused on operations, revenues, and sales. A Managed Service Provider has the resources and the expertise to handle your virus protection and ransomware avoidance planning so you focus on revenues.

According to a report by Verizon, 80% of data breaches are caused by weak or stolen passwords. In addition, the report found that 60% of users reuse the same password across multiple accounts, making it easier for hackers to access multiple accounts with a single stolen password.

Maintaining good password hygiene is essential to protect against these threats and keep your accounts secure.

Weak or compromised passwords can be easily cracked, allowing cybercriminals to gain access to our data and steal our information. Here are a few password hygiene best practices to consider,

Use Strong Passwords

Using strong passwords is one of the most crucial steps in maintaining good password hygiene. A strong password is one that is long and complex, using a combination of letters, numbers, and symbols. Avoid using easily guessable passwords, such as “password” or “123456,” and avoid using personal information, such as birth dates or names.

Update passwords or revoke access when employees leave the organization

Changing passwords regularly is another essential step in maintaining good password hygiene. It is recommended to change passwords every 90 days or sooner, depending on the level of security required. Passwords need to be updated regularly and access to data has to be revoked when employees are no longer authorized to access it. However, this important step is often overlooked. This is especially an issue in SMBs where the staff is pretty busy and turnover is high. They are too busy to remember to change the passwords once a staff member quits, leaving their data vulnerable. So, next time the new intern finishes their stint with you, make sure you change the password and revoke their access.

Enable Two-Factor Authentication

Two-factor authentication adds an extra layer of security to your accounts. It requires you to provide a second form of identification, such as a code sent to your phone, in addition to your password. Two-factor authentication makes it harder for hackers to gain access to your accounts, even if they have your password.

Don’t Reuse Passwords

Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. Using the same password for multiple accounts is a common mistake that can compromise the security of all your accounts. If one account is compromised, all accounts using the same password are also at risk. Using a unique password for each account decreases the amount of damage that can be inflicted in the event that one password is compromised.

Avoid Writing Down Passwords

Writing down passwords is a risky practice. It is easy to misplace or lose the paper where you wrote down your passwords. Avoid writing down passwords, and if you must write them down, keep them in a secure place, such as a locked cabinet. This applies primarily to an office environment, where desks, files and notepads are in open view and available to all.

Don’t share your passwords

Never share your password. If you need to give data access to multiple people, make sure each one of them has their own access credentials. This creates an audit trail and helps trace the data breach back to its origin if it occurs.

Be Wary of Phishing Scams

Phishing scams are a common way for hackers to gain access to passwords. Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine.

Effective password management is an essential aspect of cybersecurity. With the increasing number of online accounts and services, remembering all those passwords can be a daunting task. Password management tools provide an effective solution to this problem. This blog discusses the benefits of using password management tools and some password management best practices to be followed.

Some of the key benefits of deploying password management tools are:

Enhanced Security

The primary benefit of password management tools is enhanced security. Password managers store passwords in an encrypted format, making them less susceptible to hacking and phishing attacks. These tools also allow businesses to generate and store complex passwords for their employees. As a result, businesses can ensure that their employees use strong and unique passwords for every account, reducing the risk of a breach.

Easy Password Access and Management

Password management tools offer an easy way to access and manage passwords. Rather than manually entering passwords every time an employee logs into an account, password managers automatically fill in the necessary information. This feature not only saves time but also eliminates the risk of human error.

However, there are a few things to consider before you invest in a password management tool.

One of the things to consider is a security breach. Password managers are third party platforms. If your password management experiences a security breach, it can put all of the stored passwords at risk. Additionally, if the tool goes down, you may not be able to access your accounts.

Secondly, while password management tools reduce the risk of human error, they are not foolproof. Employees may still make mistakes, such as sharing their passwords or writing them down, which can compromise security. Additionally, if an employee forgets the password to their password manager account, it can cause problems. Hence it is important to ensure that you have good password hygiene in place.

Password hygiene refers to the practice of creating and maintaining strong passwords and protecting them from being compromised. It involves using unique and complex passwords for each account, changing passwords regularly, and storing the passwords securely so it isn’t accessible to unauthorized entities.

Malware is a generic term that covers all manner of software that is designed to attack your devices, applications, programs, and networks. It is software that has bad intentions. Yes, stealing. Either by directly pulling money out of accounts, or improperly acquiring data that ultimately provides access to funds. Example: Stealing your SSN and setting up a credit card to use that info, or convincing you to provide the password to your checking account. Others will snatch your organization’s data and hold it for ransom. As usual, it is all about money. What can you do?

Nine steps to avoid malware

1) Don’t go it alone – As a small- to medium-sized business, you have limited resources, all of which need to be focussed on running the business and planning for the future. That makes it difficult to direct an IT operation that has the depth to address all of the security issues you face. For example, a business owner cannot possibly keep up with the changes and details of tax laws. Doing it themselves, they would likely overlook important tax advantages or inadvertently break some IRS rule. As a result, tax preparation and accounting above the level of basic bookkeeping is outsourced to an outside accounting firm. You should consider looking at IT in the same way.

2) Pay attention to those update windows – Don’t procrastinate. Those update requests aren’t just for adding a new feature. Each update probably addresses some vulnerability in the software that could be exploited by a virus. You may also want to consider outsourcing this project. In a complex business, there is a long list of installed software that needs to be updated. An MSP can coordinate that project and handle any glitches that appear when an update is installed. Also, be mindful that if you permit BYOD- all of those remote devices are vulnerable if their owners neglect updates.

3) Multi-factor Authentication – It is getting tough to log into much of anything these days without hitting MFA. And for good reason. MFA is a tool that works to cut down fraud by asking for additional data to verify your password in order to gain access. Generally it involves entering a password then following up with a token you might be sent via text or email, or using a biometric measure, such as a fingerprint. An MSP can provide applications that can set up MFA to protect your data.

4) Create a strict backup policy and follow it – Data can get corrupted, lost, or stolen. Handling backups is more than just downloading data to a hard drive every evening. An MSP can provide you with the tools needed to handle backups appropriate to the needs of a business operation or take on full responsibility for the task.

5) Manage access – Who can look at what data? In a smaller business, we often just provide access to data to an employee or we don’t. Why? Because it is simple. Instead, tighten your security by segregating data access. Individuals get access only to the data needed as defined by their job description. Follow the Principle of Least Privilege. That is, each individual only has the access to accounts, databases etc. that are absolutely necessary for them to do their assigned tasks.

6) Train everyone on basic data security – Humans are still a very weak link in an organizations defense against cybercrime. Poor password hygiene and inattention to scams are the biggest concern for business owners. Here are some areas where training can help.

7) Identify phishing emails – These are mails that appear to come from legitimate sources, but are faked. Because the reader trusts the sender, they naively open a link that might be attacked which then downloads some forms of malware.

8) Prevent a “Lost” USB – Too often, individuals will find a USB drive left near a desk or dropped somewhere. The temptation to insert it into their computer to see what’s on it can be very hard to resist. This was part of what caused the Target data breach.Train employees to only insert company verified hardware into their computers.

9) Password etiquette – Define standards within your organization about acceptable passwords. An MSP can help you set up programs that require employees to create passwords that meet your defined criteria. Also, consider fostering a culture that makes the sharing of passwords a performance issue that will be addressed by an individual’s supervisor.

10) Take the step beyond anti-malware software – Anti-malware software is necessary, but it isn’t as proactive as one might want. Your MSP can design an endpoint detection and response solution.

Listen to the news? Read the internet? You know cyber crime is a very big business. Hackers and criminals are out there doing all sorts of nefarious things. Most generally, you hear that malware is some kind of virus that attacks your software programs, infects your hardware, and bungles up your network. But there are many different types of malware, just as there are many types of criminals–each with their own MO and bad intentions. In this e-guide, we will run through some of the major categories of malware, and then suggest 7 different ways you can work to protect your business from malware.

Malware defined – Malware is a generic term that covers all manner of software that is designed to attack your devices, applications, programs, and networks. It is software that has bad intentions. Malicious + Software= Malware. Hackers and criminals create malware for an array of reasons. Some may create it just to attack massive amounts of machines just to show that they can disrupt the cybersphere. Other malware may be created for political reasons. The major reason criminals create malware? To make money without earning it. Yes, stealing. Either by directly pulling money out of accounts, or improperly acquiring data that ultimately provides access to funds. Example: Stealing your SSN and setting up a credit card to use that info, or convincing you to provide the password to your checking account. Others will snatch your organization’s data and hold it for ransom. As usual, it is all about money.

FUN FACT: Before the internet, passing around malware to infect a PC meant a criminal had to find a way to infect a floppy disc and trick users into inserting it into their computer. One of the first was created by a high schooler in the early 80’s. It was relatively benign and just created a pop-up with a Seuss-like poem

“The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!”

Unfortunately, most viruses now have far more nasty intentions, and the internet has made it much easier for criminals to break in. No waiting for you to insert a disc drive to steal your data, disrupt your internal business operation, or take down your website. One bad click and you’re in trouble.

Malware is a general term and there are several types.

VIRUS – Like the pathogen we associate with human disease, a virus is a “piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.” Source: https://languages.oup.com/google-dictionary-en/.

A characteristic of a virus is that it requires the user to take some action for it to infect your hardware, software, network, etc. For example, inserting an infected thumb drive or clicking on a link found in an email.

ADWARE -Adware is less a type of malware than a symptom created by the infection. Adware invades and then drives the user crazy with endless pop-up advertisements.

WORMS – Similar to viruses, worms replicate and attempt to cause damage but they don’t require a user action. Worms find vulnerabilities or holes in code that allows them access.

TROJAN HORSE – Yes, named after the Greek myth, Trojans trick you into accepting something you want, but inside it has bad intentions. A trojan refers to the method the cybercriminal uses to get you to download a virus or other infected program, rather than the nature of the specific virus.

KEYLOGGERS – This is malware that can track your keystrokes. This particular malware’s goal is to track your keystrokes and identify passwords or credit card information, and then log into your accounts.

RANSOMWARE – If there was any malware that gets more media attention, we aren’t aware of it. And it deserves everyone’s attention. Unlike some other forms of malware, once this has invaded, there is very little you can do to eliminate the virus. Ransomware sneaks in, snatches your data and holds it for ransom. Unless you choose to pay the ransom fee, usually in some cryptocurrency, you are out of luck. In the specific case of ransomware, prevention is the key. Having clean backups of your data which are kept continuously up to date is about the only way to sidestep a ransomware attack on your data.