cyber attack

Attaques par maliciel : trois façons de protéger votre entreprise

par David Chernicoff

Sommaire

Attaques par maliciel : trois façons de protéger votre entreprise

Temps de lecture: 2 minutes

There was a time when malware was released in the wild as a prank by hackers with nothing better to do. But these days, advanced malware attacks are big business — from applications designed to steal your company data to lock down your systems for ransom, or steal passwords and direct financial information.

Malware infection relies primarily on two avenues: social engineering and exploiting bugs in commonly used applications. To defend against malware infection, you need a three-pronged approach: user education, anti-malware software and up-to-date applications / IT awareness.

Educate users

Every user knows the number one rule for preventing a social engineering attack on your business — never click on a link in a suspicious email. Of course, the chance of receiving a convincingly authentic email from within your business, or from a resource such as your bank, that contains a link to malicious software is significantly greater than it once was. Hackers have developed much more insidious ways of gaining your confidence and getting you to click on something you shouldn’t. As phishing attacks get smarter, continuing education for your employees (and preferably not in the form of generic emails), will go a long way in preventing advanced malware attacks.

Use anti-malware software

Security software has gotten increasingly better at preventing these advanced malware attacks. You expect your antivirus solution to scan any files you move across the network. But catching, quarantining or removing any suspect files is a different beast entirely. The latest generations of these software suites scan the contents of documents, both to prevent phishing attacks and to check on the reliability of links to external sites or attached files within the documents. There was a time when increasing the amount of scanning you chose to do on network traffic for security purposes would have a negative impact on your user experience, but the latest generations of security tools, both hardware and software, are aimed at speed and performance — the scanning is done so quickly that the speed of data transmission isn’t impacted.

But sometimes you’ll need an additional level of security. Consider running antivirus/anti-malware/anti-spyware applications on every user system, providing a backstop for anything that might get past your established perimeter and network security.

And keep it updated

The final — and arguably the most important — prong of the threat-prevention trident is updating everything. Updates are released regularly for operating systems, applications and even other digital components such as app plugins and features. Patch Tuesday is well known in the IT world — a day when Microsoft regularly releases patches and updates that fix problems and vulnerabilities in their applications and operating systems. But, of course, if the threat is strong enough, Microsoft and other providers will release an immediate fix in order to prevent a widespread vulnerability.

It is absolutely critical that your IT stays on top of every update and patch issued for your applications. A single vulnerability can be the source of endless headaches, which is why limiting approved applications within your network is important.

Unfortunately, there still exists the issue of zero-day exploits. A zero-day exploit takes advantage of a previously unknown vulnerability to provide an avenue for attack. The name zero-day describes the amount of time that is available to fix the flaw before it is made public. A good example of a zero-day vulnerability is the WordPress exploit that was discovered at the beginning of February 2015, which exposed as many as half a million sites to infection.

Maintaining a vigilant security posture means staying up-to-date on the latest zero-day exploits and security news. Perusing sites like Threatpost in addition to your security vendor web sites, along with security alert newsletters and updates from vendors whose products you use, are all good ideas. Adding as much layered protection to a data security plan with well-defined responsibilities will help you on the way to a comprehensive threat defense.

Start the security conversation

Strengthen your IT security with a combined effort.

View cybersecurity services

Recommandé pour vous

Pourquoi les petites entreprises doivent prendre au sérieux la sécurité de l’information
Pourquoi les petites entreprises doivent prendre au sérieux la sécurité de l’information

Pourquoi les petites entreprises doivent prendre au sérieux la sécurité de l’information

Data security breaches are likely inevitable. It takes powerful resources skilled in data security and steady monitoring to confront today's threats.

Raisons de numériser vos documents papier et marche à suivre pour le faire
Raisons de numériser vos documents papier et marche à suivre pour le faire

Raisons de numériser vos documents papier et marche à suivre pour le faire

Digitizing paper documents can be a game changer for your business. Learn the benefits of digitizing documents and how your workflows can be improved.

L’entreprise Ricoh est nommée chef de file des services de gestion de l’impression
L’entreprise Ricoh est nommée chef de file des services de gestion de l’impression

L’entreprise Ricoh est nommée chef de file des services de gestion de l’impression

Dans son rapport Market Insight de janvier 2024, Keypoint Intelligence a classé Ricoh à titre de chef de file des services de gestion de l’impression. Consultez le rapport pour obtenir tous les détails.