Layered approach: Security is about more than antivirus

Ed Bott

If only online security issues could be solved with sorcery: a magic wand, some incantations, and poof! Troubles disappear.

Sadly, magic only works in books and movies. Out here in the real world, the bad guys always have the advantage, and you need more than wizardry to keep them off your network.

Criminals that ply their trade in cyberspace are mostly driven by economics. They might be after the banking credentials for your small business, so they can drain funds from online accounts. If your business is connected to sensitive industries, the bad guys might be foreign agents, intent on stealing secrets. Or maybe they’re in the ransomware business, hoping to encrypt one of your PCs so they can demand a ransom to unlock it.

If you think antivirus software is going to stop all those threats, think again. Even the most successful antivirus program is only about 90% effective under the best of circumstances.

Yes, your business needs antivirus software, but a well-rounded IT security strategy includes multiple additional layers, each working in concert with the others.

Here are four crucial ingredients that must be included in that mix.

1. A comprehensive update strategy
Every year, security companies review the data they collect from virus-infected PCs, and every year the results prove the same depressing truth: Most “drive-by” infections are the result of an exploit that targets a flaw in the operating system or a piece of installed software. And the overwhelming majority of infections were only possible because the owner of the infected PC had failed to install patches released months or years before.

The moral for IT pros is simple: Keep every PC up to date. That includes the operating system, applications like Microsoft Office, and commonly installed software add-ons such as Adobe Flash and Oracle Java. And make sure to check the update status of every PC regularly, either manually or with the help of centralized management software.

2. Robust email filters
What does email have to do with security? A lot, as it turns out.

Email attachments are among the most popular vectors for spreading malware, usually in the form of misleading executable files (Trojan horses) and booby-trapped documents, in PDF and other common formats. The best way to protect your network is to have your email provider or gateway detect suspicious packages and remove them before they can get to your users’ mailboxes.

3. Standard (not administrative) user accounts
Even if someone in your organization is tricked into running malware that your antivirus software doesn’t block, you can limit the damage. The most important change to make is simple: set up standard user accounts, and reserve administrator accounts for those times when you really need to change something. If malware can take over a user account with administrative privileges, it can wreak havoc on crucial system functions. Don’t let that happen.

4. Know your network
Even in the best-run business, it’s possible that a virus or other malicious software will slip past your defenses. In fact, you should assume that’s a possibility and review network logs regularly to detect strange behavior. Is someone from outside your network making inbound connections at odd times? Are files being transferred outside your network. This type of activity can be an early warning sign of a network compromise, and the best way to find out about it is before you get a call from your bank or the FBI.

–––––––––––––––––––––––––––––––––––––––––––––––

Want to know more about security? Then check out the videos serious by our security lead, Ian Trump…