|
Webroot guide to beating business malware
16/04/08
Webroot has
issued a white paper entitled 'How to Protect Business from Malware
at the Endpoint and the Perimeter' that includes four key tips to
protect enterprises and SMEs against malware infection.
This
objectively written white paper gives businesses the essential
information to help them make informed decisions about their options
for tackling the ever-growing onslaught of malicious content on
their systems. The numbers of malicious programs in circulation have
now reached epidemic proportions with the Webroo Threat Research
Centre identifying almost 5.5 million individual malicious programs
during 2007. At its peak the team found 1,000 new variants of
existing malware in just one day.
Based on
independent industry research from analyst firms worldwide, such as
IDC and Forrester Research and the expertise of the Webroot Threat
Research Centre in Boulder, Colorado, the white paper identifies the
top four threats to enterprises and SMEs; outlines the criminal
creativity behind malware; provides a glossary of terms used within
the industry and highlights the need for businesses to focus on
email security, as well as drawing attention to regulatory
requirements and recommendations.
Four tips to protect your business against malware:
* Be Above
Average with Standards: follow best practices provided by the
Payment Card Industry (PCI) Data Security Standard, the widely
accepted British Standard BS7799 for information security management
or the International Standards Organisation issued ISO/IEC 27001.
* Get an Edge
with Technology: maintain up-to-date detection patterns and software
updates of anti-virus and anti-spyware products; select desktop
security software that can be centrally deployed and managed;
maintain current operating system and browser patches to minimize
vulnerability to security exploits; ensure web browsers are set to
at least 'medium' in the security and privacy settings; do not allow
users to surf the internet while logged on with 'administrator'
privileges to the network; maintain a list of allowable software
and/or executable files and run a weekly scheduled check against PCs
in the network, check results for non-standard entries and take
appropriate actions to remove unapproved programs; consider
re-imaging chronically spyware-infected PCs.
* Block Spam
at the Perimeter: if you don't have internal expertise, consider a
SaaS-based email or web security solution; configure gateway proxies
and firewalls to prevent 'drive by' downloads, executable downloads
from known spyware sites or PC communication to known spyware 'phone
home' sites or large numbers of email emanating from one PC, i.e.
Spam; scan files at the perimeter for known spyware and virus code;
maintain strong anti-spam protection with filters to prevent
drive-by attacks, DoS, registry harvesting or network slow-downs.
* Proactively
Educate Employees and Staff: require network users to agree to an
'Acceptable Use Policy' indicating unauthorized programs can be
blocked; teach employees and other computer users to understand that
many 'free' programs and services on the internet install spyware
that drastically slow PCs, install annoying pop ups and steal
private and corporate information; ensure IT support staff are
trained to recognize the less overt spyware symptoms, including very
long boot up, slow and erratic application performance and frequent
computer crashes so that proper remediation can be taken.
www.webroot.com/uk
Nick Gibson, editor
|
