Identify and immobilise viruses or other malicious software before it has a chance to cause harm.
What is malware?
Malware is short for malicious software, which is software that is designed to cause harm by disrupting, damaging or gaining access to a computer, without the owner’s knowledge. Malware typically consists of code developed by cyber attackers, designed to cause extensive damage to data and systems, or gain unauthorised access.
Viruses, worms, trojan horse, spyware, adware and ransomware are all different types of malware that cause harm in different ways.
To combat these threats, Windows and macOS devices must have an anti-malware software program (sometimes called a solution) installed. This program needs to be set to detect and prevent malware from running. Please note that although a virus is just one type of malware, ‘antivirus’ is a commonly used term interchangeable with anti-malware (software) and will combat all types of malware.
For all other devices, smartphones, tablets, Chromebooks etc., you should only use apps that are from a recognised app store and maintain an approved list of trusted apps for carrying out your organisation’s work.
How does malware get onto my device?
A common way that malware could get onto your computer is through a phishing attack. This could be in the form of an email from someone pretending to be your bank or another trusted institution. The email will generally ask you to open an attachment or click on a link, and if you do, it will try to install the malware onto your device. If you are using your computer with a regular user account as opposed to an administrator account, malware will not be able to download without the administrator password.
Other common ways to infect a computer device with malware is through clicking on an advert that appears on a website, or downloading software from a non-manufacturer approved source. Your computer could also be infected with malware from a removable storage device such as a USB stick; many companies have banned USBs for this reason.
Protect your laptops, servers and desk top computers with anti-malware software
Many operating systems have anti-malware already installed. Windows 10 has a product called ‘Defender’ which meets the requirements set out in Cyber Essentials. Apple devices were previously considered to be a ‘safe bet’ and ‘immune from viruses’. This is certainly no longer the case and, despite modern Apple Operating Systems containing anti-malware mechanisms, it is strongly advised that people use an additional third-party program to ensure maximum security.
Anti-malware software will monitor your device for any malicious activity, if it finds anything, it will destroy or secure it before it causes any harm. There are many anti-malware products available to download on a subscription arrangement. Some are even free. McAfee, AVG and Sophos are just a few well-known names.
Malware is continually evolving, so it is important that the supplier includes malware detection facilities that are updated as soon as possible.
Most anti-malware software is set to scan files automatically upon access, this means that before any file is downloaded, it will be scanned for malware. Although this is often the default setting, it is worth checking this setting in the software configuration screen.
Your anti-malware software should have the option that you can enable, for your internet browser to scan web pages you visit and prevent access to known malicious websites. On Windows 10, SmartScreen can provide this functionality.
Protect mobile devices
For mobile devices, anti-malware strategy focuses almost entirely on controls or polices that dictate which applications or apps you allow to be installed on devices that access organisational data and services.
- Only apps which have been application signed and provided by the official app stores can be installed.
- Only apps from an approved software list can be installed. An approved software list is a list maintained by the organisation identifying reputable trusted sources from which software can be downloaded . This typically includes the Google Play Store and the Apple App Store.
Manufacturer approved software
You should only use software that is from an official source that is approved by the manufacturer/vendor. This way, you can be confident that the thousands of lines of code are not designed to harm your device or data. Some examples of official sources include the Google Play store and the Apple app store. Software acquired from questionable sources may be counterfeit and unlicensed. Not only will it be of an inferior quality and unable to receive ongoing support, but there is also a high chance it will contain malware.
Help and support
There are over 300 specially trained cyber security companies around the UK who are licensed to certify against the Government’s Cyber Essentials Scheme. They can offer help and support in preparation for the assessment. Find one near you.
For questions and feedback about the Cyber Essentials scheme, contact IASME at [email protected] or Tel: 03300 882 752