Our organization is seeing a steep increase in system malware attacks, almost all of which are avoidable. To be blunt, the cost of malware to both personal computers and business is almost incalculable.
Although a well designed malware will not cause damage, most are not well designed. The result is lost time, productivity, and money as your systems are rebuilt. Many present no indication of their presence except for "it crashes a lot", or "it's a lot slower lately". But these are the benign symptoms of infection. Malware can harvest all of the data on your computers, your servers, and everything that passes along your network–including usernames and passwords. Cryptolocker-style malware encrypts your hard drive and backups, holding them hostage, until you pay up (in bitcoin, no less).
If you are ready to take back your power over your systems, here are my IT 10 commandments:
- Thou shalt have only one person or team supporting the system.
(Too many chefs spoil the broth.)
- Thou shalt log in as a non-administrator.
Most malware takes on the power/authority of the currently logged in user. If logged in as an administrator, malware has unquestioned control over the entire system. If logged in as a non-administrator, although the users directory may be toyed with, the system and applications are protected.
- Thou shalt update system and applications ASAP.
The #1 reason updates exist is to resolve security holes. The faster the updates are installed, the more secure your system.
- Thou shalt application whitelist.
Anti-Malware software, at best, can only catch known malware. This allows a large window of opportunity for unknown malware to wreck havoc. An application whitelist specifies which applications may be launched. In this way, the launching of unknown malware may be stopped.
- Thou shalt store all data on encrypted storage devices.
Should your device be lost or stolen, encryption prevents unauthorized access to the device. Without encryption, the device may be accessed, allowing easy unauthorized access to your network by both human and malware.
- Thou shalt have quality anti-malware active at all times.
- Thou shalt use strong passwords.
A minimum of 14 characters, in an easy to enter, easy to remember phrase.
- Thou shalt backup daily to both local and Internet.
Backups should keep historical archives of deleted and modified files–a lifesaver in the event of infection or corruption.
- Thou shalt permit only company equipment on the company network.
None of the previous steps will protect the systems should a malicious device access the network.
- Thou shalt use company equipment only for company business.
Social media sites, adult sites, entertainment sites, email from friends, all open a wider door to intrusion.