Technology

A CRM Software, ERP Software and Technology Blog

CRM
Home About Contact Privacy Terms Sitemap  

 

Blogroll

 

Cool Companies

 

 

Salesforce.com User

 

 

W3C

 

 

Routine and Regular Malware Training Key to Prevention

If a virus or malware hasn't hit your company yet, it will; Prevention is the key

Your business trains your staff about sales techniques, using software applications that affect their jobs and how to operate basic office hardware, from desktop computers to telephones. That's a great start, but do you also give your staff basic and important lessons in information security so they don't inadvertently acquire a computer virus or other malware payload? If you don't, your IT infrastructure is an accident waiting to happen.

Too many IT managers assume their staff take necessary precautions, follow IT policy and know the signs of malware. This often just isn't the case. What's needed to ensure consistent performance and appropriate security is user training and periodic refreshes in computer viruses, malicious software and other security bugs that can quickly infect staff machines before moving on to your entire network.

All it takes is one careless user to bring chaos to the company network, and possibly put data at risk.

Why do I bring this up now? Recently a user in our company typed in a Google search term and then clicked on the first link that appeared to have what he sought and was immediately greeted with a downloaded file that he didn't ask for. It began quickly flashing colorful warning pop-up messages that declared his PC was "infected" by viruses and it urged him to "click here" to fix the dangerous situation. He knew not to click on anything, to avoid making the situation worse.

He did a CTL-ALT-DEL immediately and was able to halt the process that had attacked the PC, then jumped right into an update of an antivirus and security suite's virus signatures so he could be sure that the malware would be squashed. Within a few minutes, all was fine. The antivirus application notified him that it found an "HTTP Fake Antivirus Web Page Request" from a site called bestfastclean which was listed as a known malicious Web site. The threat was listed as severe, which I believe as it took some very fast countermeasures to halt.

Fortunately, this user was an IT staff person. What did I learn from this wake-up call?

First, quick action is essential in the event of an unknown malware attack. I was lucky that the user instinctively reacted and was able to stop the threat. It made me think, however, whether other employees sitting at their desks would have been prepared to handle such an incident. My feeling is that if this happened to someone not deeply versed in software use, safety and threats, the malware would have found sanctuary in the users PC and began its slow and methodical propagation across the corporate network.

That lead to the next thought that we are likely not spending enough time training our staff in what to do in the event of such an IT threat. This was our wake up call to recommence our periodic user information security briefings. As you've probably has similar occurrences in your company, although you may not be aware of them, this might be a good opportunity for you to do the same. Get information security refresher courses on your IT training agenda for everyone inside your company, from the secretaries to the sales and marketing people to the executive team.

Your staff need to know how to react, when to react and how to avoid dangerous Web sites. They need to understand what Web sites to always avoid, and how to stick with safe, credible sites to maximize your company's information security. Your staff need to explicitly know what they are and are not allowed to do using your business' computers and network, from not downloading music and video and picture files from unknown Web sites to any other rules in place. If you don't tell them specifically, they won't know specifically, and if you don't periodically remind them, compliance will fade over time.

Your staff don't require the knowledge of your IT team, but they should know enough to help protect your company, its network and the operations you all need to do your jobs. They have a critical stake in all of this and must understand security is as strong as the weakest link. It's up to you to make sure they are aware of the risks they can inadvertently introduce through a simple process such as a Web search.

These real world events are also an opportunity for the IT team to review and test backup procedures. While our own internal testing demonstrates backed up data is complete, we're not investigating additional online tools. We're searching for online back-up sites which automatically back-up and store user files remotely, adding the protection of remote storage to our back-up mix. We're currently looking at SugarSync, Mozy, Dropbox, Jungle Disk and Carbonite, as well as a few others. With plans that are free or as little as $3 or $4 a month, there are no more excuses for not using a remote back-up site anymore.

Malware attacks can happen to anyone, and they do, every day, everywhere. To survive them, be sure that your staff get the training they need to protect your business and its operations before they're encountered.

 

 VladimirBlog.com | CRM Software, ERP Software & Technology Blog