Executive Hire News › Archives › September 2019 › Executive Report : Virus vigilance
Executive Report : Virus vigilance
Adam Bernstein offers advice on how to safeguard your computer systems from viruses and other online threats.
In recent years, computer viruses and other forms of attacks like Trojans and phishing have wrought havoc. From keyloggers that secretly record keystrokes, to ransomware such as CryptoLocker that encrypts data and demands payment to decrypt, all businesses are at risk.
At the end of January 2019, tyre-fitter Kwik Fit confirmed that its network had been infected and its systems knocked offline for a few days. The company was forced to cancel bookings and customers vented their anger on social media. In the same month, Forbes.com ran a story - ‘Hackers Take Control of Giant Construction Cranes’ - noting how two Italians, with consent, wirelessly took control of a crane. If it can happen to a crane, it can happen to a computer. So, what can independent hirers do to stay virus-free?
1. Install protection. The first sign might be a computer running slowly or behaving peculiarly. Some viruses are irritating, while others are a serious threat. No form of inoculation can ever be perfect, but installing an anti-virus package from a reputable software vendor is an obvious step to take.
2. Update and scan. The key to success with anti-virus software is to keep the application updated and to regularly scan computers. A computer virus is no different from those that can infect a living organism: over time it morphs as the designers seek to work around the security protections. Regularly scanning a computer or network for downloaded or installed threats is essential, but scans are intensive and can cause a system to slow, so should be timed for off-peak periods.
3. Update the operating system. Any software system needs regular updating. They run to millions of lines of code and vulnerabilities can be found with surprising regularity, which is why developers regularly issue software updates to fix security issues.
4. The network is at risk. One of the biggest mistakes a user can make is to not secure their network, leaving online devices permanently under threat. The problem is exacerbated when devices are left with both default names and default passwords. Hackers will know how to attack what they find. It is, therefore, critical to change names and passwords as soon as the hardware is connected. Wi-Fi, once set up, should not broadcast its existence. This means turning off the SSID (service site identifier). Passwords should be strong - at the minimum WPA or WPA2 encryption. If visitors connect to your network, ensure you use a router with a guest network allowing access to the web and nothing else.
5. Strong passwords. The same passwords should never be reused, as multiple accounts could be at risk. To create a strong password, avoid using names, places, pets or dates of birth. Use a mixture of upper case, lower case, numbers, and symbols, or use an online password generator. Passwords should be changed frequently
- and when employees leave.
6. Put sites off limits. It’s important to ingrain caution within staff, ideally by a policy covering what they can and cannot do online. This means detailing which websites can be visited, that no software is to be downloaded or installed, and that emails with attachments should be quarantined
7. Be private. Human error is one of the biggest risks, so staff should be made aware of ‘social engineering’ where a plausible caller can persuade people to give away private data. Employees should never give any private information out without being certain of the person or organisation asking. Care should be taken over what businesses (and individuals) post online or via social media.
8. Employees’ devices. Another threat comes from staff connecting their own devices to the company network or their computer. Thought should be given to limiting access to the firm’s Wi-Fi or physical network. The same applies to USB devices: a fraudster might drop a USB stick in a car park, hoping that someone will pick it up, want to see what’s on it, and connect it to their computer.
9. Back up. Systems can and do get compromised, so planning for the worst is essential. Backing up data onto several separate devices, regularly and keeping them off site at different locations, is critical. Consider a combination of methods such as external hard drives, a remote computer and cloud storage services such as Dropbox. And encrypt the devices in case they fall into the wrong hands. •