Oct 102012

In my article, 5 Step Data Security Plan for Small Businesses, I discussed the importance of installing virus and malware protection on your computers, mobile phones, network, etc.  In this blog post, I am going to review the ins and outs of virus and malware protection.

Virus and malware programs can do a lot of damage by spreading and infecting multiple computers, removing/destroying data, capturing sensistive data from your computer such as passwords, in some cases disabling your anti-virus software, and much more.  So it is very important that you take the following steps to protect your sensitive business data while avoiding having to rebuild systems destroyed by viruses and malware.

  1. Ensure all your computers, mobile phones, network computers, firewalls, etc., have up-to-date virus/malware protection software installed and are routinely updated on a fixed schedule.  Note:  You may want to test security updates yourself or subscribe to a security patch white listing service to ensure all updates run smoothly in your environment.
  2. If you run a Microsoft environment, makes sure MS security updates are enabled.  See the note in number one about updates.
  3. Scan all email attachments before they are uploaded into the individual’s inbox.  This can be done via virus protection software or a third party service.
  4. Setup automated tools to monitor that all installed virus/malware protection software is up-to-date. 
  5. Do not allow auto-run on computers for removable media (CDs, DVDs, thumb drives, etc), and make sure virus protection automatically scans all removable media. 
  6. Your network admin should routinely monitor all outbound and inbound network traffic for unusually large, encrypted, or generally unuusual traffic.  In addtion all network logs should be routinely reviewed for security incidents.
  7. Monitor all virus/malware intrusion detection events.  For repeat events determine the problem and correct it.  For example employees visiting a website that routinely infects their systems. 
  8. Monitor third party security websites for the latest in virus/malware security incidents.  Virus Bulletin, SecurityFocus, McAfee are examples. 

Follow these steps and you will protect your sensitive business data from virus and malware attacks.  And as always if you have any questions or comments, please feel free to add in the comments section below.