When you have a computer, you install software on it so that it can perform whatever tasks want it to. The problem is, criminals are also trying to install software on your computer so that it will do the sorts of things they want it to do.
This category of software is called malware. That is short for malicious software. Viruses, spyware, worms and Trojans are all sub-categories of malware. It is all software that you wouldn’t willingly install on your own computer.
Computers these days are very powerful, and they happily run a number of programs simultaneously. This means that it probably won’t be obvious that your computer is infected with malware. Any changes in the computer are likely to be undetectable. This is because the criminals don’t want you to know that your computer is infected. From their perspective, the longer their software goes undetected, the better.
If your system gets infected with a piece of malware, you risk losing information that is vital to your business. Malware can take over your network and anything that is on your system is then available to the cyber criminals.
Before the widespread use of the internet, computers were often infected via floppy disks.
The floppy disk may have gone away, but the concept of moving files on a physical device certainly didn’t.
USB memory sticks (often called thumb drives) are everywhere. This is because they are a cheap, quick and reliable way to move large files from one place to another. An increasing number of devices, including cameras and phones, store data and communicate with the computer via the USB port. The growth in USB to move files didn’t go unnoticed by the criminals.
The Conficker virus was first detected in 2003 and is now believed to be the largest computer worm- style virus, with over seven million computers in 200 countries affected. This virus typically attacks systems through infected USB sticks. If the internet connection is the battlefront, the USB port is the vulnerable flank.
In early 2009, the New Zealand Ministry of Health’s computer network was infected by the Conficker virus, which took down parts of its system for 15 days. Like all large networks, the key points of access to the internet were securely connected. However, the most likely cause of the infection was an employee’s USB stick.
In the 2010 Computer Security and Crime Survey, conducted by the University of Otago, the most common culprit of virus and malware infection was via USB. One of the survey respondents put the cost of removing Conficker from their system at over $200,000. Yet over half of the respondents had no USB protection in place at their organisation.
So how can you ensure your networks stay safe? Some companies ban the connecting of non-approved devices to company equipment. This isn’t often practical in small businesses, where personal IT equipment is often interchanged with work equipment.
The most important security step is to ensure that you and your staff understand the computer security equation. Even apparently clean computers with security software can be infected by new viruses. Treat any computer as potentially infected.
Lloyd Borrett, the Security Evangelist at AVG (AU/NZ), knows all about the ebb and flow of the battle between the computer security vendors and the cyber criminals, and the value of vigilant staff.
"It’s important to properly arm yourself with the appropriate knowledge of what these guys are looking for,” he says. "If you can educate your employees about sharing files and hardware between work and home, you are one step towards making your vital data more secure.”
In addition to educated and vigilant staff, every business should be doing the following security basics:
- Keep your anti-virus and internet security software up to date.
- Have active firewalls. Most operating systems automatically install and activate the firewall. Don’t turn it off.
- Ensure your computers are set to automatically download important updates, and ensure staff aren’t ignoring the requests to do so.
- Encourage staff to maintain good security on the home computers.
If you need advice on how to keep your network secure, visit our website www.netsafe.org.nz NetSafe is an independent organisation that offers free, unbiased education and advice across a range of online issues.