How often do you think about malware? Do you consider it a threat to your operations? Do you have a strategy to prevent malware attacks and deal with them if they do occur? Is your strategy up to date?
Internet security firm Webroot reports that while 70 percent of organizations have security in place to protect against malware attached to email messages, only 15 percent of malware is delivered by email. The other 85 percent of malware comes from the World Wide Web, attached to documents, games, applications, browser add-ons and even purported anti-malware programs. Social media websites—often accessible from workplaces—are a “hotbed for malware”.
What’s malware? Wikipedia says:
Malware, short for malicious software, is a software designed to secretly access a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. … Malware includes computer viruses, worms, Trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or programs.
In a recent study, the security firm found that one-quarter of organizations had experienced a malware attack via the web that compromised confidential company information, threatened sensitive online transactions or caused a web server outage.
And while employees are usually the ones who open the door to malware—by accessing personal email, social media or videos—it’s up to organizations to lock and alarm the door. That means a strong set of policies and the actions required to enforce them.
See Webroot’s whitepaper, State of internet security: protecting the perimeter, for more information. (It’s a PDF.)
And see Information Technology PolicyPro for a thorough guide to IT policy, including physical and systems security, data security, network security, monitoring and evaluation and much more.
Adam Gorley
First Reference Human Resources and Compliance Editor
