Monthly Archives: April 2013

What is Malware and Why Should I Care?

Malicious Software or Malware is a serious concern to IT Security experts and business owners alike.  Malware is a category of Cyber Security threats that includes Viruses, Worms,Trojans and Botnets.  It is no surprise that the Computing Technology Industry Association (CompTIA) tenth annual IT Security Information Trends report placed Malware at the top of the list of security threats.  CompTIA cited that eighty-five percent of Business Owners and IT Professionals have a moderate to serious concern about Malware.  Why should you care?

Many times Malware intrusions will go undetected. Some malware may cause your computer to run slowly.  Some malware may be programmed to silently harvest privacy data from your hard drive, while other malware is programmed to destroy data on your hardware.  Other malware can turn your PC into a Cyber Hacker by exploiting security holes and using your PC to attack other PCs.

Costs associated with data breaches is estimated to be as high as a billion dollars each year.  Moreover, the number of Malware threats are exploding.  Symantec estimates there will be over 250,000 new threats (not attacks) identified on Android devices in 2012 alone.  What can you do to avoid Malware?

IT Security Risk Assessment

The reality is you can not afford to eradicate one hundred percent of all cyber threats, so you need to have a pragmatic plan for defending yourself.  Start by understanding your security risks by reviewing your core applications and data, policies and procedures, as well as, your network infrastructure.  You are as vulnerable as your weakest link.

IT Security Compliance

To protect your applications and their data, as well as your employee productivity, make sure all of your IT Assets are up to date with Operating System patches and updates.  IT Assets include desktops, laptops, servers, smart phones and tablet computers.  Also, keep your applications up to date with the latest updates.  Many of these security patches are designed to protect you from Malware attacks.   In addition, keep your Anti-Virus and Anti-malware subscriptions current to protect yourself from Malware threats.

Business Continuity and Disaster Recovery

If you are attacked by Malware you will minimize the impact on your business if you have a business Continuity and Disaster Recovery plan in place.  By understanding what applications and their data are most important, you can get up and running quicker, if you suffer a data loss.

Training

Train your employees about the importance of IT Security.  If they are aware of the exposure they are more likely to follow policies and procedures by accepting security patches, reporting infections and data loss.  Periodic trainings will serve as a better reminder than longer sessions once per year.


If you feel you may have malware infecting your IT Assets, or are concerned about what you would do if you lost data from a malware attack, you should contact your IT Support organization and request an IT Security assessment.

Business Continuity and Disaster Recovery Fundamentals

Business Continuity and Disaster Recovery planning is about making sure your company can quickly become  operational after a systems failure, natural disaster or other interruption.  A holistic approach is required to get your doors open and employees productive.  According to recent InformationWeek research, IT professionals polled about Business Continuity and Disaster Recovery are most concerned about protecting databases (68%), followed by email (45%), accounting data (39%) and network services (36%).

It is important to separate basic data protection from business continuity planning.  Most companies have some type of backup in place to provide basic data protection.  When data is lost in an isolated situation, such as a hard drive failure, virus infection, or a lost device, your local or online backup provides a reactive way to rapidly restore your data.  Business Continuity and Disaster Recovery provides a proactive plan to pragmatically reduce the risks of a disaster recovery scenario.  Here are some important considerations:

Business Continuity and Disaster Recovery Risk Assessment

Start by gaining an understanding of your environmental risks and exposure.  For example, the geographic area your business is located in,  may make you more prone to flooding, hurricane, earthquakes or fire.  These variables may raise your risks.  However, if you are adjacent to a hospital or fire department, you may have a lower risk of losing power during a disaster.

Tailor your Business Continuity and Disaster Recovery Plan to Your Company’s Needs

Evaluate your core systems to determine what applications and data you need to operate.  Basic services such as phone, email or order processing may put your business at risk even with the a brief outage.  If you are a manufacturing or retail business,  you may need to focus on supply chain integrity.  If you are in a highly regulated industry such as: finance, healthcare or government, you may need to focus on data recovery issues to ensure uninterrupted service.

Keep your IT Infrastructure Up to Date

Outdated and unreliable underlying technologies may not be compatible with the concept of IT readiness.  Older systems may be more vulnerable (e.g. malware attacks), less resilient (e.g. surviving a power surge) and make it a larger challenge to recover systems in the event of a disaster.  Keeping your IT infrastructure up to date and compatible with the latest compliance patches and operating systems will make it easier to bring new systems on line in the event of a disaster recovery scenario.

It is fundamental to your Business Continuity and Disaster Recovery plan to understand your risks, tailor your plans to meet your needs and make sure your infrastructure is up to date and supported.  If you have questions about your risks and exposure contact your IT Service professional to review your Business Continuity and Disaster Recovery plans.