malware protection imageMalware Prevention

Malware is the catch-all term for any code or suspicious content that could have malicious or unwanted impact on systems. Any exchange of information carries with it a degree of risk that might subject your business to malware, which could impact your systems and operations. This risk may be reduced by implementing appropriate controls through 'defence in depth'.

Common Malware Vectors

Malware infections range through available opportunities, but are commonly found in:

How can the risk be managed

Blacklist malicious web sites: Ensure that the perimeter gateway uses blacklisting to block known malicious sites.
Manage all data import and export: All data should be scanned for malicious content a the network perimeter, whether its the internet gateway or systems that can introduce removable media.
Develop and implement anti-malware policies
Provide dedicated media scanning operations: Standalone workstations can be provided and equipped with appropriate anti-virus tools. The workstation should be capable of scanning the content contained on any type of removable media and inspect recursive content within files.
Establish malware defences:

User education and awareness

Users should understand the risks from malware and the day-to-day processes they can follow to help prevent a malware infection from occuring. Training should contain the following: