Here is a copy of an article I wrote for LIA‘s magazine “The Financial Professional”
Once the realm of IT security professionals, computer security is now an issue and concern for all business people. Recent high profile security breaches such as those at eBay which exposed over 140 million users’ details, the Target retail chain in the US which resulted in 100 million credit card details of customers being stolen by criminals, and a US bank which lost over US $45 million within 24 hours. Nearer to home we have seen the Clare based Loyaltybuild company suffer a security breach late last year which exposed credit card details of customers and earlier this month the news headlines highlighted how police disrupted a criminal gang’s virus network which they used to steal over $100 million.
Cyber crime is now big business and criminals are looking to steal information such as financial details, credit card information, personal details, or any other information which they can sell or trade. These criminals are becoming more and more sophisticated and employ many different methods of attacking companies’ computer networks.
One of the primary weapons in their arsenal is the computer virus. While email has been the main method for the spread of these recent computer viruses, it is not the only method. A computer virus can enter a network by USB device, Internet download, visiting an infected website, instant messaging or messaging in social media platforms, file transfer and file sharing programs, or by remote users connecting directly to the corporate network with an infected PC. Once a computer virus gets into a network it can spread from computer to computer in multiple ways.
Given the numerous ways a computer virus can spread, how can a company ensure that its network is protected?
- Install Anti-Virus Software.
Ensure that reputable anti-virus software is installed on all computers. This should include all servers, PCs and laptops. If employees use computers at home for business use or to remotely access the network, these PCs should also have anti-virus software installed.
- Ensure that the anti-virus software is up to date.
Everyday new computer viruses are being released and it is essential that businesses are protected from these viruses by keeping the anti-virus software up to date. If possible, companies should look at policies whereby computers that do not have the most up to date anti-virus software installed are not allowed to connect to the network.
- Employ a firewall to protect networks.
As computer viruses can spread by means other than email, it is important that unwanted traffic is blocked from entering the network by using a firewall. For users that use computers for business away from the protection of the company’s network, such as home PCs or laptops, a personal firewall should be installed to ensure the computer is protected.
- Filter all email traffic.
All incoming and outgoing email should be filtered for computer viruses. This filter should ideally be at the perimeter of the network to prevent computer viruses. Emails with certain file attachments commonly used by computer viruses to spread themselves, such as .EXE, .COM and .SCR files, should also be prevented from entering the network.
- Educate all users to be careful of suspicious e-mails.
Ensure that all users know to never open an attachment or to click on a link in an email they are not expecting. Even when the email is from a known source, caution should be exercised when opening attachments or clicking on links in emails. Criminals use the trust placed in an email contact you know to trick you into clicking on a link or attachment.
- Scan Internet Downloads.
Ensure that all files downloaded from the Internet are scanned for computer viruses before being used. Ideally this scanning should be done from one central point on the network to ensure that all files are properly scanned.
- Don’t run programs of unknown origin.
It is important that you use a trusted source for your software requirements. This is to ensure that all software installed can be accounted for and that its sources can be confirmed to be legitimate. Apart from ensuring that the correct licensing agreements are in place, using a trusted supplier can help reduce the risk of software infected with a virus compromising your business. All users should be educated to never run a computer program unless the source is known or has originated from a person or company that is trusted.
- Implement a vulnerability management program.
Most computer viruses and worms try to exploit bugs and vulnerabilities within the operating system and applications that companies use. New vulnerabilities are introduced into networks every day, be that from installing new software and services, making changes to existing systems or simply from previously undiscovered vulnerabilities coming to light. It is important to regularly review your network and the applications running on it for new vulnerabilities. Any discovered vulnerabilities should be rated and prioritised regarding their criticality and the potential business impact they could have. Once this has been done, a plan on how to manage those vulnerabilities, either by patching, upgrading, or managing the vulnerability using tools such as firewalls or Intrusion Detection Systems should be put into place.
- Make regular backups of critical data.
It is important to ensure that regular copies of important files are kept either on removable media such as portable drives or tape to ensure you have a trusted source for data in the event that the network is infected with a computer virus. Not only will this ensure that important data is available in the event of a computer virus infecting the company’s network, backups will also enable the company to restore systems to software that is known to be free from computer virus infection. For added security you should store these backups securely offsite. That way should a major disaster happen to the business, e.g. the building goes on fire, the data will remain safe in the secure offsite location and can be restored quickly in a new facility
- Develop an Information Security Policy.
The creation and publication of an Information Security Policy is key to ensuring that information security receives the profile it requires in the organisation and is the first critical step in securing the company’s systems and data. It is important that senior management support the Information Security Policy and that all users are made aware of their roles and responsibilities under this policy.
- Monitor logs and systems.
Regular monitoring of network and system logs can assist in the early identification of a computer virus infecting the network or other attacks by criminals. Unusual traffic patterns or log entries could indicate that the network has been infected or that its security has been compromised. As well as monitoring for suspicious traffic and events, it is important that logs for other devices are checked regularly to ensure that the network remains protected. Log files for the backups should be checked regularly to ensure that the backups succeeded, likewise the log files for anti-virus software deployed should be regularly checked to ensure that all PCs are running the latest version of the anti-virus software.
- Develop an Incident Response Plan.
Knowing what to do when a computer virus enters the network or when you suffer a security breach is critical to minimise the damage they may cause, both to the business and also to customers and suppliers. The incident response plan should outline the roles and responsibilities that people have in the event of a computer virus infecting the network or indeed any other type of security breach. This plan should be drawn up and agreed between all relevant parties before an incident occurs. Remember, the worst time to develop a security incident response plan is in the middle of such an incident.
- Restrict end user access to systems
Where possible, end users should not be given administrative privileges to their workstations. Most computer viruses can only run in the context of the user that is logged into the system, i.e. they only have the same permissions as the user running the program. If that user has their access restricted, then the virus will be similarly restricted. Unfortunately many applications designed for the Windows platform require the end user to have such privileges; however these users should be the exception rather than the rule.
Cyber criminals poses a very real and constant threat to every business. It is important that businesses recognise this threat and take the appropriate steps, such as those outlined above, to reduce the likelihood and minimise