Do not risk it, use anti-malware policies

The world of cyber-security is characterized by the constant struggle against all types of threats, including viruses or malware. In many occasions, this fight will depend on the employee's awareness index but in others, on the policies that the company has implemented for its daily operation.
Having an anti-malware policy will be essential to avoid infections or risks to which our company may be exposed. Additionally, this must be known by all employees of the organization and its implementation, duly reviewed and audited.

But, do you know what an Antimalware tool is?

They are tools designed to protect our computer systems: servers, computers, regardless of whether they are portable or desktop, tablets, smartphones, etc., against malicious software.

The main ways of contagion by malware are:

• Downloads of files, either from email attachments or from web pages;
• Navigating web pages of dubious reliability;
• The existence of vulnerabilities in devices that have not been updated;
• The use of extractable extraneous devices. 

The main objective of malicious software is to damage or modify an infected device, either to control it or to steal information. The enormous damage they could cause to an organization makes it necessary and mandatory to establish a policy aimed at controlling malware. Its main function will be to prevent, detect, control and eliminate the execution of any type of malicious software in the devices and systems of the organization.

Main key points to consider

Determine the most important solutions that our company should have. These will depend on the size of the organization, the level of security required or the complexity of the configurations. Thus, it will be necessary to determine if you opt for tools aimed at protecting the workplace, such as portable equipment or the various mobile devices that the company has. You can also choose global corporate solutions that centralize Antimalware protection in corporate devices.

Configure malware protection tools, in such a way that:

• Automatic and periodic checks are carried out;
• Automatic checks are made of files attached to the mail or those that are downloaded from any web page;
• Access to applications is blocked based on a blacklist policy, and allowing access to those that are on whitelists;
• They are allowed to analyze web pages to detect possible threats.

Update malware detection tools. The periodicity with which they will be updated must be determined, automatic updates are recommended, as well as having a daily update search periodicity.

For more information: https://www.ptsecurity.com/ww-en/products/af/

Establish a procedure to respond to infections. Taking into account factors such as impact, assets that may be compromised or how to recover them, you must establish what events will be considered incidents. Subsequently, the operation to be followed for its mitigation will be indicated.

To have a good practices policy for malware control, which should be known and put into practice by the entire staff through aspects such as the following:

• Consider all contents and potentially unsafe downloads until they are analyzed by the antimalware tools;
• Prohibit actions such as running downloaded files without having been previously analyzed, automatic executions of content or altering the configuration of systems and equipment for processing information;
• Use only software that is allowed and conveniently updated;
• Follow the guidelines that mark the email policy to avoid receiving spam. 

Having an anti-malware policy will be especially necessary in order to prevent infections that affect the treatment of company information and to know what to do in the face of a security incident of this type. This will be vital, especially if for the development of the activity of the company it is necessary to be connected to the Internet or make use of external storage devices. Do not wait until it's too late, establish the guidelines to prevent the appearance of malware and make sure your employees know them and start them up.