Malware, virus on a device: what to do?

A malware represents all malicious codes and programs built with the intention to cause damage to an information system. There are many types of damage a malware can cause: steal, encrypt or delete data, alter or delete a system functionality and spy on all the activity happening on the infected device. Usually, cybercriminals try to earn profit when installing a malware on a device by making the victim pay to buy a service to fix it or to get back access to their device.

The most common types of malware are the following:

* Virus: replicates itself across programs to access their data or alter their functionalities.

* Ransomware: blocks and encrypts access to resources and require a payment to get it back.

* Trojan horse: disguises itself into something the victim might need and would download (e.g., an application, a software or a game), only to get access to their device resource and eventually steal confidential information or install a virus or a ransomware.

* Spyware: built with the purpose of spying on all the victim’s activities and transmitting them back to the cybercriminals who launched it.

* Adware: displays constantly new ads on the victim’s screen, usually when they’re trying to browse through a webpage.

The most common way used by cybercriminals to infect a device is through internet or chat/communication services. They both aim at making the victim click on a specific link to install the malware.

Malware can be identified through the installation of an antivirus on all devices and the monitoring of the alerts generated by this antivirus. In addition to those alerts, there are also obvious signs that indicate that a device is infected, e.g., unusual errors appear on the screen, the device has become slower, freezes or crashes often, repetitive pop-up messages, the device switches off and restarts on its own, some access to applications or programs are blocked, etc.

1. Install, configure and update an antivirus on all devices

Make sure that the antivirus is installed correctly and activated, and that it regularly updates its program and its signatures. The protection in real time to analyse everything that comes in and goes out should be well configured. In addition, the settings and functioning can be tested to ensure the antivirus answers the needs initially defined. Finally, a thorough scan of the hardware can be performed to ensure that no initially unknown viruses have taken hold between two updates.

2. Raise collaborators’ awareness on scams that aim to steal confidential information

An organisation’s collaborators are its first line of defence. Your collaborators need to be made aware on how to identify scams and fake message in order to adopt the right reflexes. There are several ways cybercriminals try to steal collaborators’ credentials in order to get access to an organisation’s resources. A very common way is to use a phishing email, through which cybercriminals try to convince their victim to share passwords or confidential information. It is thus important to have regular informative sessions to train the collaborators about not sharing too much on social media and not clicking on a link or opening a file without analysing where it comes from first.

3. Update your devices and software as soon as possible

Since it could only takes one vulnerability in a system, application or device for cybercriminals to compromise in order to cause damages and get access to information, installing updates as soon as they are available is crucial. It ensures a strong cyber defence and makes sure that the system version being used is still supported by the vendor.

4. Secure the access to your accounts

Accounts are an entrance door to an organisation’s whole environment. They thus need to be protected by using strong passwords that are different for each account. A strong password is one of at least 12 characters and has a combination of upper and lower cases, numbers and symbols. In combination with a strong password, Multi-Factor Authentication should also be enabled wherever possible. Multi Factor Authentication requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.

5. Regularly backup your critical resources

Backup all systems, applications, servers and data to make sure that even if an incident occurs, all important information can still be recovered. It is important to regularly test those backups to confirm that they can actually be used if needed, after an incident.

6. Only use official websites and platforms to download applications and software

Pirated applications and software are usually infected with malware so only look for installation and download of official ones, through vendors’ official platforms and websites.

7. Limit the actions that can be executed with an admin account

Limit the number of administrator or privileged accounts to the bare minimum. No one should have administrator privileges for day-to-day tasks. Giving the privileges that admin accounts have, it will make it easier for cybercriminals to take over the device or install a ransomware.

8. Control software installation on corporate devices by establishing a list of allowed software

A collaborator looking for a specific software and with little to no knowledge about cybersecurity is less likely to second guess the offers found on the internet. It is thus important to make sure that all downloaded software is approved by the IT Responsible from a security and performance point of view. In addition, the IT Responsible can establish a whitelisting: a list of software that collaborators are allowed to install on their corporate devices.

9. Implement processes for access control management and user provisioning

It is very common for cyber criminals to use an existing account to get access to an organisation’s resources. The access control management should be well established and implemented within an organisation. The basic principles of least privilege and need-to-know must be applied: a user should only get the accesses they require to perform their job, nothing additional. They should always get the minimum required, not extra accesses ‘just in case’.

In addition, a user access provisioning process should be established. This process defines the procedure to remove or change the access granted to an employee when they switch position or leave the organisation. An insider attack can indeed always happen, no matter how loyal former collaborators were at a certain point of time. Their feelings towards the organisation might change if they didn’t leave willingly.

10. Avoid using public Wi-Fi and public computers

Public Wi-Fi or public computers are a handy solution as people can access professional resources, browse websites, or manage their social media almost everywhere. However, as the name indicates it, it is public and everyone can access it, including scammers and criminals. If it is wrongly configured, a public Wi-Fi or computer can be used to monitor the activities of people connected to it and steal their information. Always prefer your organisation professional WI-FI network and professional devices to access professional resources.

11. Watch out where you surf

Avoid browsing through unsure or illicit websites such as platforms offering counterfeit goods or software, or illegal streaming services. Scams are more frequent on those types of websites as it is easier for cybercriminals to penetrate them.

12. Limit the use of removable media

Only use removable media approved by the IT Responsible to make sure it is not infected and it won’t cause any damage to your device.