11 tips for preventing data loss from malware
For most businesses, preventing data loss from malware has always been a priority. But as today’s companies become even more data-centric, and the cyber threats more vicious, keeping malware at bay is more important than ever.
- But what happens when a virus does slip by?
- What if malware destroys one of your most critical applications?
- What if ransomware locks you out of all your data?
In this post, we look at how malware has become one of the top causes of data loss, and what your organization should be doing to combat it.
Data loss from malware. Which cyberattacks threaten your data?
Not all malware poses a direct threat to your data, even if it’s destructive in other ways.
Take cryptojacking, for example, which secretly uses your computers to mine cryptocurrency for its attackers. Cryptojacking is exploding right now, and it’s delivered like most other malware: through infected sites, infected ads, phishing emails, unpatched software and so on. It bogs down your system resources and creates headaches for everyone. It’s bad. But is it bad for your data? Not necessarily.
That said, there are plenty of other forms of cyberattacks that do put your data at risk. Here are some of the big ones:
- Ransomware: This pesky malware encrypts your important data and throws away the key, unless you pay the attackers. Jump below for a full breakdown on the dangers of ransomware.
- Data exposure malware: Considered one of the worst kinds of cybersecurity breaches in 2018, “data exposure” involves taking sensitive, privately stored data and putting it in a publicly viewable location. Like ransomware, sometimes the attackers will demand payment in return for making the data private again.
- Denial of Service (DoS): We often hear of DoS attacks on websites—when attackers flood a page with so much traffic, it crashes the site. But DoS attacks can also target your databases, blocking you (or your customers) out of the critical data that keeps your business running. The biggest DoS attacks are usually caused by massive botnets that have been created via secretly installed malware on computers around the world.
- Data deletion and modification: Some malware, like Trojans or the W32.Narilam worm, for example, is designed simply to delete or modify sets of data from a database, for seemingly no other reason than to cause destruction or hurt the company’s reputation.
- Data theft: Aside from simply destroying or encrypting data, sophisticated hackers are using malware to steal your most sensitive information. The hackers can then make big money selling that data, especially if it’s users’ personal information, like emails, addresses, phone numbers, credit card numbers and passwords.
- Spyware: Spyware secretly monitors the activity of users (i.e. your employees or customers). Spyware was the #2 form of malware for businesses in 2017. And while it does not directly harm your data, it makes it vulnerable to theft or additional cyberattacks in the future.
- Hijackers: Hijacking malware saw a sudden, sharp increase at businesses in 2017, according to Malwarebytes. Hijackers typically redirect users’ browsers to unwanted ads or websites. And while this alone doesn’t harm data, it can hurt productivity and also lead to more dangerous forms of malware being installed through malicious sites.
Ransomware is still awful …
No form of malware has caused more headline-making destruction in the past two years than ransomware.
Ransomware has been around for years, but it got the most attention in 2017 after WannaCry and NotPetya disabled thousands of computers across the globe. While recent trends suggest that ransomware is declining, the attacks are getting more sophisticated. Most attacks occur when users inadvertently open infected emails, but WannaCry and NotPetya both exploited known vulnerabilities in Windows.
… And still costly
The costs of a ransomware attack can be staggering. Ransom payments alone (which you should avoid paying if you can) can be tens of thousands of dollars. But the real brunt of the impact comes from the downtime and from recovering the lost data. Consider FedEx, for example, which reported $300 million in losses after NotPetya shuttered operations of its subsidiary unit.
When it comes to data loss from malware, ransomware is arguably the most destructive kind there is. It virtually destroys your data and locks you out of your most important applications. And, if you have no backup, that data could be gone for good.
Moral of the story: businesses cannot let their guard down, no matter what the recent ransomware trends suggest. Ransomware isn’t going away anytime soon.
Key statistics: data loss from malware
So, how much destruction is malware causing for companies’ data?
Here are some telling stats:
- Malware is the 3rd most common cause for data loss, behind human error and hardware failure / system malfunction.
- 29% of data loss is caused by malware, according to statistics highlighted by CSO.
- 42% of IT professionals said that ransomware is the biggest risk to businesses today.
- 35% of surveyed IT workers said their companies had experienced data loss from malware.
It’s getting worse
And in case you thought malware was going away anytime soon, think again. New strains are constantly being developed, and old ones are evolving to avoid detection.
Here are just a few recent stats that show why the risk of malware is so dangerous:
- Hijacker detections increased by 40% last year, according to Malwarebytes
- Spyware detections increased by 30%
- Banking Trojan detections increased by 102% in the second half of 2017
- Software update supply chain attacks, which occur when malware is added to legitimate software packages, were up 200% in 2017, according to Symantec
- Mobile malware shot up by 52% last year
So what can businesses do to protect their data from these threats?
Here are our recommended solutions …
Protecting against data loss from malware
- Back up everything: First and foremost, you need to have a backup plan in case malware breaks through all your layers of defense. A good data backup & disaster recovery system will ensure that you can restore any data that has been encrypted, corrupted or compromised by malware. Look for systems that allow for frequent backups as well as fast, dependable restore options, like virtualization.
- Use business-grade antimalware & antivirus solutions: Smaller businesses may be tempted to use the same free antivirus software they use on their home computers, but this is a no-no. Invest in a premium solution that is designed to provide stronger, more customized protection for businesses.
- Update it constantly: New strains of malware are constantly being discovered. Your antimalware software won’t be able to detect them unless it’s updated with the latest definitions. Make sure the software is set to update and scan automatically, every day.
- Set up a firewall and spam filters: Your network should be set up with a firewall to block malicious communications from entering the network. Firewalls can block traffic from known malicious IP addresses, as well as other potential threats. For even greater protection, consider upgrading from your built-in firewall capabilities to a firewall appliance. Strong spam filters should also be used to greatly reduce the quantity of bad emails entering your inboxes.
- Train employees: Most malware infections occur because of user action: opening a bad attachment, clicking a bad link, installing unauthorized software and so on. You can dramatically reduce this risk by regularly training employees on safe practices for email and web. Also, educate them on how to spot the signs of a malicious email and how to deal with messages from unknown senders.
- Require stronger passwords: Weak passwords make it easy for intruders to infiltrate your systems and compromise your data. When possible, configure all authentication-based software to require strong, multi-symbol passwords, which must be updated frequently.
- Patch everything: The victims of WannaCry and NotPetya could have prevented the infections if they’d only patched their operating systems. The same goes for a wide range of malware every day. Malware often takes advantage of vulnerabilities on outdated software, systems and firmware, so it’s important to patch as soon as updates become available.
- Use privileged accounts and access controls: When a user on your network has free access to every folder on the server, so does the ransomware infection that enters through that user’s computer. Set stronger controls by limiting users to only the folders and files they need. The approach of “least privilege” will prevent many forms of malware from spreading across your network.
- Disable macro scripts from office files: Malware is often hidden within Word documents and spreadsheets disguised as legitimate files. Disabling macros on such files, and using file preview functions, can help to prevent the malware from installing if the user attempts to open the file.
- Use application whitelisting: Prevent any unauthorized software from being installed or opened. Only whitelisted software should be able to run (thus preventing certain malware from executing).
- Keep sensitive data safe: For the prevention of data loss from ransomware and other malware, the FBI recommends that businesses “categorize data based on organizational value and implement physical and logical separation of networks and data for different organizational units.”
For more information on how to protect your data from malware and other disasters, contact our business continuity experts at Invenio IT. Request a free demo of backup solutions from Datto, or contact us directly at (646) 395-1170 or [email protected].