Security 101: Securing the Malware Ingress Points in SMBs

Our research, as well as that of many other firms, has revealed that malware infiltration has impacted most organizations and that the problem is getting worse over time, particularly for small and mid-sized businesses (SMBs). While it is essential that every potential ingress point for malware be monitored, many organizations have holes in their defenses that could allow malware to enter the corporate network. Here are a few areas to address, although the list is by no means exhaustive:

  • Personal Webmail
    Many users employ personal Webmail when they need to send files that exceed the mailbox-size quotas that IT has established for the corporate email system, or when the corporate system goes down. While both are valid reasons for using a personal alternative to continue sending emails, doing so bypasses corporate scanning defenses and can allow malware to sneak onto employees’ computers, such as in a phishing email.
  • Non-business-grade file sync and share
    Tools like Dropbox are widely used by employees so that all of their relevant content can be available from every device they use. These tools are incredibly useful for traveling employees, those who work from home, and those who want their files handy from a mobile device when they’re away from a desktop computer. However, they can also provide an entry point for malware. For example, if an employee’s home computer is used to work on a Word or Excel file, gets infected and then is synced via Dropbox to the employee’s work computer, malware can enter the corporate network without ever having been scanned for malicious content.
  • Mobile devices
    Any mobile device – whether supplied by an employer or one owned by an employee – is a potential source of malware infiltration. One of the ways this can occur is when employees download applications that have not been developed with security as a critical design consideration. Another way for data leakage, but also malware infiltration, to occur is if employees download copycat apps thinking they are downloading bona fide apps.
  • Web surfing
    The Web has become an essential tool for individuals to do their job – and the primary way that malware infiltrates a corporate network. There are numerous ways that malware can infiltrate an organization through the Web, including browsing to valid but infected sites as in a watering hole attack, through drive-by attacks or via compromised search engine queries.
  • Social media
    Tools like Twitter and Facebook can be used to distribute malware through short URLs or Facebook chat, among other ways. Social media can also be an invaluable tool for cybercriminals to gather intelligence about their potential victims who are intent on spearphishing high profile victims like corporate CFOs.

So what do you do about it? Here are four things:

  • First and foremost, understand what your users are doing, the tools they’re employing and why they are using these tools. Personal Webmail may be used only because of inadequacies in your corporate email system; Dropbox may be used because employees want to be more productive when they’re working after hours.
  • Next, develop policies about the use of personally owned devices, cloud applications and mobile applications. While a policy will not guarantee that a particular cloud service or app will not be downloaded or used, it will reduce the number of these potential malware ingress points available on your network.
  • Train users about what to do and what not to do with regard to things like phishing attempts, mobile apps and cloud applications. Follow this up with regular refresher course and reminders, and test users to see if they’re really learning anything.
  • Provide useful alternatives to the applications that users need to do their job. This means doing things like replacing consumer-focused file sync and share tools with enterprise-grade alternatives that will enable more secure management of corporate data.

Finally, deploy very good anti-malware defenses from a leading vendor that can support its tools with excellent threat intelligence.