By John B. Folkerts, CISSP, Information Security Manager, Canandaigua National Bank & Trust

What is “Malware”?

Malware – short for “malicious software” – is any program that runs on your system that is unauthorized by you or performs some unauthorized function. The person who created the malware may intend to cause you or your system harm, steal your private information, or hold your data for ransom. Frequently banking fraud is facilitated by malware, since malware is able to watch web traffic and read information stored on your system (including passwords!).

How can I protect myself?

There are three steps that you should consider to protect yourself against malware attacks: Update, Question, and Monitor.

Some of the worst malware outbreaks have been due to systems not having their security updates applied in a timely fashion. Sometimes this is because people do not like rebooting their system, but most often this happens because of the speed required to distribute security patches around the world. Apply your security updates for your first layer of defense!

Over the last few years software vendors have improved their methods for distributing security updates to users. Also, malware distribution channels (e.g. email, web, and USB drives) are receiving better protection. So, attackers are shifting their approach and using social engineering instead. Phishing is a social engineering attack that tries to deceive you into clicking a link – perhaps to download a file or execute a script which could be malicious. Whether you receive such links via email, Facebook, or SMS text, question the messages you receive. Do not fall for the attacker trick – be suspicious of the unexpected link.

How can a non-technical person monitor their system? Install antivirus software! Antivirus solutions may not be perfect, but they are surprisingly effective. Even if your antivirus software does not remove the threat, it will likely tell you that something is wrong. Symptoms of malware to watch for: security alerts, files that will not open or copy, or security software that becomes unexpectedly disabled. If you suspect malware on your system, do not let it linger! Seek help from a qualified technical support professional.

Which software is best?

Since antivirus and malware protection software is your last layer of defense in protecting your system, many people wonder which products are best? Current antivirus products are quite competitive and there may not be much difference between them. But you can consult independent testing websites like www.av-comparatives.org and www.av-test.org to help you make decisions about what solution to use. Recent innovations that are good to look for in your AV product: intrusion prevention, behavior analysis, and cloud-based analysis. Many good products are available free of cost.

What about my Mobile Device?

Mobile devices are also subject to malicious software attacks, but in different ways. Make sure that you are receiving regular software updates for your mobile devices. Avoid dangerous behavior such as “rooting” your device and only install apps from the default app store. Most malicious attacks against mobile devices come in the form of links over SMS text or installing a malicious app that has made it through the app store’s vetting process, so ask questions before you click!

What about my Smart Home Devices?

Smart Home devices such as smart TVs, computerized thermostats, doorbell cameras, etc… can also be the target for malicious software. Make sure your devices have support and are able to download software updates. Avoid attaching unused/unnecessary smart home devices to your home WiFi, since these represent a potential for an attacker to gain a foothold onto your network.

Giving Malware the Slip

Malware attacks on the internet are common but evading them is definitely possible. Follow these three steps: Update, Question, and Monitor. Keep your systems up to date, watch where you click, and run antivirus to block and alert. You should not assume you are perfectly protected, but if you do these basic things your risk will be greatly reduced.