An organisation’s primary and immediate line of defense against malware is typically the antivirus software installed in each of their users’ endpoint devices. It works in the background, checks data being received for known malware signatures, and warns users of possible threats. Antivirus software does contribute greatly to an organisation’s online security, but it is not enough to mitigate all malware threats when you consider how advanced these threats have become.

That said, there are many cyber security tools and services that you can use to reinforce your system and prevent malware outbreak in the network:

1. Install and update antivirus software.

   

   Antivirus software is your first line of defense against malware attacks. It should, therefore, be an integral part of every computer or device within a network. However, you must understand that it’s not enough to simply install it. In order for any antivirus to remain effective, it should also be continually updated. New viruses are created every day, and these could render your software useless in no time. The advantage is that antivirus software developers are also trying to keep up with the threats. Regularly updating your antivirus software enables it to identify new malware signatures and combat the latest known threats.

2. Apply patches and fixes on all software.

   

   Malware developers are always looking for ways to compromise your system. One of their favorite methods is finding software vulnerabilities and exploiting these vulnerabilities to gain an initial foothold. Legitimate software companies have systems in place to receive feedback for vulnerabilities in their applications, and they will try to quickly provide patches/security updates to eliminate any known vulnerabilities.

   It is therefore good online security practice to apply software patches as soon as they are made available. A perfect example that highlights the importance of patching is the 2017 WannaCry ransomware attack that claimed several NHS trusts in the UK among its victims. A patch for the vulnerability targeted by WannaCry was actually released by Microsoft a couple of months before the outbreak. Many organisations didn’t apply the patch, and the rest is history.

3. Educate your end users.

   

   Malware often finds its way into the network through an unsuspecting user. It’s no surprise that the end-user—the average employee in an office setting—is usually tagged as the weakest link in the system.    End users are prone to falling for phishing scams, click baits, fake websites and the myriad creative ways malware developers push their content. They can rarely distinguish between what is real and legitimate from a hacker’s sophisticated attempt to infiltrate the network. In order to lessen the risk at this end, it is therefore very important to raise cyber security awareness among employees. The 3 key issues that should be pointed out to your end-users are:

   • Never accept files or click on links from unverified senders. These files could be malware, and the links could send you to a malware download or direct you to a phishing website. Phishing websites can appear as legitimate websites of well-known institutions, but are actually just designed to collect vital information such as personal data as well as usernames and passwords. Some malicious links also invite you to create a new account, with the expectation that the ‘unique’ username and password nominated are the same username/password combination you are using on your other accounts. This then gives cyber criminals the information they need to access your social media, email, and even workplace applications.

   • Be wary when receiving email or links even from those you know. It’s easy to feel complacent when the sender is a family member, friend or colleague; but the fact is, their accounts could already be compromised. An easily identifiable indicator is when those accounts start sending numerous emails suggesting that you download a file, install an app or visit a website. Refrain from opening, clicking or downloading anything, and inform your friend or colleague immediately of the potential security issue.

   • Never turn off antivirus software. Legitimate software respects the security that your antivirus provides, and will work with it during installation and setup. Most malware and malware-connected apps, however, will require you to disable antivirus software prior to installation, to be able to get past the protection it provides.

4. Establish an Information Security Program.

   

   While cyber security services and tools, as well as user awareness, go a long way to protecting the network, a company would do even better by coordinating all these initiatives within an established Information Security Program. A good program should include the enterprise’s activities and policies and procedures, as well as outlining security best practices that should be implemented in an organised manner. An information security program encompasses the entirety of safeguarding the company’s IT assets, and a top priority would be preventing a malware outbreak in the network.

5. Hire an MSP or Managed Service Provider.

   

   With data protection and regulatory compliance becoming essential requirements in most business organisations, reputable managed service providers have started including cyber security services as part of their portfolio. Acquiring the services of an MSP is an effective course of action in preventing a malware outbreak and in enhancing network security in general. Creating your own IT security team will require years of training and a great deal of resources, but hiring an MSP that offers cyber security services actualises your security to a high standard in a timely and cost-effective manner.