Preventing malware attacks: Dos and don’ts for employees!

As a small business owner, you are probably worried about malware attacks and phishing scams. Your concerns are well-placed, considering thousands of SMBs have suffered the consequences of these security threats. Cybercriminals have managed to not only managed to hack devices, but have also extorted money from businesses using scare tactics. Your employees are on the forefront of ensuring cybersecurity, and they should know the basic dos and don’ts for malware prevention. Here is a quick list that can be handy for businesses. 

1. Recommend antimalware solutions. There are different anti-virus and anti-spyware software programs available in the market for business purposes, and these can be purchased for employees, who must be encouraged to install them for personal devices and computers used for work. 
2. Watch out for browsing. Employees often browse the internet rather carelessly, and that’s how they end up downloading malicious files and programs. Ensure that your employees know of safe browsing, and if that’s not enough, ask the security teams to restrict access to certain resources and websites. 
3. Use a spam filter. Employees should use a spam filter, so that unknown senders, spam emails, and untrusted downloads can be spotted. Many spam filters can even detect phishing emails. 
4. Change default passwords. Ask your employees to change default details, including usernames and passwords, right after a product has been deployed. Hackers often use passwords to access systems and eventually launch a malware attack. 
5. Report incidents. Businesses often forget the need for an incident response plan. Sometimes, despite the best efforts, things may go wrong, and employees should know the list of steps they are required to follow, such as reporting the incident to the cybersecurity team. 

Other steps that can help

Businesses should consider multi-factor authentication wherever possible. This could be a security question, use of biometrics, special pins and onetime passwords. As for phishing attacks, make it mandatory for employees to verify a website, source, and email before they download anything on computers. Also, all computers and devices must be placed behind firewalls. There is also the step called network segmentation, where the entire network is divided into subnetworks, so compromise or malware attack on one doesn’t impact everything else. This works in a similar way as a firebreak. 

Lastly, password protection is extremely crucial. If your employees are not using a password manager as yet, you may have to recommend one that IT teams can trust.