Protecting data: privacy and security

Security: viruses and malware

There are a range of different types of software threats to computers, including worms, viruses, trojans and spyware. While there are some differences, they are all ’malware’ (malicious software). All are computer programs which are designed to carry out nefarious activities on computer systems without the consent of the owner. Malware can take various forms, from allowing black-hat hackers to operate the computer remotely; stealing information directly from the computer; destroying information; and/or spreading malware to other computers in contact with the infected host.

Malware can be spread in a variety of ways, including:

• via email attachments
• via removable storage devices such as USB thumb drives
• from visiting infected websites.

An exponential rise in the number of variants of malware has occured over the past several years, fueled by a growth in internet uptake, the complexity (and therefore vulnerabilities) of software and smarter malware programs.

There is no guaranteed way of rendering computers safe from malware, but three simple steps can dramatically reduce the likelihood of damage:

1. Install security software and update it regularly.
2. Turn on automatic updates so that all your software receives the latest fixes.
3. Stop and think before you click on links or attachments.

Malware can act on vulnerabilities in software programs at different levels of your online activity. For example, it can exploit a flaw in your computer’s operating system, or in software that you use to create documents or spreadsheets, or in your smartphone’s operating system or applications, or in the browser that you use to access the internet. An effective security strategy will require you to ensure protection for all the devices and programs you use to conduct your online activities.

It is best practice to set your computer operating system to automatically check for updates and install any security updates as soon as they are available.

You can find information about how to patch your operating system/s at one of these links:

• Windows XP
• Windows 2000
• Windows Vista
• Windows 7
• Microsoft Update site (for all other Microsoft software such as Office)
• Apple
• Linux

In addtion to regularly updating your computer operating system, it is also important to regularly update the software applications on your computer (including browsers). As operating systems have become more secure, malware has increasingly focused on vulnerabilities in software programs to gain access to computers. When installing new software, always select the option to automatically check for updates. Windows users could also consider using a free service such as Secunia to check for updates. Smartphones also require updating on a regular basis.

IT security software

It is best practice to install IT security software (incorporating anti-virus, firewall and anti-spyware programs) on your office and home computers, and update it regularly—ideally automatically and daily.

The following well-known providers offer commercial security solutions and information:

• McAfee
• Sophos
• Symantec
• Online Armor
• ZoneAlarm
• AVG
• Microsoft

In larger organisations, it is best practice to:

• document and enforce IT security software update and scanning procedures
• install IT security software on end point computers, all internet email gateways and server points of access
• alert system administrators to the presence of malware

IT security software often has the functionality to encrypt information on your systems and on your removable media (such as USB thumb drives), so if they are lost, the information is less readily readable and can track and audit access.

For a free remote scan of vulnerabilities you could try these sites:

• McAfee
• Sophos
• Symantec

Education and awareness

In addition to technical fixes, how you and your colleagues behave online can also be a key strategy for staying safe online. While IT security software (and patching) can reduce threats, how computers are operated will help reduce the risk even further.

It is important to understand that malware is passed via email attachments, removable storage media and infected websites. You should also alter your actions so that you try to:

• use secure passwords and change them regularly
• only click on links and attachments from people you know
• visit only credible websites
• limit the use of removable media from outside your organisation.

In larger organisations, bringing these matters to the attention of employees through regular login messages and training and locking down the use of computer ports to control information coming in and out via removable media will help reduce the opportunities for criminals.