The Limitations Of Antivirus – A Guide
by TUCU Managed IT Services in Toronto
It’s easy to assume it won’t happen to you, until it does. Cyber criminals are targeting small businesses in a big way – and the consequences can be shocking. To protect your sensitive data and prevent security issues, our team at TUCU present this free guide to malware and viruses so that you can understand the limitations of antivirus software.
Arm yourself with a clear understanding of these terms, and the measures you need to take to protect your company from computer security problems.
A Small Business Owner's Guide to Uses Of Antivirus
Defining the Problem: There are several ways that cyber criminals can access your sensitive data. Below, we will explain the differences between malware, adware, spyware, and viruses, and the effective and ineffective uses of antivirus software in the small business setting.
Malware
Malware is an all-encompassing term for any malicious software. This may include adware, spyware, Trojan horses, worms, viruses, etc. Designed to interfere with normal computer function, malware gives criminals a chance to breach your security and access sensitive data files.
Now, let's explore the various types of malware.
Adware
Adware seems innocent enough. This software tracks your internet browsing history and then uses the information to send you relevant advertisements. At best, this software slows your internet connection speed and your computer’s processor. At worst, it can include spyware or keyloggers that could potentially steal your private data or damage your computer. Generally, good antivirus software can catch adware on computers and laptops. Smartphone antivirus is not effective at catching adware until after it is already installed. For this reason, if your employees are using personal cellphones for work, you should have a good BYOD policy with mobile data management in place.
Spyware
Spyware can download itself onto your computer through emails, programs, or websites. Once installed, this software can scour your computer for sensitive personal information, including passwords, email addresses, online purchasing habits, and banking or credit card information. Good business antivirus software can catch spyware.
Viruses
Typically disguised as email attachments, images, games, website URLs, or shared files, viruses can take over your computer and replicate with no user intervention. As a result, your sensitive files can be corrupted or deleted. As the virus infects your computer, day-to-day tasks can become difficult or impossible. Some viruses can randomly access memory space or fill up disk space, rendering your computer useless. Antivirus software can catch most viruses.
Ransomware
The newest breed are cryptolocker viruses also known as ransomware. These viruses infect your system and hold your data hostage until you pay a ransom to have your files unlocked. They can even infect local backup files and network shared drives where you may have stored your backup files. Be sure to protect yourself with online backup with unlimited revision control. This puts your data backup outside your computer or network, and also allows you to access older versions of your backup. Should a cryptolocker lock your current backup, you can restore from a previous iteration. While this means you may lose a file or two, your second most recent backup should restore almost all your files. Of course, this depends on how often you are backing up, and makes a strong argument for automated daily backup.
According to State of the Channel Ransomware Report in Canada in 2017:
- 32% of all small to medium businesses affected by the attacks pay the ransom
- 13% who pay, never fully recover all the data that has been lost
- On average, between $500-$2000 are lost to the ransom
Prevention is key. Antivirus software can not routinely stop ransomware. Many local business such as dental offices and hair salons have been hit with ransomware, despite having antivirus software installed. You need more than just antivirus for business today.
Limitations Of Antivirus Software
Do you think that your computer is safe because you have antivirus software? Free or static antivirus software is not enough.
Think about it this way. Cyber criminals are working everyday to create new viruses and threats. Antivirus companies have to also work everyday to write new software to protect against those new threats. Free antivirus software is not updated regularly, and is considered by IT professionals to be fairly useless. This is why you must invest in actively updated antivirus for small business, such as BitDefender. However this alone is not enough.
No matter how fast antivirus companies update their database signatures to stay ahead of hackers, there is always the possibility that something will get through. This is why a layered approach to IT security is necessary.
The concept of a layered approach to network security is to assume that one layer will fail at some point, and to have the other layers kick in.
An example of a layered approach to keep your business safe should include all the following IT Security practices:
- password policy
- user authentication policy
- actively filtered and dynamically updated antivirus software from a leading provider
- a network firewall
- user training
- off site backup
Antivirus is just one layer. All layers work together to create strong IT security required in today's cyber landscape.
User authentication checks who is allowed to log in to your network. A strong password policy makes it harder to guess or crack passwords. Active antivirus helps blocks threats, as does a network firewall. If an attacker makes it past these points, user training helps prevent your employees from clicking bad links, downloading bad files or falling for phishing attacks. And in a worst case scenario, remote back up is available to restore an infected computer or network.
Disadvantages Of Antivirus
It's important to understand how antivirus software works. The cold hard truth is that Antivirus can only react. It works by checking your files against a list of known viruses and comparing the two. If a virus is new and yet unknown, there is nothing to compare it to, and you will get infected.
This also means that your antivirus is only as good as its last update. If you are a computer user who ignores popups and notifications to allow your software to update, you are leaving yourself open to trouble because new threats appear almost weekly or monthly. Antivirus software providers have to push out updates to keep you safe. You have to accept those updates right away.
If you have a team of people working, who also ignore popups and notifications to update software, your troubles are amplified. Each computer becomes a weak point in your network defense. This is why having an IT employee or a Managed IT Services provider to enforce security patching every week is a wise investment for any growing business. These security systems require a skilled technician to setup and maintain them week to week.
A major limitation of antivirus software is the false sense of security it can create. Many small business owners we consult with have a free or cheap antivirus product in place on their computers, so they tell us they are protected and don't need antivirus. Through our exchange, we share the key points from this blog post to help them understand why their current antivirus is not enough, and what additional IT policies for small businesses must be put in place.
A major limitation of antivirus is the false sense of security it can create.
Antivirus Can't Protect Against Fileless Attacks
A new type of network security threat is a fileless attack. These are also known as zero-footprint attacks, macro, or non-malware attacks. These are currently undetectable by traditional antivirus.
Simply put, since no file is downloaded, these attacks are largely undetectable and ten times more successful than file-based attacks.
According to Barkly’s “State of Endpoint Security Risk Report”, 77% of attacks in 2017 alone were Fileless attacks that could cost any large organization over $5 million.
Network Firewalls
The best way to protect against a fileless attack is with perimeter defense. This means you need a firewall with intrusion detection system and intrusion prevention system.
Think of a firewall as a border security agent that is checking passports and luggage for anyone trying to come into your territory. This includes incoming emails and attachments. If anything looks suspect, access is denied.
You can also geo-restrict traffic from any countries you do not do business with, but are known high volume senders of viruses. For example, if you are a mid sized company in Toronto, serving Canadian clients, you can block all traffic from Russia, China, India etc.
There are network security practices which should be performed on a weekly basis, including (but not limited to) regularly checking security logs, disabling PowerShell if they are unused, checking backup is working and restoring, patching software, etc. Again, an IT employee or Managed IT Services provider will help keep your business safe.
Antivirus & Phishing Prevention
Fileless attacks may seem like the biggest threat, but the most commonly successful form of attack is a phishing scam. And the weakest point in a phishing scam are the email recipients- you- your employees- your people, not your antivirus. Phishing can take place online, by mail, by phone, or by a combination of all.
By definition, phishing is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and bank account information.” The definition may need to be updated soon to include all approaches.
Today’s email phishing scams are not as obvious as they were before (think of letters from a Nigerian prince in need of your help). Today, typical phishing comes in the form of a fake email requiring you to “verify” your account information or make a payment, usually imitating a service or institution you already do business with. For example, you may receive PayPal scams or "verify your account" emails that appear to come from your bank. Almost all phishing attempts are aimed at getting your username and password credentials.
Think you won't fall victim? Canadian phishing statistics report:
- that there are 156 million phishing emails every day
- 16 million make it through email spam filters
- 8 million are opened
- 800,000 phishing links are clicked
- 80,000 victims fall for a scam and share their personal information
Any successful phishing campaign can result in lost time, lost productivity, financial loss, business or social consequences, and even trauma. You can however train employees to avoid basic phishing attacks by presenting life like examples and pointing out red flags.
Websites like KnowBe4 or Gophish give actual simulations of phishing. Educating employees on the dangers of phishing is the best step to counter these malicious attacks.
If you use Office 365 in the cloud, you can opt for an additional layer of secure called Advanced Threat Protection which offers added anti-phishing algorithms. The current cost is $2.70 per user per month, on top of whichever Office 365 subscription you choose.
To limit the threat of a successful phishing attack:
- Invest in layered computer and network security.
- Invest time and resources into cybersecurity training for your team.
- Be sure to regularly remind your team never to send out personal information through email.
- Always hover over links and see the URL path and beware of anything that looks phishy.
Protecting Your Small Business from Cyber Crime
To protect your small business in this day and age, you need professional IT support ( either in house, or outsourced).
These tips will help you get started on the path to better network security.
- Do not download any attachments unless they are from someone you know personally and are something you are expecting.
- Before opening files, scan them with a virus-scanning software.
- Do not use peer-to-peer file sharing websites as they are known to transmit malware within the downloads.
- Run anti-virus and anti-malware software routinely to catch any worms, viruses, or Trojan Horses.
- Protect your computer network with a firewall.
- Do not download any programs from websites that you do not trust.
- Hire a trusted IT professional or Managed IT Provider to handle your day to day network management.
We hope you have a better understanding of malware, viruses, and network security. As a small business owner, you need to focus on your clients instead of worrying about tech issues. That's why outsourcing IT management is smart.
Our experienced team is dedicated to providing prompt, comprehensive IT services in Toronto. Let us help you succeed by managing all your technical nuts and bolts for you.
Need A Good IT Company in Toronto? TUCU offers IT Support, Cyber Security Services, and comprehensive Managed IT Services. Trusted since 2003, TUCU serves as the IT department for SMB's with 5-75 employees, just like yours. Schedule your free phone consult to discover how we can help you.
Say goodbye to techaches!
We understand that you need a reliable IT company you can trust. Join our long list of happy clients dating back to 2003.
Reach out now to schedule your Discovery Call to learn how we can help you.
