With the convenience of your rental business being connected via the Internet to clients, vendors, and the world at large has come great risk: the risk of being hacked. Each year brings multitudes of stories of companies that have reported network intrusions, loss of data, and loss of money. In addition to the immediate potential consequences of a network intrusion and the resulting need to clean up and restore the network after an intrusion, such an event can also lead to a potential loss of trust from clients.
Clearly, we all want to avoid the problems associated with malware, but how do we do it? Anti-virus software is a good start. There are a number of companies that provide small business cyber-security software, which can be set to perform periodic scans of every computer connected to your company’s network for malware, as well as identify computers that don’t have anti-virus software installed and up to date.
The limitation of anti-virus software, however, is that it only knows what it knows. In other words, anti-virus software scans for known signatures for malware. As new signatures emerge, the anti-virus software updates its database of known threats. However, by then, malware may already reside on computers on your network.
By itself, anti-virus software can alert you to the need to “clean up on aisle 6!” In order to prevent the need to respond to the potential mess of malware, layering our defense is crucial.
How do we layer our defenses against the malware threat? There are several things that we can do to manage our risk against the threat of malware. First, we must ensure that each network user is trained on basic user cybersecurity hygiene. By providing our users with basic knowledge on which behaviors increase the risks of infecting their systems with malware, we can help them to mitigate those risks.
Second, by establishing, articulating, and enforcing clear small business cyber-security user policies, we can further mitigate against malware risk. For example, establishing a time window for installing operating system updates reduces vulnerabilities to computers on our network. Likewise, setting up policies for which websites that users can access on company computers will limit malware risks. This can be done through whitelisting (access list) or blacklisting (restriction list) of Internet domains.
Third, by establishing an infrastructure (i.e., a common portal) we can get network users out of the habit of transferring files over email or through the use of links, two areas where malware is more likely to be spread from computer to computer.
Anti-virus software is important, of course. However, it’s crucial to layer our businesses’ cyber-security defenses with software, training, and credit card prevention fraud prevention techniques in order to best reduce the risk and potential frustration and damage of a malware infection.