Last week, we discussed some fundamental best practices for maintaining data security. Today, we will provide definitions of a few common types of malware that could pose a threat to the integrity of your firm’s data, and some security tips to help you protect it.
According to a study conducted by Panda Security, a cloud security solutions provider, about 46% of small- and medium-sized businesses (SMBs) in the U.S. have been victims of cybercrime. This number is up two percent from last year’s survey. Panda’s annual “International Barometer of Security at SMBs” surveys about 9,500 SMBs around the world, including more than 1,500 in the United States. Other statistics that were revealed through the study include:
- 31% of SMBs are currently operating without anti-spam protection
- 23% have no anti-spyware in place
- 15% have no firewalls in place
- 13% are operating without any security systems in place at all
In order to protect your hedge fund from the dangers of internal and external security breaches, it is important to understand the various types of threats that may be taking aim at your network. The following malware definitions provide some insight into the most common types of threats of which you should be wary.
Viruses: A virus is a program that can infect a computer system and replicate itself, allowing it to spread from one PC to another over a network. Typically, a virus will replicate itself by attaching to an executable file that is part of a legitimate application. When the user attempts to launch that program, this activates the virus, which enables it to corrupt or alter files on that computer and spread to other applications on the network. Viruses can also be spread via removable media, including USB drives, DVDs, and CDs.
Worms: A worm is another type of self-replicating malware. It differs from a virus in that it does not require any action on the part of the user to copy itself and spread to other computers. Worms are typically harmful to the network, and can consume a great deal of its bandwidth. This can cause a delay in communications both within the network and with external counterparties such as investors or broker-dealers.
Trojan Horses: A Trojan horse is a malicious program that disguises itself as a legitimate application. The user initiates the program, believing it to be performing a desirable function, but it instead allows the invader to gain unauthorized access to the user’s PC and the information that is stored there.
- Spyware: Spyware is a program that is installed on a computer which can collect bits of information about a user over a period of time without the user’s knowledge. Spyware is typically installed discreetly and is hidden on the computer, so it can be very difficult to detect. It allows the invader to gain unauthorized access to the user’s data.
Tips for Protecting Your Data
In Part 1 of this series, we looked at some basic but frequently overlooked security best practices, such as creating strong passwords and adding local security measures to laptops and mobile devices. Now that we have discussed some specific threats and how they can damage the integrity of your data, let’s look at a few additional ways to protect your firm’s network.
Ensure that all anti-virus programs are up to date. Malware creators are regularly working to find ways to penetrate a firm’s environment. At the same time, anti-virus companies have their teams working to identify the next malware code and update their software to protect against. Keeping your anti-virus updated may seem simple but here is one example of when it can prove challenging.
The Road Warrior: This user is typically away from the corporate network with a laptop and connected via Citrix or VPN. While he or she likely has anti-virus on the laptop, the challenge is keeping it updated, especially if a new malware is released while he or she is disconnected from the network.
- The Road Warrior: This user is typically away from the corporate network with a laptop and connected via Citrix or VPN. While he or she likely has anti-virus on the laptop, the challenge is keeping it updated, especially if a new malware is released while he or she is disconnected from the network.
Solutions: You could have your employee go directly to the security vendor’s website to update the anti-virus software over the Internet, or have the software automatically check for updates whenever it connects to the corporate network.
Ensure that all Microsoft patches are deployed in a timely manner. Malware creators are becoming more sophisticated, so it is important to have the most up-to-date versions of all security programs. Microsoft releases new patches on a regular basis and they can be found on the Microsoft security website.
- Deploy a program that constantly scans the network for malware and removes threats. Again, a number of vendors exist, so be sure to check with your IT resources to choose one that fits your firm’s specific needs. A number of Eze Castle clients use Symantec, which you can learn more about here.
These are a few types of malware to be conscious of when looking at the levels of security surrounding your firm’s data, and some helpful security tips for preventing them from intruding on your systems. Be sure to check out the other two articles in our security series:
Eze Castle Integration strives to create both technologically and physically secure environments for our clients. Security policy and procedure review is an important part of ongoing maintenance for any IT environment. For a more comprehensive security review of your site, please contact us.
To make things easy, you can always subscribe to Hedge IT so new articles automatically appear in your inbox!
Categorized under: Security
- Five Years Later: How Bernie Madoff Has Transformed the Investment Industry
- The Who, What, When and Where of the Bad, Bad Cryptolocker Ransomware
- Expert Tips for Launching a Hedge Fund in a New Environment
- Answering the FCA's Dear CEO Letter on Outsourcing with Some Practical Steps
- Reflecting on What We're Thankful For This Thanksgiving
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics