What is malware?
Malware can hide inside innocuous-looking software (trojans), or spread between machines without relying on user interaction (worms). It can be custom-designed to evade defences and execute specific tasks.
Once inadvertently installed, malware can carry out many activities unseen. It may spy on website visits, destroy data, or piece together passwords. Increasingly, it’s being used by criminals to encrypt important business information until the organisation pays a ‘ransom’. Internet banking users might also be redirected to fake sites which record their login data to enable financial theft.
Malware is usually delivered via email ‘phishing’ or fraudulent links. Malicious apps and USB memory sticks can also compromise smartphones and computers respectively. Malware can stay hidden for months until activated.
The risks to business
- Data loss
- Financial loss
- Hardware damage
- Paralysis of business activity
How can I defend my business against malware?
- Put in place strong response, recovery and back-up processes.
- Run up-to-date anti-virus software on all machines, and consider systems that use file reputation / behaviour analysis within a safe sandbox system. Network behaviour anomaly detection (alert to attacker commands) is another systems security option.
- Keep your PCs, servers and associated hardware up to date, installing the latest security patches as they become available.
- Make sure that your staff avoid questionable websites, and know not to download free software / apps, run MS Office macros on email attachments, or use USB sticks, from unverified sources.
- Consider application whitelisting (blocking any software not already authorised).
- Use different passwords for different business logins.
Find out more about HSBC Cybercrime
Cyber-attacks on SMEs have increased steadily in recent years. With criminals constantly devising new ways to steal information and money, one of the newest emerging threats is Business Email Compromise, also known as CEO or Chairman Fraud. The most frequent targets of this scam, small and medium-sized businesses, can lose huge sums because of one spurious email.
Texts and phone calls can be used maliciously to facilitate theft and fraud. 'Vishing' calls try to alarm recipients into making payments or providing important financial information. 'Smishing' texts may additionally try to entice their target to click on malicious links, activating trojan viruses which can steal passwords and other high-value data.
Get in touch to learn more about our banking solutions and how we can help you drive your business forward.