I’m sure my fellow colleagues supporting IT in small and medium sized businesses will agree, but one of the most frustrating jobs we get called out to do is to clear up after a virus or spyware infection. This can take anything from a few hours to days and can often result in the loss of data and the need to fully re-install the infected PC or even PCs. The clean-up cost is often more than the PC cost in the first place!
The frustrating thing about these infections is that they are totally preventable within the budget and resources of all small or medium sized companies. Also, these are always ad-hoc support cases, never a client on one of our ongoing support agreements. In fact, in all my time in IT (18+ years) I have never had to clear up a virus or spyware infection in any company where I have been directly responsible for their IT.
So how can you keep viruses and spyware out of your business? The answer is simple: Follow the seven steps below:
1) Microsoft Updates. Install all Microsoft security updates on your desktops and laptops as soon as they are released. In general, Microsoft releases these every first Tuesday of the month, affectionately known as “Patch Tuesday”. Just setting Automatic Updates (Windows Updates on Vista) to install the updates automatically is not enough; we are forever finding offices where half of the machines are fully up to date, while the rest have not updated for six months. (The security updates should also be installed on servers, but this obviously needs to be coordinated, so as not to cause user downtime and disruption of things like backups.)
2) Anti-virus/anti-spyware Software. Install commercial, not free, anti-virus/anti-spyware software on all computers and servers. Configure the software to check for new updates hourly, as a minimum. There is always a time lag between a virus/spyware being released and security vendors releasing updates to detect it. Setting your update schedule to an hour (or less) helps reduce your potential window of attack. Also, only install one anti-virus/anti-spyware product on your machines. We are forever coming across machines running multiple products. These products often conflict with each other (especially on the anti-virus side), which will actually result in you being less protected. Running multiple products will also slow your machine down.
3) Scan Email. All incoming email should be scanned for viruses and spyware at least once, ideally more than this. In an ideal world incoming email should be scanned:
- Before it gets to your network – by an email scanning service provided by your ISP or other specialist security vendor;
- At the entry point to your network – by your firewall or broadband router;
- On your email server (if you have one) – using a mailbox anti-virus/anti-spyware scanning product;
- Within your email client, such as Outlook – most commercial anti-virus/anti-spyware products do this.
4) Scan Internet Surfing. Surfing infected websites or clicking on links that take you to these sites is the other main way, after email, that you can get infected with a virus or spyware. To prevent this all Internet surfing should be scanned:
- At the entry point to your network – by your firewall, broadband router or dedicated web scanning device;
- On your PC – some commercial anti-virus/anti-spyware products do this as well.
5) Restrict Internet Surfing. Restricting what websites staff are able to get to will significantly reduce the likelihood of a virus or spyware infection. So called “Web Proxy” devices will use various techniques, from simple lists of blocked sites, to checking for keywords in the downloaded web pages, in order block access to potentially harmful sites in the first place. These sorts of devices are not outside the budget of small and medium businesses – there are more advanced broadband routers on the market that include this functionality.
6) Education and IT Policy. A small amount of training goes a long way. Staff should be provided with some basic education on how to be savvy email and Internet users. In additional, all businesses that employ staff should have a written down IT usage policy, that states what is and is not allowed on company IT equipment.
7) Remove Admin Permissions. In many small and medium sized businesses most staff have full administrative permissions on their PCs. As a result, if they were to click on a link in an email or a website that then installed a virus or piece of spyware, the installation would proceed without warning. If they did not have admin permissions the installation would fail. There is no need for any staff to have admin permissions – all modern software programs will run happily without them.
Follow these seven steps and you should stay virus and spyware free.
Posted by John Clark 
Posted by John Clark 
RSS - Posts