why malware is dangerous and how to protect yourself_woman sitting on coach reviewing looking up malware solutions on her mobile phone

Why Malware is Dangerous and How to Protect Yourself and Your Business

You may have heard stories of businesses that fell victim to a type of cyberattack called ransomware. Victims of ransomware tend to lose access to critical systems or information, causing significant business losses regardless of whether or not they pay a ‘ransom’ demanded by the attacker. The FBI reported that ransomware losses in the US increased 74% from 2022 to 2023, from $34.4 million to $59.6 million. Ransomware is just one example of a digital threat involving malware.

Malware is a broad term for any sort of software that performs unauthorized changes to your devices or network or monitors and records activity. Some forms of malware remove defenses to allow outsiders access to information on your machine, some send your login credentials or personal info to others without your knowledge, and some disable your machine, device, or network, which can require a full system reset and a loss of data. In some cases, it may not be clear that your device has been compromised while your info is collected and sold to others.

Some forms of malware are just annoying, as they drain system resources and slow down your devices. At worst, they can be dangerous to the hardware and pose greater risks to your financial security. For instance, a business hit by some types of malware attacks―including ransomware―may have to alert authorities, repair damage, replace their network, notify customers and clients of a security breach, face potential lawsuits, fines, or compensation, and face damage to their reputation. This goes for individuals as well and can have a long-term impact on your personal finances and credit profile.

Malware can affect any individual or business. Overall, software security vulnerabilities are at an all-time high. In recent years, there have been major malware attacks around the world, and millions of emails, passwords, and other financial information have been stolen and put up for sale. Malware has also connected groups of infected computers, stored data in multiple locations, or attacked other networks. As our reliance on technology grows, our understanding of these risks and how to protect ourselves must grow as well.

Types of malware.

A better understanding of the forms that malware takes can serve as a foundation for identifying what activities might lead to malware on your devices. Some common types of malware include:

  • Virus. This type of malware attaches to files and folders in a computer or network and then infects others. It may replicate inside a network or be attached to a thumb drive and spread to any computer that connects to the drive. Viruses cause damage by erasing or corrupting files and can even change a computer’s security settings.
  • Scareware. This type of malware attempts to bait you into clicking a link or message that typically warns you of an issue, such as compromised digital security, legal troubles, IRS tax debt, or potentially embarrassing content that’s being shared on social media about you. The warning usually includes a site to visit, a number to call, or a program to download that can either solve or detail the issue. This tactic can be effective if it catches you off guard, lines up with a fear that you have, and creates enough urgency.
  • Ransomware. This type of malware involves a real or perceived device or account takeover. You’ll receive pop-ups or other communications that notify you of the issue and encourage you to provide information or money to regain access to your account, device, data, or network. The amounts requested may not be large, which is one reason that they can be effective with enough volume. However, there’s no guarantee that a key will actually be sent, or that the scammers won’t try again in the future. Once a scammer identifies you as a source of funds, they’re likely to continue or increase efforts. That’s why the FBI generally discourages paying.
  • Spyware. This software monitors your activity, such as the sites you visit and what you type—including usernames and passwords.
  • Adware. While not all adware is considered malicious, some ads can come from malicious sources. Ad networks work diligently to block or remove ads from scammers, but scams are sophisticated and can avoid detection long enough to lure victims.
  • Trojan. Like the Trojan horse, this program conceals a more malicious program that the user may not know about. A classic example is an online card that looks friendly and fun and is easy to share but may include a virus. Variations can include programs that download when you visit a certain site or execute a file.
  • Any/all of the above. As malware becomes more sophisticated, some criminals combine methods. For instance, during the COVID-19 pandemic, people were invited to visit sites with information about the virus and possible cures. Along with receiving false information, many also received malware. Or, like in the University of Utah ransomware case, the thieves threatened to expose student records after disabling the school’s computer network.

Avoid triggering malware.

Typically, malware requires that you take an action, like clicking on a link or downloading a piece of content. For instance, a common method of spreading malware is through phishing. A phishing attempt may convince someone to pass along sensitive information or download a program, but could be as simple as clicking a link that triggers download actions in the background. Phishing can be a bogus email or text message that appears to come from a legitimate source such as a co-worker, family member, or the government or your financial institution. It may include a message telling you to click a link, perform a download, or make a phone call to correct an issue. Phishing is most effective if you let your guard down. The request is almost always urgent and unexpected. If something seems off with the request, reach out to the individual or company via an official channel or saved contact information. No level of urgency is worth risking your digital and financial security.

Install an antivirus program and update software regularly.

Current antivirus programs are excellent starting points against malware. Criminals are constantly looking for new vulnerabilities, which makes it vital to install updates as they’re released for antivirus programs, software, and hardware. Many modern versions of antivirus software include real-time scanning of sites, pop-up ad blocking, and scanning downloads for viruses. These are inexpensive, usually under $100 for a year’s coverage for multiple devices.

The newest version of browsers include firewalls and similar programs to block pop-ups or control if any download is permitted. You can adjust security settings in Control Panels in Windows/Mac OS.

Removing malware.

Detecting malware can depend on the type. Aside from antivirus alerts, you may be able to identify active forms of malware, including pop-up windows, limited system access, slow processing speed, new icons on your desktop or folders in your system, your cursor moving on its own, or recent files or history you don’t recognize. Experian suggests closing your applications and shutting down your system right away. It then suggests visiting your antivirus site to ensure you have the latest version and it’s running properly.

why malware is dangerous and how to protect yourself_woman sitting on couch installing antivirus software on laptop

If you believe infection has occurred or may be taking place, there are immediate actions you can take:

  • PC/Windows: On a PC/Windows machine, you can start by disconnecting from any network and switching to Ethernet, not Wi-Fi, then deleting all your .tmp files, which can be done from your security setting. Newer Windows products also come with a program called Windows Defender, which can block attacks. You can also restart your machine but in safe mode. This makes it easy to identify and remove uncertain files.
  • MAC: If you have a newer MAC OS, you’re considered safer than Windows users, but there are still some risks of infection and behavior to consider. Owners can start by allowing your antivirus software to quarantine the files duringmalware detection.

Check out this resource for detailed steps on addressing malware on a PC or Mac.

If you have up-to-date antivirus software, the program should provide some ways to identify, quarantine, and delete suspicious files. Additionally, consider alerting your internet service provider or wireless carrier, as either entity may have suggestions for detecting or removing possible malware.

Protecting a business from malware.

Scammers may sometimes rely on complacency or a lack of training. Any person, business, or organization could be targeted, so do not underestimate the value of your personal or business information. More and more frequently, scammers are targeting individuals, small businesses, even smaller health care organizations or school districts.

No matter the size of the business, employers should consider offering regular training on how to recognize malware and other security threats. Generally,  on-the-job security education can be as simple as teaching people to be aware that risks exist and to exhibit caution with unsolicited communications. For example, understanding domain structure (an official government site like the IRS would have a .gov prefix, not .com) and being able to recognize poor grammar could help identify illegitimate communications, as many scams can originate from fake sites and foreign countries―that being said, the rise of generative AI makes it easier for scammers to create natural-sounding messages for any audience.

Additional training should include what to do if a ransomware attack happens. It can be scary if you get an alert, but sometimes the easiest direction is to disconnect your computer from the network, turn it off, and alert a supervisor or the security team rather than responding to the threat directly.

Aside from training, develop and implement a data backup and recovery plan for all critical information. Test your backup system regularly, and isolate your critical backups from the network. This will prevent your backups from also being attacked, and allow you a smoother recovery if your network is compromised by ransomware.

Companies with IT departments trained in security can also assign different security levels or access privileges to different parts of your network. That way, if someone does access parts of the network, they can’t get to every level. IT can also monitor activity in key areas, so unauthorized access can be flagged. Regular security tests and audits also could be useful.

Ongoing digital security.

Battling malware and other digital security threats is an ongoing and evolving process. There are various protective measures that individuals and companies can use, including firewalls, security/antivirus software, and storing critical information on a computer or storage device that isn’t connected to a network. New products are always coming out that can provide additional defenses—while existing products require consistent and timely updates. At the same time, criminals are looking for new opportunities and tools to better access other systems. It’s an ongoing dynamic―as criminals discover new ways to breach defenses, new defenses are created, and vice-versa.

We’re always happy to be a source, whether it’s evaluating a suspicious offer or considering different types of malware protection. As a next step, consider downloading our security eBook for more ways that you can protect yourself or educate your employees.

Note: Email should not be used to share important or sensitive information.

The security and privacy of your information is important to us. When communicating with us via email please do not send any information that is considered confidential or sensitive in nature. If you need to communicate any personal information (account numbers, social security number, etc.) please feel free to call the number listed in my profile or contact OnPoint Member Services at 503.228.7077 or 800.527.3932.

 

 

You are leaving OnPoint Community Credit Union.

The website you are about to visit is the responsibility of the party providing the site. Any transactions you enter into through this third-party site are solely between you and that vendor, merchant or other party. OnPoint’s Privacy Policy does not apply to this third-party site, and for further information you should consult the privacy disclosures of this site.

 

 

Cancel Accept