This article is dedicated to the most common problem in computer security – viruses. However, it is precisely this problem that turns out to be “pushed into the background.” Its decision is postponed for various reasons and, perhaps, the main ones are the supposedly high cost of expenses with a visual lack of results, as well as the statement that “we are so small that no one is interested.” But viruses don’t choose where to live. Even if you think that no one is interested in your business, this does not mean that your computers and data cannot be used by attackers. After all, they are easy to use for criminal activities in order to gain profit (hacking). It is also worth noting that the costs are not as high as they seem. And if you look from the point of view of various virus threats and the consequences of them, then the costs of security will turn out to be completely ridiculous. But in modern society, time is money. It often takes quite a lot of time to restore the system, decrypt files and other work to eliminate the consequences of a virus attack, and there may not be a 100% guarantee of file recovery at all...
The most common reasons why your IT structure becomes vulnerable are:
- lack of anti-virus protection or incorrect settings;
- the presence of the "Administrators" right for the user account;
- disabled Windows update system;
- human factor;
- enable shadow copies.
So let's touch first paragraph, namely anti-virus protection. Antivirus protection is a good barrier against many threats. Therefore, for home use, System Administrator LLC recommends Kaspersky Internet Security, for small businesses – Kaspersky Small Office Security, and for larger enterprises and firms - Kaspersky Endpoint Security. Buying antivirus software is now inexpensive and easy. All protection components must be enabled to ensure protection.
The second point. Most small and medium businesses do not use Microsoft DOMAIN (Active Directory), and the network is built on the principle of "Home network". For such simple networks, you need:
- Disable the built-in Administrator account.
- Create an account with "Administrators" rights and set a complex password for it.
- For a work user account, set a password and take away the "Administrators" right.
The password for an account with the "Administrators" right is best kept on paper in a safe, and access to it is given only to one person who has the necessary amount of knowledge of IT security. It is also allowed to provide access to employees of outsourcing IT companies responsible for security. In no case should you notify everyone else about what password is set for an account that has the "Administrators" right.
The third point. We recommend enabling Windows Update. Microsoft regularly updates system components, writes special "patches" to eliminate security holes. A system that receives regular service packs is better protected than a system without them. And yes, it’s worth dispelling another myth that says that when working with a “pirated copy” of the system, updates cannot be enabled, because this will lead to blocking of all files and the impossibility of copying them to another computer and / or media. In fact, the worst thing that can await you after turning on the Windows update system is that a small inscription will appear in the lower right corner stating that you are using non-licensed software, but updates will be received in the same way as users of legal software. Thank you very much Microsoft!
Fourth item is the human factor. This point is closely related to the second. The fact is that not all people read what is written on the "pop-up window". Some, on the contrary, read, but do not have a clue about certain consequences, and either there is no one to ask or there is no time, but it is “not convenient” ... As a result, they often press Enter, and without knowing it, they launch malicious code. On the one hand, this is computer illiteracy, and on the other hand, an accountant (for example) cannot and should not understand all the nuances of IT technologies and security. Therefore, if an employee knows the login and password of the “Administrator” account, sooner or later a situation will occur in which he, without going into details, will enter them exactly where it is impossible.
Fifth point. Notice if "shadow copies" are enabled. In different versions of Windows, "shadow copies" can be either enabled or disabled. Check for yourself and turn them on if they are off. Enabling and using "shadow copies" guarantees you the ability to recover your files even after an encryption virus, but subject to all the previous points.
We wish you a virus-free work, your "System Administrator"!