Today’s cybercriminals leverage many types of malware for the sole purpose of financial gain through stolen data, identity theft and other scams. Cybersecurity threats in the workplace are not inconsequential and no company is immune. Stolen assets are difficult to recover and the reputational and financial damage is sometimes insurmountable, especially for businesses that are not properly prepared.
Understanding the different types of malware and how each gains access to corporate computers can help companies avoid becoming victims. Business managers, IT personnel and employees should familiarize themselves with the nine common types of malware and prevention tactics outlined below.
Viruses are the most common type of malware, and as the name suggests, this software spreads by attaching itself to files that are shared across networks or devices. The virus is downloaded when a user opens an infected email message attachment or website link. Viruses can also be circulated through portable media, like thumb drives.
A Trojan horse is malware that appears to be legitimate software but downloads malicious code onto a user’s computer in an effort to steal financial information or customer data. This code is delivered through email attachments, free-to-download software, pop-up ads or links on websites. Unlike a virus, this type of malware cannot replicate itself or self-execute. This means a Trojan horse will often lie in wait until a user takes a deliberate action, such as opening a specific application or file that triggers the code to run.
Like viruses, worms can duplicate themselves on devices or systems, but these do not require human interaction to spread once they are in a network. Worms rely on vulnerabilities in security software to access backdoors and systems. This malware spreads through email attachments, instant messaging programs or shared drives on servers.
Ransomware is a type of malware that infects a computer and prevents people from accessing files or data, holding the encryption key for ransom. While high-value businesses are often targeted, small companies are also susceptible, especially if there is no dedicated IT team to oversee network security. Ransomware can gain access to a computer from a simple action, such as an employee clicking on an infected email attachment or a staff member visiting a malicious website.
Spyware is a type of malware that gathers sensitive information, from browsing habits to email messages, and it reports its findings to an unauthorized person. This malicious software can also include keyloggers, which record keystrokes to steal login information, credit card numbers and other data. Spyware often originates in corrupt files downloaded by an employee or other user; these files often masquerade as anti-virus software updates or other “helpful” pop-ups.
This malware software, commonly known as “spam,” displays unwanted advertisements to users for the developer’s financial gain. When left unchecked, the bombardment of ads can disrupt the operating system and cause it to crash. These nuisance attacks are often the result of someone downloading programs or software from the internet, such as freeware or shareware.
A malware bot is a software program that infects a system to steal contact information and financial data or to complete automated tasks, like sending spam messages or overloading a website with traffic. Most often, a bot gains access to a network when a social media or email message with a malicious link is shared; when recipients click a prompt, usually a picture or video, bot malware is downloaded.
Fileless malware exists only in a computer’s RAM (random access memory), so no files are downloaded to any device’s hard drive and there is very little evidence of the code’s arrival. This cyberattack distributes infected files through trusted programs so it is very deceiving. This type of cyberattack can give hackers access to control the computer remotely and retrieve financial information, contact lists and passwords.
Mobile malware works in similar fashion to Trojans, viruses and worms that target computers, but it is designed specifically to infiltrate mobile technology. Companies that rely on personal mobile phones to do business are often targets of mobile malware. Infected mobile code gains access through fake applications, automated scripts, or phishing messages via text (smishing). The consequences of mobile malware can range from a benign wallpaper update to compromised bank information.
Damage Caused by Business Malware
The most damaging type of malware for businesses is ransomware because it can instantly halt production, resulting in immediate financial losses. Plus recovery is expensive and regaining customers’ trust takes time. This does not mean that other types of malware are tame. Viruses, Trojans and spyware put proprietary information at risk of being sold for identity theft or other nefarious uses. Bots that target website forms can trigger hundreds of false leads that are difficult and costly to investigate and bot activities can impact the site’s performance, driving away potential customers.
How To Prevent Malware Attacks
Every business can deploy tactics to protect itself from hackers and cybercrimes. Business owners and IT managers who recognize when a company is vulnerable to cyberattacks should correct weak security protocols immediately. Companies can stop malware attacks and reduce the damage they cause by:
- Educating employees about the signs of malware, including slowed devices, incessant pop-up messages, reduced hard drive space and new or missing files
- Using anti-virus software to scan emails, networks and devices for malicious code
- Implementing password prompts to restrict user downloads
- Deploying CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) on websites to root out bot traffic
- Requiring sophisticated passwords and two-factor authentication
- Keeping browsers, devices and email clients updated
- Adjusting browser settings to limit pop-up windows
- Using a secure business Wi-Fi network
- Having a recovery response for ransomware and other cybercrimes
Take control of your business’ security by visiting ftc.net/business. With proper firewall setup and professional network monitoring and maintenance, enterprise assets are secure. Keep focused on customers and clients and let our full-service IT solutions and cybersecurity services handle the digital details.