Practices to Mitigate Malware Effects

Malware is any kind of a malicious software that can modify the functionality of a machine. It is believed that Malware is easy to deploy remotely and difficult to track the source of malware which has tremendously increased the black market for malware providers (BITS, 2011). Before developing strategy and practice to mitigate malware effects, it is important to understand the different types of malware and their behaviors that can impact an organization.

The fight against malware should be a collective approach rather than an individual or a group’s responsibility. Within an organization, there should be a proper analysis and risk assessment done to ensure that there are no loop holes in the way in which the company is addressing the malware issues. MSDN Library (2006), has listed an excellent strategic approach which provides guidance to identify, prioritize, control and mitigate such malware attacks.

According to this, it is important to assess the risk and prioritize it based on the business, conduct decision support to evaluate the controls put in place periodically, implementing controls on a regular basis depending on the advancements in the malware industry by staying updated on the trends in this dark market and putting an effective ways to measure the implemented risk management process within a company so that the company can introspect at various levels of mitigating malware risks.

• Keeping browser plug-ins patched by installing the patches as and when available from the vendors
• Blocking P2P usage by enforcing a no P2P (peer to peer) policy so that the malware cant be shared via P2P networks in a company.
• Turning off Windows Autoplay option as the external drives and USB cards can be a primary source of transferring malware into the machines.
• Turning on enhanced security in Adobe Reader that can protect the machine from any harmful attacks via PDFs
• Limiting the use of network mapped drives as there is a high probability of malware attacks transferring through such mapped drives. These drives can be closed unless it is an absolute requirement in the company.
• Reviewing the mail security effectiveness is important as mails and URLs are the very common type of media for malware attacks (Musthaler, 2011).

There must be efforts to develop a mitigation strategy in the organization to reduce, if not, completely avoid malware attacks not only in a reactive approach but as well in a proactive manner to be prepared and stay protected from such malicious software attacks to an organization.

At a high-level, the ways to minimize the possible ways of attack is by

• Ensuring all patches are installed on time
• Limiting the number of services run on a system which in turn reduces the possibility of attacks
• Controlling and limiting the publicly available data about the system and organization (Conklin et.al, 2016).