Over the past few months I have seen articles both in IT publications and business publications that I read with titles like ‘Is Antivirus Dead?’ Of course I read a few of them and the short answer is no. Antivirus is still a valuable part of what should be a multi-part security plan. Once I read several of these articles they all agreed — Antivirus was not dead, just different.
Hackers are getting very good at finding ways to penetrate computer systems, bypassing your antivirus software completely. These hackers use legitimate applications to do their initial dirty work and open the door. Some of these applications are installed covertly using flaws in unpatched web browsers and browser add-ins. Patching is very important and so is removing any unused software or browser add-ins from your computer. Regular inventories of software that are installed on home or business computers go a long way to helping minimize the risk of infection. Also, using your computer in a safer way is very important. By this I mean locking down the computer so that the username you use to log in with every day has the power to do what you need to do every day and nothing else. By nothing else I mean not being able to install software and not having administrative rights to everything on the computer or network. As part of this system lockdown, following a list of security best practices is highly recommended. You can find these types of best practices on line in websites like Microsoft and the NIST website, nist.gov. My recommendation would be to take a look at these suggested security settings with your CIO, CSO, or IT consultant and determine what works best for your organization and your users. This list of settings along with antivirus, software patching, and software inventory will go a long way toward securing your computers and servers from potential attack. This new security plan should be looked at and reevaluated at least annually.
It is important for business owners, management, and ‘ executives to be involved in the planning of security policy and implementation to ensure success. B.I.T.S. provides Virtual CIO and IT consulting services to help your business build and implement strong security policies and procedures in order to keep your system safe and ensure these IT policies align with business requirements and goals.