Ask Intronis is a weekly advice column answering common questions from MSPs and IT service providers. It covers topics ranging from pricing and selling to marketing and communications—and everything in between. Submit your questions by emailing AskIntronis@intronis.com.
Q: I’m having trouble explaining malware to my customers. Can you define malware in terms they can understand? Also, what tips can I give them to help protect their business from a malware attack?
You're not alone. Every MSP faces the challenge of successfully explaining malware to their customers to help make sure they're well-protected. In the most straightforward way, the term malware translates quite literally to “malicious software.” This is a good starting point for your explanation. Follow that up by telling the customer that it's an all-encompassing term that includes viruses, ransomware, worms, spyware, adware, and generally any software that is used to obtain sensitive information without a user’s consent. Most importantly, be sure to describe how malware disrupts computer systems in a variety of ways, such as by restricting access, encrypting files, corrupting data, stealing personal information, or slowing the system down.
After your customer understands what malware is, explain how it infects systems. Begin by telling them that malware can enter a system through downloads, email attachments, advertisements, or any type of hole in the security of the system. After an infection occurs, a system shows signs of the attack and is recovered in different ways, depending on the type of infection. For example, ransomware will display a message demanding a sum of money, while spyware will live in your files, possibly without ever being noticed.
So, how can you and your customers protect yourselves from Mal, the data loss gremlin? Whether you’re an individual user or an IT service provider, there are some simple yet valuable steps you can take to prevent malware from infiltrating your system.
Best practices in prevention
We got Paul Hanley, a partner support engineer here at Intronis, to share his four best practices for protection.
1. Educate your users.
Even if you implement the best anti-virus software available, the human user still acts as one of those vulnerable holes in the security of your system. Often times, it is the user who invites the malware in, easily bypassing the security measures already put in place. Remind users to always use a critical eye when opening email, downloading any attachment, and, ultimately, clicking on anything online.
What things should they be looking for? It’s important to look at the context of an email or a webpage before deciding to download or open something. Be sure to review the file name, the web address of the link, and the file type before clicking.
2. Use a level of protection.
Do your research and find out what type of security software is properly suited to protect your customer’s systems. The FTC recommends using an anti-virus, anti-spyware, and a firewall on all computers.
3. Make sure software is up-to-date.
While deploying security is an important first step, updating that software is just as vital. Review software updates and be aware of any changes. Also, be aware of any present threats. A great resource for this is the SOPHOS threat monitoring dashboard that displays what malware is currently active.
4. Backup your data.
You can protect yourself against an attack from Mal by deploying a data protection strategy and backing up business-critical data. If your customer experiences a problem with malware, you will be able to recover the critical data and restore the system quickly.