Anti-virus versus anti-malware – what’s the difference? These two categories of protective tools are often misunderstood. It stems from confusion between viruses and malware. A virus is code that can damage your computer, system, and data by copying itself. Malware is used as a catch-all term for malicious software such as spyware, ransomware, trojans, adware, worms, and viruses. Malware is ever evolving whereas viruses have been around for a long time and continue to stay generally the same. Wendy Zamora of Malwarebytes Labs expands further on these differences for you to gain better understanding as you follow anti-virus best practices.
Once you grasp these differences, you can turn your focus to the policies and tools you need to implement to protect against malicious attacks. We’ve gathered a list of five tools to get you started on proper anti-virus protection and a few tips on establishing thorough anti-virus policies to be implemented by your employees.
Protecting Through Anti-Virus Tools
In the world of information security, we often see Internet searches looking for help with Windows Defender or anti-virus for Macs, as well as questions about which anti-virus tools are the best to use. While this list isn’t exhaustive, it’s a good starting place if you’re looking to protect your systems with anti-virus software.
- Bitdefender – Bitdefender has enterprise security solutions for all business sizes that helps you manage your security from endpoint, to network, to cloud all of which can include anti-virus and anti-malware software.
- Kapersky – Kapersky has solutions to predict, prevent, detect, and respond to cyber threats through a number of adaptive security services.
- AVG Business – AVG Business offers security tools geared to small business security needs with software that automatically updates to keep your security up to date always. KirkpatrickPrice uses AVG Business to protect our own devices from viruses and various threats.
- McAfee – McAfee offers security solutions designed around your business outcomes – transformation, risk management, or automation and efficacy. All of these solutions come with protection against viruses and malware.
- Norton – Norton Small Business provides a single solution security service to protect all your devices according to your specific security needs, including malware protection and anti-virus software implementation.
Keep your data secure with anti-virus software that will detect threats, remove all malware, and protect against new threats. Once you’ve implemented anti-virus tools, you can turn your focus to developing detailed policies regarding anti-virus software.
Establishing Anti-Virus Policies
Don’t drop the ball by just adding anti-virus programs to company laptops and expecting that to protect you from all threats. Create policies that expand your protective efforts to ensure your software is patched, anti-virus tools are working effectively, and anti-virus mechanisms are maintained. The PCI framework includes a number of requirements regarding anti-virus and anti-malware software that can be referenced to develop your own policies. Let’s take a look at a few of the PCI requirements that can guide your anti-virus practices:
- PCI Requirement 5.1.1 requires that your organization’s anti-virus program is capable of detecting all types of malware, removing all known types of malware, and protecting against all known types of malware.
- PCI Requirement 5.2.1 states, “For systems considered to be not commonly affected by malicious software, perform periodic evaluations to identify and evaluate evolving malware threats in order to confirm whether such systems continue to not require anti-virus software.”
- PCI Requirement 5.2 exists to, “Ensure that all anti-virus mechanisms are maintained as follows: are kept current, perform periodic scans, and generate audit logs which are retained per PCI DSS Requirement 10.7”
- PCI Requirement 5.3 states, “Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period.”
These requirements express the need to create policies that will ensure your anti-virus software is kept up to date, effective, and purposeful as part of your information security program. Establish procedures that your organization can implement to further secure your systems and protect against malicious malware and unwanted viruses.
Educating Your Employees on Anti-Virus Best Practices
Once you’ve implemented an anti-virus tool, created policies to maintain that software, and established procedures to follow, you need to educate your employees on anti-virus best practices. Anti-virus training should be included in your annual organization-wide security awareness training. User education should be a top focus to ensure the work you’ve put into mitigating these threats is implemented all devices. Any small gap can lead to big problems, but your employees can be the first line of defense against these threats. If you’re interested in learning more about security awareness training and how regular education can improve your security posture, contact KirkpatrickPrice today.