Security Awareness: Malware at Work

Often disguised as something that you want, malware attacks are not always obvious. Learn how to prevent malware attacks from disrupting or disabling your system through simple popup ads or links, and from holding your data for ransom.
Course info
Rating
(14)
Level
Beginner
Updated
Jan 15, 2018
Duration
1h 13m
Table of contents
Description
Course info
Rating
(14)
Level
Beginner
Updated
Jan 15, 2018
Duration
1h 13m
Description

Cybercriminals are very good at hiding or bundling malicious software and luring you to download and install the software. In this course, Security Awareness: Malware at Work, you'll learn how to protect your business and yourself by gaining knowledge of malware attacks. First, you'll dive into identifying the attack and how to stop from becoming affected by these attacks. Next, you'll explore how to be more proactive in avoiding this type of attack. Finally, you'll discover how to identify who you should notify if a malware attack is detected. When you're finished with this course, you'll have the necessary skills and knowledge of security awareness needed to prevent malware attacks at home and at work.

About the author
About the author

Jason Helmick is an author for Pluralsight. His IT career spans more than 25 years or enterprise consulting on a variety of technologies, with a focus on strategic IT business planning. He’s a highly successful IT author, columnist, lecturer, and instructor, specializing in automation practices for the IT pro.

More from the author
More courses by Jason Helmick
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, I'm Jason Helmick, an author here at Pluralsight, and welcome to my course, Security Awareness: Malware at Work. Cybercriminals are really good at hiding and bundling malicious software and luring you, tricking you into downloading and installing that software. Oftentimes, it's disguised as something you want. That's what makes it easy to trick you into it, and it can cause distribution to your system as simple as pop-up ads, or go as far as disabling your system entirely, or holding your data for ransom. In this course, you'll learn how to protect your business and yourself with gaining knowledge of malware attacks. You'll learn how to identify the attack, how to stop from falling a victim to the attack. You'll also learn how to be more proactive in avoiding this type of attack and who to notify if you detect one. So join me on this journey to start learning about cybersecurity and malware attacks. Here at Pluralsight, we love learning, and we hope that you do too.

Disable, Disruption, Collection, and Theft
I am sure that you would not intentionally download malicious software or malware. I mean, after all, it is so devastating both to your home and to the office, but what's surprising is that in many cases that's exactly what happens. You voluntarily downloaded it. True story, I needed a software driver for a piece of hardware in a server, so I went out to download it. Now, I didn't go to the manufacturer's website like I should have. I was in a hurry. I just went to some random download site. And I knew this site was suspicious because there was a bunch of pop-up ads occurring, and I knew I shouldn't be downloading it from here, but I downloaded it anyways. And low and behold, my antivirus kicked off and said that I just downloaded malware. True, I had a tool, my antivirus software to help me with this, but I had already violated so many rules before I even clicked the download. I knew I went to a website that was not the manufacturer's website. I knew the website was suspicious, but I wanted the software. And this is how they get you. Cybercriminals will use all kinds of devious tactics, either over the phone or through an email, like phishing, where they will try to convince you to download the software that will allow them to do whatever criminal activity they wish to do. And that's what we want to try to prevent in this series and in this particular course. What we're going to take a look at in this module is malware in action, what it's going to do and what we're going to try to avoid. And we're going to actually define what malware is. Now, I'm not going to get into a whole list of terms for malware yet, that's what we're going to do in the next module, but at least we'll get a solid definition of it and what it is that cybercriminals want to have access to, what they want to use the malware for. So let's get started with malware in action.

The All-encompassing Term: Malware
Malware is a generic term. In other words, it's a broad term that represents a lot of very specific types of software that might infect your system. And what I want to do is I want to break those down for you because each one of those represents a different type of attack, and those types of attacks you might recognize by knowing what their real names are as opposed to the generic term malware. So really, what we're focused on in this module is malware by any other name. What are the different types of malware? Some of these you will already know because they've been industry terms for a long time. Things like viruses. And you may have heard the term worms before. These are older terms, but we still use them. And things like ransomware and zero-day; these are one of a few types of attacks that we're going to talk about. And there's other activities that may or may not involve malware that oftentimes are related to malware. So, we want to make sure that you're aware of what these terms are, not only what they are, but what these types of attacks can do.

The Master Plan to Prevent and Remove Malware
When we first started this course off together, I said right at the very beginning there's no one way to prevent malware. In fact, it's going to require a couple of tools and some best practices, and even then, you're not going to prevent it 100% of the time, so you also want to be able to remove it, and if you do get infected, know who to notify. Now, we're going to start off with things that can help you at home, but we'll also switch to the business and some of the processes that they'll go through. The idea here though is that through good practices, good thought processes, in other words, don't do what I do, and if you know it's a bad website, don't use it, but through good practices and some additional tools, you can go a long way in preventing malware from infecting not only your system at home, but also impacting you at the office. And so what we're going to start off with in this module is a conversation about being proactive. What does that really mean in the sense of how do I get ahead of this? How do I ensure that my system doesn't get, or at least do the best I can to ensure that it doesn't get infected? And if it does, how can I get rid of it? And so then we'll talk about some common malware countermeasures and some general countermeasures for security awareness over all. So let's get started with being proactive.

Malware at the Office
When it comes to security and preventing things like malware from infecting you, a lot of the tactics that you would use at home are the same kind of tactics you would use at the office. You would use antimalware software. You would update it. You would run it. The difference being is that at the office some of those decisions may have been made for you. There may be an entire department of security professionals that are going to help and assist you in this process from a business perspective. And their goal is to protect the business and its confidential data. Knowing that you might accidently install malware means that they'll also focus a lot of time on you and how to make sure that you're following preventative measures. And this can be really helpful because anything that you learn from the office, you can then bring home to help protect yourself. So while we're going to focus on the office right now, remember, all of this same stuff can apply to you at home. What we're going to focus on in this module is the data that's in your business, where it's located, and you already pretty much know this, the computers, and the cell phones, and anything that's used for the business, the challenges and the fixes that the business faces. Then we're going to start to take a look at what the business has that you don't have at home, which is a lot of businesses have security teams, and they operate very proactively in trying to combat malware and other security incidents from occurring. And their malware countermeasures, which are very similar to yours, that's what I want you to see, that you might use at home and the countermeasures that you can also use at home. So let's get started with data in the business.

How to Report a Malware Incident
If you've watched some of the other security awareness courses that I've done, you notice that I like to end up here, how to report an attack. Whether it be malware or some specific type of attack, who do you notify? And the reason that this is important is that a lot of times you might have already gone through this where you may have experienced some sort of security breach, an attack, malware, and maybe your antivirus cleaned it off, but at the same time you're like do I need to tell anybody about this? Should I tell anybody about this? And when it comes to you and your company, the answer is yes. When it comes to you at home, the answer is maybe, and that's why I like to talk about this at the end. And so here's what we're going to do. We're going to look to what you might do working at your company or at your business and who you might report an event to. What you might do if this happens to you at home, who you might report something to. And last but not least, worst case scenario, you can always report it to the FBI. So let's get started with what should you do if you're at the business.