Malvertising: What It Is and How to Protect Your Small Business from It
By Matthew J. Tyson, IT Specialist
Malvertising is malware embedded in online advertising. This type of malware infects your computer when an infected advertisement is shown on a website that you are viewing, which usually happens when an advertisement network is infected with malware. In this article we will talk more in-depth into what malvertising is and how to protect your business from it.
WHAT IS MALVERTISING?
Malvertising is a way for hackers to access your computer by exploiting vulnerabilities in your browser and operating system by viewing infected online advertisements. Malvertisements do not need to be clicked or activated manually by the user viewing the website. The infected advertisement only needs to be loaded into your internet browser. In some cases, you may not even be able to easily view the advertisement.
So how do you protect your business from malvertising since it is viewed the same way as legitimate online advertising? In this blog, we will go over some simple methods of protecting your business from malvertising and other cybersecurity threats.
HOW DO I PROTECT MY BUSINESS FROM MALVERTISING?
There are eight major practices that you need to implement to protect your business from malvertising and other cybersecurity threats, as follows.
1. Modern Browsers
First, always use an up-to-date modern internet browser, like Google Chrome, Firefox, or the new Microsoft Edge browser. Do not use Internet Explorer, Netscape Navigator, or any older depreciated browsers, which are not being supported anymore. These browsers have security flaws in them that allows the malvertisements to potentially be successful in infecting your computer. Consider your browser as the front line of defending your computer against malvertisements when surfing the web.
2. Browser Security Extensions/Addons
Use a reputable popup blocker and website advisor extensions/addons to your internet browser like Adblock Plus and Microsoft Defender Browser Protection.
3. Security Software
Have up-to-date reputable security software on your computers and mobile devices, like Trend Micro Worry-Free Security or Norton Small Business. Also, make sure your computer’s operating system’s built-in security software is enabled, even partially, as a second line of defense.
4. Operating Systems
Use a modern up-to-date operating system like Microsoft Windows or Apple macOS. Keeping your operating system up-to-date means that known security vulnerabilities have been patched and new security features are being used.
5. Hardware
Make sure your hardware is replaced every five years depending on manufacture support and hardware specifications. If the hardware manufacture is not supporting your computer’s hardware anymore through online updates, then replace it as soon as you can. Most business hardware is supported for an extended period, which gives you extra time to decide on a replacement.
6. Backups
Keep up-to-date backups of all your business data to help mitigate the effects that a cyber-attack or a natural disaster can have on your business, assisting in your ability to keep your business running. It is also very important to keep your backups in a secure location.
7. Training
Train your employees on recognizing cyber threats to mitigate compromising your organization’s security. Many employees may not know about malvertising and other threats like social engineering, which is talked about in our social engineering blog. This can be a big hole in your organization’s cybersecurity practices that needs to be addressed.
8. Vigilance
As a business owner, be vigilant in your cybersecurity practices. Having good cybersecurity hygiene goes a long way on protecting your business from malvertising and other cybersecurity threats that your business maybe facing.
The dynamic aspect of the cyber threat landscape requires business owners and individuals to continue to learn good cybersecurity hygiene. From using modern internet browsers to being vigilant, it is very important to keep up with these practices, which can help prevent the threat of malvertising and other cybersecurity threats your business comes across in the future.
Here are some good resources to learn basic small business cybersecurity practices:
https://staysafeonline.org/stay-safe-online/online-safety-basics/
https://us-cert.cisa.gov/resources/smb