It’s a common belief that cybercriminals only target the largest enterprises because that’s where successful attacks will allow them to profit the most. However, this isn’t true—bad actors are just as likely to target small- and medium-sized businesses (SMBs) as large ones. This is because many cybercriminals choose targets that offer a reward in exchange for as little effort and risk as possible, and SMBs don’t usually have a large budget to dedicate to cybersecurity, so their systems are more vulnerable than those of larger enterprises that can afford more sophisticated protection.
Because of this, almost half of all cyberattacks are targeted towards small businesses, and SMBs are largely being attacked via the same sophisticated methods as larger organizations, with the number one threat being system intrusion. And 70% of these attacks involve malware, usually of the ransomware variety. A successful malware attack can have disastrous consequences for small businesses, including data loss, loss of reputation, and financial loss. The average cost of a ransomware breach is $4.64 million—a figure high enough to put many SMBs out of businesses should they have to face it.
Despite these risks, one-third of small businesses in both the UK and US use free, consumer-grade cybersecurity, and 23% don’t use any endpoint security platform at all. But even consumer products often don’t offer the same level of protection that enterprise products do, and they’re much more difficult to manage across multiple devices.
However, there’s a type of endpoint protection designed specifically to protect SMBs against known and emerging malware threats without breaking the bank: antivirus software.
So what is antivirus software, how does it work, and how can you choose the right antivirus tool for your SMB?
What Are Endpoint Protection and Antivirus Software?
The importance of endpoint protection has perhaps never been as critical as it is now. In today’s world, an increasing number of employees are working from home either temporarily or permanently, using their own devices rather than office computers. If a user syncs their work emails with their personal cell phone, that device then becomes another endpoint though which a bad actor could gain access to the network. This means that we need to implement endpoint protection that‘s flexible, as well as powerful, in order to keep our devices and users safe.
Endpoint protection is the process of securing endpoints, or end-user devices, that are remotely connected to an organization’s network. Endpoints serve as access points to the network, and these access points can be exploited by bad actors. Endpoint protection secures all of these entry points from malicious attacks.
Antivirus software is a type of endpoint protection that secures individual endpoints by detecting and blocking malicious files. Today, most antivirus software is hosted largely or even entirely in the cloud. This means that vendors can utilize advanced machine learning technology to automate analytics, which greatly improves detection rates. It also means that solutions can crowdsource intelligence from across a network of protected devices, providing protection against unknown and zero-day exploits. If a threat is detected on one system, all others are made aware of it. However, as antivirus software has become more sophisticated, so have malware attacks.
How Does Antivirus Software Work?
Antivirus software runs in the background of your device, scanning files, programs and applications and comparing their code with information stored in the software’s database. The database contains information on known malware, or “malicious software”. If the software finds a piece of code in one of your files that’s similar or identical to a piece of code in its database, that file is considered malware and removed permanently or quarantined.
Removing the threat cleans it permanently from your system, while quarantining it allows vendors to analyze the threat and alter their antivirus solution so that it’s better at protecting against it in the future. Jason Norton, Product Marketing Director at VIPRE, says that they do this in two ways: “If a bad file is quarantined and there’s no existing signature definition, then the definition would be added globally to a known bad list of files. That’s how signature-based detection basically works. At a deeper level though, bad files and samples are collected by vendors to feed machine learning algorithms alongside benign files to build behavioral analysis and machine learning. VIPRE has over 1 PB of files doing this kind of work.”
Why Do You Need Antivirus Software?
Strong antivirus software is absolutely crucial when it comes to protecting the devices connected to your network. It provides protection against viruses, malware and often also phishing attacks, which have the potential to completely destroy a device’s system by infecting processes crucial to the computer’s performance. This protection also prevents identity theft via spyware, which secretly monitors what you do on your computer and sends sensitive information to the hacker. However, anti-virus solutions often do much more than protect your system from file-based malware.
Any strong antivirus software will include a firewall feature that filters information coming into your system via the internet. This means that your endpoint is protected against online threats, spam sited and pop-up ads. Integrated browser controls mean that administrators can block potentially dangerous websites, which can also create a more efficient workplace. This feature is particularly useful in the education industry, where users are more vulnerable to both exploits and distractions.
Antivirus software doesn’t just protect office desktops—sophisticated solutions are compatible with laptops and mobile devices, too. This is particularly beneficial for companies whose employees work remotely. Whether an employee does all of their work on their personal laptop, or just syncs their work emails to their personal mobile phone, these devices become connected to your network and, if compromised, provide an “in” for hackers. Antivirus software helps to prevent this. This flexible compatibility usually comes paired with a remote management console, which means that admins can manage all of their employees’ devices, regardless of geographic location or device type, to make sure that they’re installing the latest security updates.
Finally, lightweight antivirus software can help make your system run faster. Malware and viruses often cause your machine to become slow and sluggish as important performance processes are corrupted. In blocking these infections, antivirus software leaves your system clean and able to run efficiently. However, some antivirus software may slow the device when running scans. If this happens, users can go into the software’s settings and configure it to scan at a time when the device isn’t in use. This feature isn’t always available with free antivirus, so it makes it worth your while to invest in a business-grade solution.
What Key Features Should You Look For In An Antivirus Solution?
We’ve explored what antivirus software is and why all organizations should be running it, but what makes an antivirus software solution effective? We’ve put together a list of the key features you should look for when investing in an antivirus solution. The most advanced threat protection never comes freely, so being aware of the different solutions available and what their features are will help you make an informed decision when it comes to investment. Here’s our list of the top features you should consider when looking for an antivirus solution to protect your small business:
Ease Of Deployment
It’s important that your antivirus software is easy to deploy. The first step in this is removing any previous endpoint security software. Secondly, the MSI must be easy to install after purchasing a subscription and come with pre-configured policies. A strong solution will offer protection almost immediately after the purchase has been confirmed, whereas some less efficient solutions can take up to a few weeks to install, leaving your devices unprotected for that period. You should be able to update policies yourself later, but having pre-configured policies on installation means that the software can start working immediately. The same goes for when you need to add a new device. This usually happens when onboarding new employee devices—it’s important that new recruits, who are particularly vulnerable to exploits as they may be unfamiliar with their new system, are protected immediately. And we aren’t just talking about work laptops and office desktops here—you need to be able to remotely deploy the software across any devices that your employee will use to access the company network, which may include their personal cell phone.
Ease Of Management
Many modern antivirus software solutions are cloud-based. A cloud-native architecture means that most of the analysis workload and the software management sit on one platform in the cloud. This means that the software takes up less space on the system, reducing its impact on system speed. It also usually includes a remotely-accessible dashboard, which allows administrators a comprehensive overview of what’s going on behind the scenes, as well as access to settings, updates and scanning tools, within one convenient interface. From here, admins can track threats across all protected machines, no matter where they’re based.
Automatic updates are a must here—antivirus is designed to run in the background with as little disturbance to the user as possible, and constant update requests contradict this purpose.
User-friendly solutions will also allow users and admins to pivot intuitively through information, rather than having to search for something specific. On the same note, threat alert emails should include quick links to all related information in the console, so that users don’t have to waste valuable time in searching for answers. When it comes to malware protection, every minute counts.
This is why, last but not least, it’s crucial that the solution includes 24/7 customer support. If something goes wrong, or you don’t understand a particular message from the software, you need to be able to fix it as quickly as possible.
Level Of Threat Protection
You need to find a solution that will cover you against emerging and unknown threats, as well as known attacks. Most cloud-based solutions are able to offer this, as they utilize machine learning technologies to crowdsource their threat intelligence: when an unknown threat is found on one system, all other systems covered by that solution are warned against it.
A good antivirus software solution should offer layered protection against advanced threats across the three main endpoint layers: file, network and application. This is because it’s important to cover all paths of entry that cybercriminals may choose to take. “The file layer protects against infected media like a USB drive,” explains VIRPE’s Norton. “The tougher attack vectors to cover are the other two. The application layer protects against malicious scripts, web code and social engineering, for example. Finally, the network layer may have the toughest tasks of stopping bad URL links, web exploits, browser extension attacks, and hijacking or redirecting internet queries.”
At the file level, the solution should offer proactive protection through real-time prevention scanning and removal. Your software shouldn’t just remove threats that have already infiltrated your device, but it should also prevent threats from entering the system in the first place. Here, the software can use signature-based detection to compare pieces of code in each file to its database of known malicious code. Finally, it’s important that admins can configure a list of exclusions, which are certain files or services that shouldn’t be blocked even if flagged as suspicious, such as backup files.
At the network level, your software should implement DNS (domain name system) filtering to block malicious websites and filter harmful content. This will include a malicious URL blocker to prevent web exploits and protect browser extensions. The DNS filter should work in tandem with an intrusion detection system (IDS), which monitors the network for malicious activity and policy violations and reports suspicious activity to an administrator, either directly or through an event management system. Norton says that the network layer is the most common attack point, with businesses facing high rates of phishing campaigns and bad URL tactics every day. On top of this, Norton says, businesses should consider “the exploits that can be pulled down from the web and the fact that DNS resolver servers are under constant attack from cybercriminals who want to redirect the web traffic for their own uses.”
At the application layer, the software should use a combination of active process protection and a host intrusion prevention system (HIPS) to monitor and analyze the machine’s critical systems and network packages for malicious content. This is particularly important, as this is where the machine’s crucial operating data is held.
It’s also important that your chosen solution includes email protection to detect and remove known bad URLs and attachments delivered through phishing attempts. Verizon’s 2019 Data Breach Investigations Report (DBIR) found that 94% of malware is delivered via email, so this is a really crucial feature. However, it’s important to note that this alone isn’t enough to protect your email system; you should also invest in a separate email security product advanced threat protection to better remediate phishing, business email compromise and zero-hour attacks. For more information on this, take a look at our Email Security Guide for Business.
Finally, antivirus software can do this by implementing reactive file scanning, system scanning, and real-time web browsing protection that warns users against suspicious or malicious content before they’ve even opened the page or file.
Compatibility With Different Devices
Mobile devices and laptops are often considered the most vulnerable entry points into corporate networks, because it can be more difficult to manage updates across these devices—particularly if users are working from their own personal devices, rather than corporate-issued ones. For this reason, it’s crucial that your antivirus software has mobile device management (MDM) capabilities and is compatible with Windows, Mac, Linux, Android and Apple iOS.
The best solutions offer remote device encryption, registration and wiping. Some solutions even offer an app-based VPN for mobile devices, reducing users’ digital footprint and securing their web-based communications.
Third-Party Patch Management
A patch is a change or set of changes to a computer program or application that’s designed to fix vulnerabilities or bugs within the program. Patch management is the process of downloading, testing and deploying patches to make sure that systems stay updated and are always using appropriate, working patches. Strong antivirus software automates this process, making sure that third-party applications such as Adobe, Apple, Google and Oracle Java are automatically updated and secured. Hackers often target outdated apps, so it’s important that vulnerabilities are protected as soon as possible.
Efficiency
Because most antivirus solutions today are cloud-based, they don’t usually consume too many system resources. However, this isn’t always the case. It’s important that you choose a lightweight antivirus that updates itself and doesn’t drain your device’s resources, causing it to slow down. If the solution you’re considering is known for slowing systems, it’s important to check that you’re able to configure when the software runs scans. Scanning is what causes a system to run more slowly; if you’re able to configure them to run out of work hours, they won’t affect your ability to work efficiently.
Automation also improves efficiency as it saves users and security teams time authorizing process that could otherwise run without it. For example, if a known threat is detected, the software should automatically be able to block it without having to request permission from the user to do so. Instead of requesting permission each time, the software should generate email alerts and reports of blocked content for the user or security team to review.
Summary
As cyberattacks become more advanced, so too must our lines of defense. Unfortunately, there isn’t one all-powerful solution that will defend a network against cybercrime; we have to implement multi-layered solutions that combine human and artificial intelligence at every level of the organization. This includes securing all endpoints, which allow hackers potential access to the whole network. Antivirus software usually makes minutes to deploy, and is relatively inexpensive when compared with the price of a data breach. If you’d like some advice on which solutions are best suited to your organization, take a look at our guide to the Top 10 Antivirus Software For Small Businesses. Don’t be one of the 23%.