One question that keeps popping up is “how do I know if my antivirus is working?” That question is not always clear cut. What I mean here is that antivirus is just one tool meant to help keeping your business safe.
There is no one all end all for business security—I wish I could just download a piece of software on every user machine and server and say “you’re 100% safe”. But the reality of our current cybersecurity landscape is that antivirus is just one of the many tools in your cybersecurity arsenal aimed at keeping your business safe.
In addition to antivirus, you need to make sure your patches are regularly updated, your team understands the current phishing attacks targeting businesses (in some instances, there are very targeted attacks on specific business verticals), you have ‘smart firewalls’ in place, a comprehensive and tested backup solution, backup disaster recovery and an IT Support team that can help your users navigate resolving their issues so that they don’t seek their own unsafe resolution paths (the list goes on!).
While all of the things I mentioned above are critical to having adequate cybersecurity, today I want to take a few minutes walking through some tests to see if your antivirus is actually working.
The troubling truth that you might find (as we see in the field) is that antivirus will not keep your business safe 100% of the time—in fact, antivirus may only detect a portion of viruses roaming on the web.
Just like the flu virus this past season was particularly troubling because the vaccine didn’t do a very good job at keeping folks safe from getting the flu, an antivirus program is not capable of knowing what new sophisticated virus cybercriminals will create until they see signatures from the virus’ behavior.
In fact, some of the most devastating cyberattacks—including the Samsam attack that shut down the city of Atlanta recently—was not detectable by antivirus software.
The take home: you cannot simply rely on antivirus. Rather use antivirus as one of your tools in your comprehensive cyber defense.
But assuming you are taking cybersecurity seriously by investing in a comprehensive approach to business network security, how can you make sure your antivirus is working?
Test your antivirus software in real-time—every good antivirus tool includes an on-demand scanner that seeks out and destroys malware and virus infections on your computer in real-time. Your IT Support team should be able to understand the strengths of your antivirus software. They should be able to know what specifically your antivirus protects against in real-time.
While it’s too risky to simply upload malware code onto your computer nowadays (because malware has gotten so sophisticated), your IT guy should be able to explain what security experts have identified as viruses or strains of viruses that escaped your antivirus software’s performance.
Test malware blocking—to test malware-blocking ability of your antivirus, many security experts download a folder of malware samples. Antivirus protection should kick in and wipe out any malware. Note: testing antivirus software should not be done by those unexperienced. Consult a cybersecurity expert to make sure your antivirus is working well to block malware.
Test Malicious URL blocking—any antivirus worth its salt should be effectively blocking your users from landing on malicious websites. Antivirus software have databases of suspicious URLs (your IT team can and should actually update and curate a list of blocked URLs based on the types of content you want to restrict users from seeing at work).
Cybersecurity teams actually test a variety of malicious URLs to make sure antivirus is effectively blocking websites that are known to harbor malicious material. Again, you should not directly test malicious URLs without expert cybersecurity advice.
Understand antivirus lab tests—there are a variety of cybersecurity experts out there testing antivirus products. One useful way of determining whether your antivirus is working to protect your business network is by keeping up to speed with a variety of laboratories to see which solutions are the best for your business.
Since we have dedicated cybersecurity experts on staff, rest assured we are actively looking at and interpreting antivirus lab test results to determine the best security strategies (including antivirus solutions) for our clients. Is your IT team evaluating these tests?
Is your business network solely relying on antivirus to defend against growing ransomware attacks? Contact us TODAY for a free ransomware security assessment.
