What can IT departments do to minimise security risks?

  • Article

Microsoft released the 16th edition of its Security Intelligence Report last month and the results are sobering. The report offers a snapshot of trends in software vulnerabilities, software vulnerability exploits, and malicious software during the second half of 2013.

The report found that vulnerability disclosures across the industry increased 6.5% between the first half of 2013 and the second half. At the same time, about 21.2% of all reporting computers worldwide encountered malware each quarter in 2013 and the United Kingdom had the 5th most computers reporting malware encounters. Deception-based attacks, such as phishing e-mails, fake security software and ransomware that extorts money by pretending to represent law-enforcement agencies, remain prevalent concerns.

But the news isn’t all bad. Generally speaking, older versions of Windows face higher encounter and infection rates than modern models. Windows 8.1 had by far the lowest rate of infections and encounters. Using modern software and keeping it up to date with patches is the single easiest thing you can do to minimize risks for your machine.

But of course, computer security isn’t just an individual concern. Offices all over the world need to be protected too. So what can IT departments do to minimise exposure to malware, exploits and vulnerabilities?

  • Evaluate commercially available management tools, develop a plan, and implement a third-party update mechanism to disseminate non-Microsoft updates.
  •  Ensure that all software deployed on computers in the environment is updated regularly. If the software provider offers an automatic update utility similar to Microsoft Update, ensure that it is enabled by default.
  • Ensure that SmartScreen Filter is enabled in Internet Explorer.
  • Use Group Policy to enforce configurations for Windows Update and SmartScreen Filter.
  • Set the default configuration for antimalware to enable real-time protection across all drives, including removable devices.
  • Move to a 64-bit hardware architecture.
  • Identify business dependencies on Java and develop a plan to minimize its use where it is not needed.
  • Use AppLocker to block the installation and use of potentially unwanted software such as Java or peer-to-peer applications.
  • Implement the Enhanced Mitigation Experience Toolkit to minimize exploitation of vulnerabilities in all manufactured software.
  • Strengthen authentication by using smart cards.
  • Use Network Access Protection and DirectAccess to enforce compliance policies for firewall, antimalware, and patch management on remote systems that connect to a corporate network.

To learn more about Microsoft’s dedication to online safety, visit Trustworthy Computing .