In May 2014, users of the Avast community-support forum received a surprise. The forum was offline after being hacked. Their user nicknames, email addresses and passwords were compromised.
The antivirus firm Avast protects more than 200 million people, mobile devices and computers with security applications. Its CEO Vince Steckler went to the company’s blog to address the users concerns. He quelled fears by telling users that only the community support forum was breached, less than 0.2 percent of the business’ 200 million users were affected and the attack didn’t jeopardize payment, license or financial systems or other data.
Avast is not the first antivirus company to face security concerns. Symantec revealed in 2012 that hackers breached its servers and took off with some of its source code.
“We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security,” Symantec said on its blog when responding to a New York Times cyber-attack. “Anti-virus software alone is not enough.”
Sadly, antivirus software seems to have become the default security mechanism used to protect against IT threats for most users today. This is a problem because antivirus can gives users a false sense of security, which can breed hubris for the most dangerous threats that threaten their private or critical data.
As we’ve seen, even antivirus providers can become susceptible to hackers and malicious attacks. Yet, users often believe they don’t need to back up their data because their computers are protected with a “magic impenetrable shield” that protects them from all outside threats. This is equivalent to the belief that wearing a seatbelt gives you the luxury of driving recklessly.
Antivirus software is only effective against malware and viruses that have been identified and blocked in the past. They are completely powerless against unknown IT threats of the future.
Antivirus is also incapable of protecting users from IT threats that exist outside of the software’s scope. For example, if someone breaks into your house and steals your computer and unencrypted external drives, your antivirus software can’t do much to protect you.
Ultimately, all computer security comes back to the fundamentals. Yes, it’s good to have an antivirus on your computer as an added form of protection. But this should never be seen as a replacement for a proper, secure, automated and redundant off-site backup plan.
No matter how good these services get, antivirus will never replace backup. Even antivirus providers recognize and acknowledge this fact. That’s why many antivirus companies include some form of basic backup service as an additional precaution.
- It’s important to make sure that your backup plan – however you choose to implement it – has the features that your business needs. For instance:
- All data should be encrypted locally before transfer to off-site storage.
- You should maintain redundant copies of your off-site backups, in addition to a local copy.
- Once sent off-site, it should be impossible to decrypt your data without your private password.
- You should know where your data is being stored, and what precautions are in place to protect it at the remote datacenter or off-site storage facility.
- If you outsource your backups, your provider should offer live phone support in the event of an emergency. A stressful data disaster is no time to be Googling for complicated instructions.
It’s true that a weak backup is better than no backup at all, but it’s also important to remember that having inadequate backup can be just as bad as relying exclusively on antivirus as your only method of protection.
When it comes to protecting your computer and your priceless data, the fundamentals of effective IT protection remain the same as they’ve been for decades. Antivirus is simply not (and was never intended to be) a magic pill to fix all problems.
Leave a Reply