Salem State University in Massachusetts issued a data breach warning to faculty and students on March 11.  The warning informed them that information for over 25,000 persons including social security numbers had been breached.  The breach was caused when malware, identified as Vobfus, infected the university’s human resources database.

Malware is often seen as a nuisance or a productivity inhibitor but an infected computer can pose a much great risk to organizations and it should not be overlooked.  Malware gets behind the organization’s perimeter and it can act with the credentials of legitimate users including administrators.  Just because a system is behind a firewall or in a demilitarized zone doesn’t mean it is safe as threats from the inside are just as virulent as those from the outside.  Recently, malware has been the cause of a number of recent data breaches including supermarkets, banking institutions and retailers.

Antivirus software is essential but it is only the first step in protecting against malware.  New malware and revised versions of existing malware are continually being released and antivirus signatures will miss some malware, potentially even the most dangerous ones.  Understand what normal traffic looks like on your network so that abnormalities can be quickly identified.  Take notifications from users about suspicious activity seriously and consider implementing technologies that utilize behavior based scans to detect viruses and intrusions.  Lastly, know what to do and who to call if there is a data breach