The Best Practice to Use To Reduce Malware Effects on a Machine. This can be described as:
Only authorized devices should have access to main systems. Devices that are pre-approved should only be allowed to connect. It is not permissible to connect personal USB, music players, smartphones and other devices. To ensure that your device is safe from malware, it must be scanned.
Patching and regular updates to the operating system: Each organization should have a common policy regarding patching and updates. The policy should outline the procedures for looking for patches from vendors and name the person responsible for patching and monitoring devices after updates/patching.
Updated Antivirus: Anti virus programs must be set to automatic updates so that the latest virus definitions are available and that scan engine engines can be used. You should ensure that all devices are updated on a regular basis as one vulnerable machine could cause total security failure.
Monitoring should be done for changes: Any change should not cause unexpected behavior in devices that could lead to security breaches. Every change should be thoroughly evaluated and a rollback mechanism should be in place in the event of failure.
Local firewall for machines: Each machine, including laptops and mobiles, should have a firewall that detects incoming and outgoing data. It will also keep track of updates.
Vulnerability scanning is a key part of the mitigation of threat. Any tool or script can be used to imitate malware behavior and the scan results are used to analyze which loopholes and weak spots are present on the machines. It is important to immediately secure any vulnerable machine.
Proxy servers and web content filter should be used. These can stop users from being unknowingly redirected to malicious websites. Only Web server can connect to the internet via HTTP or HTTPS protocols.
Email filter: Only allow malicious attachments to be sent and should be monitored.
Log monitoring: Only firewalls, anti-virus software and firewalls are allowed to monitor logs. Not recommended as a last resort against malware. Logs from firewalls, proxy servers, DNS servers, etc. Monitored on a daily basis.
What happens if machines get infected? It is imperative that all data sent to other networks be stopped immediately. Logs can be used to determine which systems were affected. If you find any software or utilities that are not working, start to analyze them and if possible remove them.