Malvertising is so much more than a buzzword. Malware served to you by online advertisements represents a significant threat. In fact, it's so significant that Craig D. Spiezle, president and executive director of the Online Trust Alliance (OTA), appeared at a Senate homeland security and governmental affairs committee hearing in May, 2014, to stress the extreme nature of the statistics:

The OTA saw the incidence of malvertising increase by more than 200 percent in 2013, resulting in an estimated 12.4 billion malicious advertising impressions. (And that was in 2013.)

Spiezle noted that the boom in online ad revenue (in 2013, related revenues hit almost $43 billion, according to Information Week) has been accompanied by a boom in malvertising that has affected thousands of unsuspecting consumers. Sites like Google, Facebook and The Wall Street Journal have all served up malicious ads, Spiezle said.

That same year, in June, an investigation found that domains belonging to Disney, Facebook and The Guardian had led visitors to ransomware, placing those individuals in an incredibly precarious position. You can only imagine how greatly the threat is multiplied when you're part of a network being accessed by an entire organization full of individuals.

Malvertising Protection: A Necessary Effort

The types of threats malvertising presents are as broad as those from malware of any sort, because it's just the initial avenue into your computer or network, describes Jennifer Allen, Twinstate's Red Team manager.

And that broad nature is what makes protection a challenge. As Rahul Kashyap wrote for Wired, "Malvertising is a tough problem to solve and its unsettling prevalence requires a concerted defense effort spanning a lot of stakeholders, including website operators, ad networks themselves and consumer and business audiences worried about protecting personal information and staving off the next data breach."

You can be part of the effort.

Taking on Malvertising in Your Business

So how do you get started? Well, according to Allen, you've already completed the first step: understanding there's a threat.

"You don’t want to just click on ads, even in reputable sites, because they might not lead into a reputable site itself — and sometimes they don't need to lead to a site at all; you viewing the ad is enough," Allen says.

"Even if both the site serving the ad and the site it's leading to are reputable, their operators might end up being complicit in providing malicious code to the end user without anyone even realizing it." Understanding this, Allen emphasizes, is the correct first step to protection.

Next, establish the regular purchase and update of a high quality antivirus and antimalware software. This software won't always protect you fully, but it's a step in the right direction, Allen explains.

Another option? A host-based firewall. A lot of host-based firewalls will actively scan your connection, so if you're using a browser, it may be scanning the traffic for known threats. It's important to bear in mind that "known threats" are the only type any of these options can discover, and unknown (new) threats appear every day. That means you're always just slightly behind the threat actors, and you may want to consider increasing your overall network security.

A browser plugin that helps stop the display of ads can be helpful, but some of these may also decrease functionality for certain sites. "If you can compromise your normal online behavior to stay safe, a plugin can work," says Allen.

Beyond these options, consider investing in privacy and security consulting and endpoint protection services, and check out this guide from OTA. The more protection you have, the better.

What to Avoid

Though it would be a relief to know that you could trust any malvertising solution, it's not the case. There are features that make some solutions unequivocally better than others.

"You want to avoid something, in terms of endpoint protection, that isn’t subscription based, because that lack of subscription indicates the solution is not accounting for the future," says Allen. "If your solution could catch everything that had been a threat between 1970 and today, it wouldn't matter. It needs to be actively updated so it can catch new threats."

Allen's other advice?

Check all vendor quotes for accuracy to ensure you are getting only what you've discussed and at a reasonable price.

Avoid snake oils, or anything claiming to be a cure-all solution.

And always request a consultation.

When you do choose your solution, you'll be fighting the good fight: you'll be both contributing to the greater efforts in the malvertising war — and marching confidently toward the ultimate goal of helping your company stay protected, compliant and efficient.