Did you hear about the major bugs that have been found in computer processors that could allow hackers to steal sensitive data? 

We asked NCC Group, an information assurance and cyber security company, what advice they could offer to small business owners. 

Here is their guidance: 

Meltdown and Spectre vulnerabilities: guidance

At the start of 2018, cyber security researchers disclosed details of two widespread vulnerabilities in the computer processing units of many electronic devices. The vulnerabilities were shown to affect smartphones, desktop and laptop computers, and enterprise level hardware such as servers.

The potential impact of these vulnerabilities, now referred to as ‘Meltdown’ and ‘Spectre’, is that malicious code running on a device can gain access to data it does not have permission to view, such as passwords or personally identifiable information.

The UK National Cyber Security Centre has stated that although the risks are real, there is currently no evidence to suggest that these vulnerabilities have been exploited. Patches to fix the flaws are continuing to be produced for major platforms.

How do I protect myself and my business?

Device manufacturers and software providers are rolling out updates for many systems and fixes are now available for all major operating systems. It’s therefore recommended that you check for the latest updates to your devices and enable these to be downloaded automatically where possible.

In addition to searching for software and operating system updates, it may be necessary to manually install firmware and driver updates specific to your device. This is particularly important in the case of consumer desktop and laptop computers. To identify if these updates are available, contact your device manufacturer (such as Dell, HP, Acer, etc) or check their website for device-specific updates. The link below contains a list of manufacturer security advisories which contain device-specific details: 

https://spectreattack.com/#faq-advisory

Older devices and operating systems may no longer be supported, making them vulnerable to the effects of Meltdown, Spectre and other potential flaws that are yet to be discovered.

Companies utilising cloud services should also contact their providers to ensure their infrastructure has been updated with all available security patches.

You're on our blog and updates site, which is hosted by elXtr, a leading digital hub powered by the award-winning lawyers at LHS Solicitors LLP. Bringing you real law made easy.