Educate Your End Users: How to Avoid Spectre and Meltdown Hacks
As you may be aware, two new IT security vulnerabilities were recently announced. While most IT teams have familiarized themselves with Spectre and Meltdown by now, your end users may need pointers and friendly reminders to help keep their devices safe from cyber-attacks.
Here are the basics of what your employees need to know and what they can do now to stay vigilant against hackers both at work and at home.
What is affected by Spectre and Meltdown?
Spectre and Meltdown have been discovered in all modern computer central processing units. The central processing unit (CPU) of a computer is a piece of hardware that carries out the instructions of a computer program. It performs the basic arithmetical, logical and input/output operations of a computer system.
Spectre affects every single computer, server, smart phone and other devices, while Meltdown affects only computers with Intel CPU-based technology.
What is the risk?
These hardware bugs allow malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. These hardware bugs break that isolation.
The risk is that if you get a malicious software virus that can execute code running on your computer, hackers could get access to passwords stored in a password manager, emails, instant messages, Internet browser and business-critical documents.
What is being done to fix the issue?
The biggest issue with these particular vulnerabilities is that they are in the hardware and therefore cannot actually be fixed until new CPUs can be designed without the flaws.
Computer and software vendors at all levels are scrambling to release security patches to try to combat the possibility of this occurring.
The potential issue with the release of these patches is that they could in some cases slow a device down significantly. This can vary based on what you are trying to do as well as how old the device is that you are using.
What can your end users do now to avoid being hacked?
UPDATE WHEN AVAILABLE
Execute all necessary updates on devices as they become available. If you have company-supplied devices or if you own a computer at home or your own smart phone, you should be taking all necessary steps to ensure that you are updating those as the manufacturers release patches.
THINK BEFORE YOU CLICK
Think twice about clicking on any document or link you receive in email, and do not click on anything from an unknown or unexpected source.
BE VIGILANT ABOUT DOWNLOADING
Do not download any software that isn’t directly from the manufacturer's site, and again, don’t click on the link to the site. Instead, go to the site itself, locate the software and download it there.
ANTI-VIRUS AND FIREWALLS
Although not always 100% effective, make sure that you have your anti-virus protection and firewalls in place to help stop any malicious code from being run on your devices. At many organizations, the IT team will make sure these are in place for the company, but employees should ensure their home networks are protected as well.
At Loffler, we will be patching all managed devices in our managed IT customers’ environments. This is going to take some time, as some of the patches are not available yet. We are working with our vendors to confirm compatibility and will be rolling out these patches as quickly as possible, while still maintaining a disciplined approach.
Loffler delivers a tiered security approach with AV, DNS filtering and firewall content filtering to all of our IT managed services clients. We also offer security consulting to help organizations evaluate and improve their security posture, security awareness training to test and train users and security services that can further detect and respond to the significant cybersecurity threats companies face today.
In the meantime, please encourage your end users to be extra vigilant, with security top of mind, and THINK BEFORE YOU CLICK.
Mike is the Vice President of Information Technology at Loffler. He has been in the IT field since 1993 and was previously an owner of a successful IT solution provider for 12 years. Mike has managed both security and managed service teams and consulted on IT management for both large and SMB organizations. Little known fact: While in college, Mike was the lead singer for a garage band called Mojo and the Kingsnakes. This is now known as “Classic Rock."