The world of cyber is always progressing and it’s important that your business IT equipment is kept up to date.
Software companies periodically release updates, called patches, to correct problems or vulnerabilities in the software they provide. As these patches often address critical security issues in the software, it’s crucial that they are applied as soon as possible. These patches can be released for everything from the operating system on your mobile phone, to Windows on your PC, to the Wordpress software that might run your website. Any business that uses mobile devices, computers, web servers, or even has a hosted website should have a plan to apply patches and keep up to date. That plan may include hiring a professional to do these tasks but it’s important that someone is responsible for making sure these tasks are carried out to keep your business protected, even if you pay a third party to do the work with the software.
Recently, Microsoft released a critical vulnerability in Windows 10, an operating system that many PC users will be using on their machines. The vulnerability found in Windows 10 could allow an attacker to undermine critical protections build into the operating system and take control of the PC. Microsoft has issued a patch to correct this flaw and once you have applied it through Windows Updates, you will be protected against this attack. It is important that users of computers pay attention to messages from their operating system indicating an update is required and deal with them as soon as possible.
Popular website creation tool Wordpress allows users to apply themes and plugins to help with the design of websites running on this software. When using Wordpress, or any website builder, you need to make sure you are applying all patches released for the platform, and in the case of Wordpress or any other site builder which allows the use of third party themes and plugins, you will need to monitor for patches for these as well. Also discovered this month were vulnerabilities in two popular WordPress plugins, Infinite WP Client and WP Time Capsule. The flaws in both of these plugins allowed an attacker to bypass authentication – that is to say allowed them to log in to make changes on the owner’s website without providing a valid username and password. This would allow an attacker to take over the site, allowing them to do anything from change the content displayed to change the passwords and lock the owner out.
Both of these vulnerabilities are illustrative of the type of issue an unpatched flaw could cause your business, possibly resulting in down time of critical resources and loss of revenue, depending on the scale of any resulting damage from an attacker exploiting an unpatched weakness. Applying patches released by your software providers will keep you up to date and protected from opportunistic attackers looking for targets who have left themselves open to these exploits.
Have you had your free cyber health check yet? A complimentary cyber security health check is now included in your FSB membership. To request your free health check please call 03450 727 727.