Cybersecurity researchers recently announced the discovery of two major security flaws that could allow hackers to bypass regular security measures and obtain normally inaccessible data.
The flaws, referred to as Meltdown and Spectre, are both caused by design flaws found in nearly all modern processors. These vulnerabilities can be exploited to access all of the data found in personal computers, servers, cloud computing services and mobile devices.
Because Meltdown and Spectre are both caused by design flaws, experts believe that they will be harder to fix than traditional security exploits. Additionally, software patches that have already been released to help address the vulnerabilities can cause computer systems to slow down significantly, which may impact their ability to perform regular tasks.
Researchers believe that Meltdown and Spectre may be limited to processors manufactured by different companies, but also warn that the design flaws that contribute to Meltdown and Spectre have been present for years.
Key details about each flaw:
Meltdown: This flaw can be used to break down the security barriers between a device’s applications and operating system in order to access all of the device’s data. Meltdown can be used to access desktop, laptop server and cloud computer systems, and can even be used to steal data from multiple users who share one device. Although researchers have only been able to verify that Meltdown affects processors made by Intel, other processors may also be affected. Many software developers have already released updates that prevent hackers from exploiting Meltdown.
Spectre: This flaw can be used to break down the security barriers between a device’s different applications and access sensitive data like passwords, photos, and documents, even if those applications adhere to regular security checks. Spectre affects almost every type of computer system, including computers, servers, and smartphones. Additionally, researchers have confirmed that the design flaw that enables Spectre is present in Intel, AMD and ARM processors that are used by nearly every computer and mobile device. Software developers are currently working on a patch to prevent the exploitation of Spectre, but some experts believe that future processors may have to be redesigned in order to fix the vulnerability.
When Meltdown and Spectre were originally discovered in 2017, researchers immediately reported them to major hardware and software companies to work on security fixes could begin without alerting hackers. As a result, services and applications offered by companies like Microsoft, Google, Apple, and Amazon have already been updated to help defend against the flaws. However, you shouldn’t rely solely on a software patch to protect against these vulnerabilities.
Here are some steps you can take to protect your computer systems and devices from Meltdown and Spectre.
Update all of your devices immediately, and check for new updates regularly. You should also encourage your friends, family members and co-workers to do the same.
Contact any cloud service providers and third-party vendors you use to ensure that they are protected against Meltdown and Spectre. Cloud services and computer servers are especially vulnerable to the exploits, as they often host multiple customers on a single device.
Install anti-virus and firewall systems to protect against regular malware. Researchers believe that hackers need to gain access to a device in order to exploit Meltdown or Spectre, so keeping your devices free of malware can help prevent data theft.
The content of this News Brief is of general interest and is not intended to apply to specific circumstances. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and should not be relied upon as such.
Falls from heights consistently rank as one of the most frequent—and most fatal—workplace accidents. They occur so often because exposure is everywhere: any surface 6 feet or more above ground level could cause injury. Scaffolding and aerial lifts are among the most common fall sources, so it’s important to follow all safety rules.
Always wear sturdy shoes with non-slip soles when working on scaffolding.
Do not keep debris or other material on the scaffold where they present a tripping hazard.
Use your best judgment in bad weather . Do not use a scaffold in especially stormy, windy or icy weather.
Aerial Lift Safety
Never climb over or lean on guard rails.
Do not enter an aerial lift that you know has not been properly maintained.
Proper Roofing Practices
Ensure your safety at heights
Working at heights is always dangerous, but roofing is responsible for a disproportionate number of fall injuries because of the nature of the surface. You have to deal with working at heights as well as on slanted and often slippery surfaces.
Several factors combine to create hazardous work situations on roofs, including the pitch, amount of moisture, presence of dirt or sawdust, your footwear and presence of tripping hazards.
Before you begin working, your supervisor should perform an evaluation of the conditions and set up all necessary safety equipment; however, that does not mean your safety is in someone else’s hands. It’s your responsibility to take your safety into your own hands, too.
In addition to falls, roofing presents hazards to those working below. Practice good housekeeping and never drop anything off the edge of the roof.
If you feel conditions are becoming unsafe as you work—for example, it is beginning to rain and the roof is becoming slippery—notify your supervisor immediately.
Did you know?
More than one-third of fall deaths in residential construction are caused by falls from roofs. Using a personal fall arrest system (PFAS), horizontal lifeline or rope grab decreases the likelihood of a fatal fall while roofing.
Download the attached PDF to learn more and to share with others.
It’s no secret that your technology company depends on the capabilities of your computer systems to function. You should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cyber crime, including cyber attacks, cyber theft, and other computer security incidents. The average cost of a single cyber attack is incalculable—cyber attacks can directly target finances and ruin a business’ reputation.
The Risks of Web Searches
As an employer, you should educate your employees about searching for certain topics on the internet due to the risk of coming across websites encrypted with viruses or malware that could be detrimental to your computer systems. Stress that the potential for cybercrime could affect employees individually as well as the business as a whole. More than 90 percent of companies surveyed by the DOJ incurred either monetary loss, system downtime loss or both because of cybercrime, so take it upon yourself to put search engine guidelines in place.
“Simple actions your employees take could put your company’s equipment and networks at risk of cyber crime, including cyber attack, cyber theft and other computer security incidents.”
The Web’s Most Dangerous Search Terms
Common term searches conducted online one can expose your business to the risk of cyber crime. Encourage employees to avoid following suspicious results in search engines. Any result that promises free products or materials is suspect. The least risky search terms are usually health-related topics and searches about economic news. It is essential to remember that the number of dangerous search terms is ever changing. Hackers want to impact the highest amount of people with the least amount of effort, so they aim for popular search terms most. Ill-intentioned hackers also adapt quickly to the fast-paced nature of the Internet and the public circle, so oftentimes social or celebrity events popular at a given moment climb quickly to the top of the internet’s most dangerous search terms and are a high risk for infecting your company’s computers. According to the DOJ, industries considered a part of critical infrastructure businesses accounts for a disproportionate amount of computer security incidents. If your company is in any of these industries, be especially careful about internet searches to ensure computer safety and protect against a potentially devastating loss, both monetary and in down time:
Chemical and drug manufacturing
Computer system design
Your business is at stake, download and share this PDF with your employees.
A tragic accident highlights why liquor liability is such a high-priority concern for alcohol-selling establishments. According to a report by WYFF News 4, in South Carolina, a drunk-driving crash killed three people. The mother whose 17-year-old daughter died in the collision is suing…
Construction workers suffer more electrical burns and fatal electrical injuries than workers in all other industries combined, but many of these incidents could have been prevented with the implementation of proper ground-fault protection practices.
As a property manager, you handle a large volume of personal information. Not only do you have to keep existing tenants’ information on hand, but you also have information collected from prospective tenants during the rental process. Sensitive personal information, like social security and driver’s license numbers, are essential for, among other things, a thorough background check on possible renters. However, because of the abundance of personal information they are responsible for, more and more property managers are becoming targets of identity theft.
Business operations in the technology industry revolve around the functionality of computers, network connections and the Internet. It’s no secret that computer use comes with many risks, including damaging viruses, hackers, the illegal use of your system to attack others, the use of sensitive data to steal identities and other illegal actions. As a result, companies must respond by preventing, detecting and responding to cyber attacks through a well-orchestrated cyber security program.
Hiring young employees can bring fresh talent and innovation, giving your company an edge over your competitors. But that edge can quickly be erased, as young workers also bring additional technology risks. According to a Cisco Connected World Technology Report, 70 percent of young employees frequently ignore their company’s information technology (IT) policies.
Though social media platforms encourage users to share personal information, young workers should be actively encouraged to safeguard company data. Download the attached PDF to learn more.
Alcohol server training is a form of industry-specific education designed for servers, sellers and consumers of alcohol to prevent intoxication, drunken driving and underage drinking. The amount of server training you must have in order to legally serve alcohol varies according to the state and locality. Courses are taught by a variety of educational providers, from individuals to the state. The cost, quality and content of training can vary from program to program.