There has been plenty of press about Meltdown and Spectre, and it's important that small businesses pay attention to these two flaws. These recently discovered security vulnerabilities impact many popular devices because they exploit processors, which are present in any type of computing device. Much of the attention was focused on iPhones and Macs given their popularity, but users of Windows PCs and other mobile devices should pay attention as well.
Fortunately, there isn't reason to panic or go analog. Companies have been quick to mitigate the issues through software patches, and there has been no known case of a hacker exploiting these vulnerabilities to wreak havoc. If you're wondering what this means for the day-to-day operations of your business, here's a brief rundown.
Is my device secure?
Hardware and software companies have moved very quickly on patches. Google has a comprehensive blog post that details the impact on its platforms. The key takeaway is that G Suite apps are safe, and Chromebooks should be updated to version 63. For more technical users, you'll want to learn more about site isolation capabilities of the Chrome browser. The latest Android security patch includes a fix, so check with your manufacturer about an update timeline.
Apple has issued patches for iOS and macOS. It also patches Safari on an older Mac that's running Sierra or El Capitan. This way, if you have an iMac that's a workspace hub or used for customer transactions at the front counter, it's covered.
On the Windows front, Microsoft has issued a Windows update, but there are reports of PCs going haywire. It's best to check with the manufacturer. They should have specific documentation about patches, such as these updates from Lenovo and Dell. To fully protect Windows PCs you'll probably need to apply multiple software patches and update the BIOS or firmware. And you'll want to make sure those updates work with your current antivirus software. You might even need to edit the registry on affected PCs to block security updates for those devices.
For companies with multiple PCs that can be a lot to keep track of. To address that issue, Microsoft is releasing a new set of tools, called Windows Analytics service, to help Windows admins assess what they need to do to protect their PCs. It collects data from an organization's registered devices and displays a protection status on a dashboard. This is available on Pro, Enterprise and Education editions of all supported desktop versions of Windows (7, 8.1, 10).
If your company uses a public cloud for its data, like Amazon Web Services, Microsoft Azure, or Google Cloud, check with your provider. But the work has been pretty fast and furious on those fronts as well as the companies want to ensure customers' data is safe.
What does this change?
The lack of any known instances of Spectre or Meltdown being used for nefarious purposes means that outside of the usual diligence you have about security, there is no reason to assume the worst.
Keep fulfilling those orders and meeting customer needs. While the devices we all use every day are built to be operated in a simple manner, there are incredibly complex processes going on behind the scenes.
Staying up to date on new security vulnerabilities and installing the latest patches will continue to be a good practice.